Privacy Policy

1. Who We Are

Clearway Apps is a trading name of Kilkelly Enterprises (ABN 82 862 013 361), based in Perth, Western Australia, Australia. We operate web-based software applications including FounderForge AI and Flatmate Flow. References to "we", "us", or "our" in this policy refer to Kilkelly Enterprises.

This policy explains how we collect, use, store, and share your personal information when you use our services, and the rights you have over that information. It applies to users worldwide.

Contact: admin@clearwayapps.com.au

2. What Information We Collect

We collect the following categories of information:

• Account information: Your name, email address, and password (hashed) when you register, or your profile data when you sign in via a third-party provider such as Google OAuth.
• Content you create: Business plans, household data (bills, chores, expenses, shopping lists, calendar events, polls, notices), notes, and other data you input into our apps. This data is stored securely and linked to your account or household.
• Usage data: Information about how you use our services, including pages visited, features used, actions taken, device type, browser, operating system, approximate location derived from IP address, and access timestamps.
• Payment information: If you subscribe to a paid plan, payment is processed by Stripe. We do not see or store your full card details — Stripe handles all payment data under its own privacy policy. We receive limited metadata (such as the last four digits of your card, billing country, and subscription status).
• Communications: If you contact us by email or through in-app forms, we retain that correspondence and any information you include in it.
• Cookies and local storage: Session tokens, authentication cookies, and minimal local-storage data needed to keep you signed in and deliver the service.

We do not knowingly collect sensitive categories of personal information (such as health, biometric, or racial/ethnic data). Please do not submit such information into our apps.

3. How We Use Your Information

We use your information to:

• Provide, operate, maintain, and improve our services;
• Associate your content with your account or household and keep it accessible to you;
• Process payments and manage your subscription;
• Respond to support requests and enquiries;
• Send essential service communications (billing, security, changes to terms);
• Detect, prevent, and respond to fraud, abuse, and security incidents;
• Comply with our legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your content to train AI models. We do not share your personal information with third parties for their own marketing purposes.

4. Legal Bases for Processing (GDPR / UK GDPR)

For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, our legal bases under the EU General Data Protection Regulation (GDPR) and UK GDPR are:

• Contract performance — processing necessary to provide the services you have signed up for;
• Legitimate interests — improving our services, preventing fraud, ensuring security, and understanding how our apps are used (balanced against your rights);
• Legal obligation — where we are required to process data to comply with applicable law;
• Consent — where you have given explicit consent, such as for optional marketing communications. You may withdraw consent at any time.

5. Data Storage, Security, and Retention

Your data is stored on the infrastructure of our trusted cloud providers: Supabase (database, authentication, and storage for Flatmate Flow) and Base44 (app platform and storage for FounderForge AI). These providers maintain industry-standard security controls including encryption in transit (TLS) and at rest.

We take reasonable technical and organisational measures to protect your personal information from unauthorised access, disclosure, alteration, or loss — including access controls, row-level security, least-privilege permissions, and regular review of our providers' security posture. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Retention: We retain your data for as long as your account is active, or as needed to provide our services and comply with legal, accounting, or reporting obligations. When you delete your account, your personal data and content are deleted within 30 days, except for data we are legally required to retain (such as transaction records, which we retain for 7 years under Australian tax law). Backups containing residual data are purged on their regular rotation cycle (typically within 90 days).

Breach notification: If we become aware of a data breach that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) as required by the Privacy Act 1988 (Cth), and any other supervisory authorities required by applicable law (including supervisory authorities under the GDPR) within the applicable legal timeframes.

6. Third-Party Services (Sub-processors)

We use the following third-party services, which may process limited personal data on our behalf:

• Supabase, Inc. — database, authentication, and hosting for Flatmate Flow (processing may occur in the United States and Europe).
• Base44 — app platform and hosting for FounderForge AI.
• Vercel, Inc. — web hosting and content delivery.
• Cloudflare, Inc. — DNS, CDN, and security.
• Google LLC (Google OAuth) — optional third-party sign-in.
• Stripe, Inc. — payment processing for paid subscriptions.
• Anthropic, PBC and OpenAI, L.L.C. — AI model providers used to generate content within FounderForge AI. Inputs submitted to these models may be processed by these providers under their own terms (we use API tiers that contractually prohibit use of inputs for model training).
• Email and analytics providers — transactional email and anonymous/aggregated usage analytics as needed to operate the services.

