Legal

Privacy Collection Notice & Privacy Policy

Effective 12 May 2026 · Version 1.0 · Issued by Absence Pty Ltd

Plain-English summary We are an Australian company. We collect personal information about two groups of people: (1) the workplace administrators and team leaders who sign up to use Absence, and (2) the employees those customers track in our software. We use that information only to provide the service, comply with the law, and operate our business. Your data is stored in Australia, is not sold, and is handled in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You have a right to ask what we hold about you, to correct it, and to make a complaint. This page tells you how.

1. Who we are

This Privacy Collection Notice and Privacy Policy is issued by Absence Pty Ltd (ABN 886 7966 5356) ("Absence", "we", "us" or "our"), a company incorporated in Australia and operating the Absence / UPA Tracker software-as-a-service platform available at absence.cloud and app.absence.cloud (the "Service").

We are an "APP entity" for the purposes of the Privacy Act 1988 (Cth) (the "Privacy Act") and we handle personal information in accordance with the Privacy Act and the Australian Privacy Principles ("APPs").

2. Scope & the two kinds of people this notice covers

The Service is a business-to-business workforce tool. Personal information passes through it from two distinct groups, and the way we deal with that information differs for each:

Account Users — individuals who create an account, sign in, and use the Service on behalf of an organisation (typically business owners, operations managers, HR personnel and team leaders). For Account Users, Absence is the entity that decides why and how the personal information is handled.
Tracked Employees — individuals whose absence records and employment details are uploaded to the Service by an Account User's organisation (the "Customer"). For Tracked Employees, the Customer is the entity that decides why and how the personal information is handled, and Absence handles that information on the Customer's instructions in order to provide the Service. The Customer is responsible for notifying its own employees about how it uses Absence and for obtaining any consents required under the Privacy Act and applicable workplace laws.

This document is the collection notice required by APP 5 in respect of personal information we collect directly from you (whether you are an Account User, a Tracked Employee contacting us directly, a prospect, a guide download recipient, or any other individual whose information we collect).

3. What personal information we collect

3.1 From Account Users

Identity and contact details: full name, work email address, employer / organisation name, job title, phone number (if you provide it).
Account credentials: a hashed password (we never store passwords in plain text), session tokens, multi-factor authentication settings.
Billing information: organisation legal name, ABN, billing address, plan selected, billing period, invoice history. Payment card details are collected and stored by our payment processor and are not stored by Absence.
Technical and usage information: IP address, browser type and version, device type, pages visited, actions taken in the Service, timestamps, and error logs. We use this to operate, secure and improve the Service.
Support correspondence: the contents of any email, support ticket or message you send us.

3.2 From Tracked Employees (uploaded by Customers)

Identity and employment details: full name, work email, hire date, employment type, assigned team leader, role / department.
Absence records: dates and durations of unplanned absences, reason category, return-to-work status, return-to-work conversation notes, follow-up actions, and any attachments uploaded by the Customer.
Sensitive information (where the Customer chooses to record it): a Customer may flag a record as relating to a sensitive matter (for example, mental health, bereavement, harassment, or domestic violence). The Service is designed to mask the contents of sensitive notes from non-admin users and from CSV exports. We do not require this information and we do not view, analyse or otherwise use it other than to store it for the Customer.

Absence does not collect Tracked Employees' personal information directly from them through the Service. We rely on the Customer to have a lawful basis under the Privacy Act and applicable workplace law (including the employee records exemption, where relevant) to upload that information to the Service.

3.3 From website visitors, lead-magnet downloads, enquiries and prospects

Email address (and any other information you choose to submit) when you request a guide, contact us, or otherwise interact with our marketing forms.
Server logs and technical information generated when you browse our website (limited; we do not run third-party advertising or analytics trackers on our marketing pages at the date of this notice).

4. Why we collect it (purposes of collection)

We collect, hold, use and disclose personal information for the following primary purposes:

To create, secure and operate your account and provide the Service to you and your organisation.
To process subscription payments, issue tax invoices, and manage refunds and chargebacks.
To respond to enquiries, deliver guides and other content you have requested, and to provide customer support.
To monitor, troubleshoot, secure and improve the Service (including investigating misuse, fraud and security incidents).
To send you transactional and service communications (for example, password resets, billing receipts, security alerts, scheduled-maintenance notices, and product changes that materially affect you). You cannot opt out of these while you have an active account.
To send you marketing communications about Absence's products and services where you have consented or where we are otherwise permitted to do so under the Spam Act 2003 (Cth). You can unsubscribe at any time using the link in the email or by writing to us.
To comply with our legal obligations (including tax, accounting, record-keeping and dispute resolution).
To enforce our Terms of Service and protect our rights and the rights of others.

5. What happens if you don't provide it

If you do not provide the information we ask for at sign-up (name, work email, organisation, password), we will not be able to create an account or provide the Service to you. If a Customer's Account User chooses not to upload information about a Tracked Employee, the Service will simply have no record of that employee — there is no consequence to the employee from us. If you do not provide information requested for support enquiries, we may not be able to respond effectively.

