Privacy Policy

This policy applies to our website, contact forms, support channels, and software products, including Quotr, MQTTDeck, and Mainbridge Access. Where a customer uses our products to process information about its own customers, staff, suppliers, devices, or systems, the customer remains responsible for having the rights and notices needed to provide that data to us.

Some Mainbridge products are intended for business use. They are not directed at children under 18, and we do not knowingly collect personal information from children.

We collect information that is reasonably necessary for our business, including:

• contact details, such as name, email address, phone number, company name, and role
• account details, such as login identifier, authentication status, plan, and product preferences
• billing details, such as billing name, address, invoice history, GST status, and payment status
• communications, including contact form messages, support requests, feedback, and complaint records
• technical data, such as IP address, device type, browser, operating system, approximate location from network data, logs, diagnostics, and security events
• usage data, such as product features used, timestamps, account activity, and error reports

We do not intentionally collect sensitive information unless it is required for a specific support or product purpose and you have provided consent or the law otherwise permits it.

Our products may process operational data that can contain personal information. For example, Quotr may process customer, job, quote, invoice, and payment status information. MQTTDeck may process MQTT connection profiles, broker details, topics, message payloads, and debugging history. Mainbridge Access may process database connection profiles, query history, audit logs, environment labels, export history, and operational metadata.

You should not enter passwords, API keys, private certificates, database credentials, or other secrets into free text fields unless the product specifically asks for them in a secure credential field. Where products store credentials or connection details, we use reasonable technical and organisational controls appropriate to the product design.

We collect personal information:

• directly from you when you contact us, register, subscribe, pay, request support, or use a product
• automatically when you use our website or products, including through logs and cookies
• from service providers that support our products, billing, communications, security, and operations
• from a business customer or administrator that invites you to use a Mainbridge product

We hold information in secure systems operated by us and our service providers. This may include cloud infrastructure, email systems, support tools, billing systems, backups, and local product storage depending on the product you use.

We use and disclose personal information to:

• provide, maintain, secure, and improve our website and products
• create accounts, authenticate users, manage subscriptions, and process billing
• respond to enquiries, support requests, complaints, and security reports
• send service, account, billing, security, and product lifecycle notices
• monitor reliability, investigate faults, prevent misuse, and protect our rights and systems
• meet legal, tax, accounting, regulatory, and dispute-resolution obligations

We do not sell personal information. We may disclose information to cloud hosts, email providers, payment processors, analytics providers, security providers, professional advisers, regulators, courts, law enforcement, and acquirers or successors if our business or assets are reorganised or sold.

We use Australian and overseas service providers. Based on our current operations, personal information may be disclosed to or processed in Australia, the United States, Singapore, and other countries where our service providers operate support, security, email, hosting, analytics, or billing infrastructure.

Current provider categories include Amazon Web Services for cloud hosting and email infrastructure, Circumvend-operated email delivery infrastructure for the website contact form, domain and DNS providers, payment processors where paid products are offered, and analytics or error monitoring tools where enabled for a product or website.

Before disclosing personal information overseas, we take reasonable steps to assess the provider, use contractual protections where practicable, and limit access to what is needed for the provider to perform its services. We review this section when our provider stack materially changes.

We only send commercial electronic messages where we have consent or where the law permits it. Marketing messages will identify Mainbridge as the sender, include current contact details, and include a clear unsubscribe option.

We action unsubscribe requests within 5 business days. Opting out of marketing does not stop service, account, billing, or security messages. We do not use pre-ticked boxes for newsletter sign-up.

Our website and products may use cookies, local storage, and similar technologies for essential functionality, security, session management, preferences, diagnostics, and usage analytics. Where we use analytics, we aim to collect only what we need to understand performance and improve the service.

You can control cookies through your browser settings, but disabling some cookies may affect login, security, or product functionality.

We retain personal information only for as long as reasonably needed for the purposes described in this policy, unless a longer period is required by law. As a guide:

• contact form and support records are generally kept for up to 24 months after the last interaction
• account and product records are kept while the account is active and for a reasonable period after closure
• billing, tax, and invoice records are generally kept for 7 years
• security, audit, and system logs are generally kept for 30 days to 24 months depending on risk and product requirements
• backups may retain deleted information for a limited backup cycle before being overwritten

When information is no longer required, we take reasonable steps to delete, destroy, or de-identify it.

If you have a privacy complaint, contact us first and describe the issue and outcome you are seeking. We will acknowledge your complaint promptly, investigate it, and aim to respond within 30 days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au.