We do not authorise these providers to use your personal information for their own purposes. Each provider is bound by its own privacy policy, which we encourage you to review.

7. Cookies and Tracking

Our apps use cookies and similar technologies (including local storage) for essential purposes — session management, authentication, and remembering your preferences. We do not use third-party advertising cookies and we do not track you across unaffiliated websites. You can control cookies through your browser settings, though disabling essential cookies may prevent parts of our services from working.

8. International Data Transfers

Because our service providers operate globally, your personal information may be transferred to, stored in, or processed in countries outside your own — including the United States, the European Economic Area, and other jurisdictions. These countries may have data-protection laws different from your own.

Where we transfer personal data out of the EEA, United Kingdom, or Switzerland, we rely on lawful transfer mechanisms, including the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, along with supplementary measures where necessary. By using our services, you acknowledge and consent to such cross-border transfers where permitted by your local law.

9. Your Rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you;
• Correction — request correction of inaccurate or incomplete data;
• Deletion / erasure — request deletion of your personal data ("right to be forgotten"). You can also delete your account and all associated data directly from within the app settings;
• Portability — request your data in a structured, machine-readable format;
• Objection / restriction — object to or request restriction of certain processing activities, including profiling;
• Withdraw consent — where processing is based on consent, you may withdraw it at any time;
• Complain — lodge a complaint with your local supervisory authority (see Section 10).

California residents (CCPA / CPRA): You have the right to know what personal information is collected, sold, or shared; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information; the right to limit the use of sensitive personal information; and the right to be free from retaliation for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.

Other US state residents (including Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws) have similar rights to access, correct, delete, and port their personal information, and to opt out of targeted advertising and profiling. We honour these rights regardless of state.

Canadian residents (PIPEDA / Quebec Law 25): You have rights to access and correct your personal information and to withdraw consent to its processing, subject to legal or contractual restrictions.

Brazilian residents (LGPD): You have rights of confirmation, access, correction, anonymisation, portability, deletion, and information about sharing, as set out in the Brazilian General Data Protection Law.

New Zealand residents are protected by the Privacy Act 2020 and have equivalent access and correction rights.

To exercise any of these rights, contact us at admin@clearwayapps.com.au. We will respond within the timeframe required by applicable law (generally 30 days, extendable where permitted). We will not discriminate against you for exercising a privacy right.

10. Supervisory Authorities and Complaints

If you believe we have mishandled your personal information, please contact us first so we can try to resolve your concern. You may also lodge a complaint with:

• Australia — Office of the Australian Information Commissioner (OAIC): oaic.gov.au;
• EEA — the data protection authority in your country of residence, work, or where the alleged infringement took place;
• United Kingdom — Information Commissioner's Office (ICO): ico.org.uk;
• United States (California) — California Privacy Protection Agency (CPPA).

11. Children's Privacy

Our services are intended for users aged 18 and over. We do not knowingly collect personal information from children under 16 (or the equivalent minimum age of digital consent in your jurisdiction). If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Automated Decision-Making and AI Outputs

FounderForge AI generates outputs using large-language-model providers. These outputs are produced automatically from your inputs but are not used to make automated decisions that produce legal or similarly significant effects about you. AI outputs are informational and should not be relied upon as professional advice — see our Terms of Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy here with a new effective date and, where practicable, by email or in-app notice. Continued use of our services after changes take effect constitutes your acceptance of the updated policy.

14. Governing Law

This Privacy Policy is governed by the laws of Western Australia, Australia, and applicable Australian federal privacy law including the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Nothing in this policy limits your rights under any other applicable privacy law that applies to you, including the EU/UK GDPR, the CCPA/CPRA, PIPEDA/Law 25, or the LGPD.

15. Contact Us

Kilkelly Enterprises
Trading as Clearway Apps
Perth, Western Australia, Australia
Email: admin@clearwayapps.com.au