6. How we collect it

We collect personal information directly from you when you fill in a form on our website, sign up to the Service, configure your account, enter or upload information into the Service, send us an email, or otherwise interact with us. We also collect technical information automatically when you use our website and the Service (such as IP address, log data and cookie identifiers).

Where it is unreasonable or impracticable to collect personal information about you directly from you (for example, where a Customer uploads your employment information as a Tracked Employee), we may collect it from a third party, in accordance with APP 3 and APP 5.

7. Cookies

Our marketing website (absence.cloud) uses a single first-party cookie to remember whether you have dismissed our cookie banner. We do not run third-party advertising trackers or analytics scripts on those pages at the date of this notice. The Service (app.absence.cloud) uses essential cookies (and equivalent storage) to keep you signed in, protect against cross-site request forgery, and remember your preferences. You can clear or block cookies in your browser; if you do, parts of the Service may not work.

8. Who we disclose personal information to

We disclose personal information to the following categories of recipients, only as needed and under appropriate contractual protections:

Your organisation. If you are an Account User, your organisation's administrator can see your account information and your actions in the Service. If you are a Tracked Employee, your information is visible to authorised personnel of the Customer that uploaded it.
Service providers (our processors). Hosting and infrastructure (see Section 9 below for data location); database, file storage and backup providers; transactional email delivery; error monitoring and logging; payment processing (Stripe Payments Australia Pty Ltd); customer support tooling; and accounting and tax providers. These providers are contractually required to handle personal information consistently with this notice and the Privacy Act.
Professional advisers. Our lawyers, accountants and auditors, where reasonably necessary.
Successors. Any party that acquires (or proposes to acquire) all or substantially all of our business or assets, subject to the receiving party agreeing to be bound by privacy protections at least as protective as this notice.
Authorities. Government agencies, regulators and law-enforcement bodies, where required or authorised by law (including under a court order, statutory notice or legal subpoena).

We do not sell personal information, and we do not disclose personal information for the purposes of third-party advertising.

9. Where your information is stored — cross-border disclosure

Customer Data (including all Tracked Employee records) is stored in Australia. We have designed the Service so that Customer Data does not leave Australia in the ordinary course.

A limited number of our service providers may, in the course of providing services to us, access or process personal information from outside Australia (including transactional email delivery, error monitoring, payment processing, and our customer support tooling, some of which are headquartered in the United States or the European Union). Where this occurs, we take reasonable steps to ensure those providers handle the information consistently with the APPs, including by entering into contractual data-protection terms.

By providing your information to us, you acknowledge that some incidental cross-border disclosure may occur as described in this section.

10. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure. Those steps include encryption in transit using TLS, encryption at rest, role-based access controls, hashed passwords, secure session cookies, cross-site request forgery protection, audit logging, and least-privilege access for our personnel. No internet-based system is perfectly secure; you should keep your password confidential and notify us immediately if you suspect any unauthorised access to your account.

11. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. If we suffer an eligible data breach involving personal information that is likely to result in serious harm, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in accordance with the scheme. For Tracked Employees, our notification will generally be made to the Customer that uploaded the relevant information, which is then responsible (as the controlling APP entity) for notifying its employees.

12. How long we keep it

We retain personal information only for as long as we need it for the purposes set out in Section 4, or for as long as required or permitted by law. As a general guide: account and Customer Data is retained while the relevant subscription is active and for a reasonable period after termination to allow data export and dispute resolution; billing records are retained for at least seven (7) years to meet our tax and record-keeping obligations; security and audit logs are retained for the period reasonably necessary for security and forensic purposes. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it.

13. Access, correction, complaints & your rights

Under the Privacy Act, you have the right to ask for access to the personal information we hold about you, and to ask us to correct it if you think it is inaccurate, out of date, incomplete, irrelevant or misleading. To make a request, please write to us using the contact details in Section 15. We will respond within a reasonable period (usually 30 days) and free of charge in most cases.

If you are a Tracked Employee, the personal information held about you in the Service is controlled by your employer (the Customer). We will generally direct your access and correction requests to that Customer in the first instance, but we will assist as required.

If you have a complaint about how we have handled your personal information, please contact us first using the details in Section 15 and we will work with you to resolve it. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner: www.oaic.gov.au · 1300 363 992.

14. Direct marketing & the Spam Act

Where we send you marketing communications (for example, our newsletter or product updates), we do so in accordance with the Spam Act 2003 (Cth) and APP 7. Every marketing email contains a clear unsubscribe link. You can opt out at any time, and we will action your request promptly.

15. Changes to this notice

We may update this notice from time to time. The "Effective" date at the top reflects the latest version. If we make a material change, we will notify Account Users by email or by an in-product notice before the change takes effect.

16. Contact us

For any privacy enquiry, access or correction request, or complaint:

Privacy Officer, Absence Pty Ltd
Email: Jesse@absence.cloud
Postal: Available on request.