Privacy Policy

Last updated: 19 May 2026.

The plain-English version. Bushpass ships as a web app at app.bushpass.com and as a desktop app you can install. Your private content — your CV, payslips, the 88-day log, your saved jobs, your email drafts — never leaves your device. On the web app it lives in your browser (IndexedDB); on the desktop app it lives in a local database on your laptop. We only see the bare minimum we need to issue your access, take payment and answer support emails. We do not sell your data, do not share it with advertisers, and do not use your CV or shifts to train AI models. You can export everything or ask us to delete your account any time.

1. Who is the data controller

The controller of personal information collected through Bushpass is the operator of Bushpass, an Australian sole trader business registered under ABN 93 228 693 498, based in Victoria, Australia. The legal entity behind the ABN is on the public Australian Business Register and can be verified at abr.business.gov.au. We can be reached at support@bushpass.com.

2. What we collect

2.1 When you buy a licence

Our payment processor (Stripe, see section 5) collects your billing details and shares with us:

your email address
your name (when provided at checkout)
your country of billing
the order ID, plan, amount and date

We use this to issue your licence key, send your receipt, and provide support. We do not see or store your full card number, expiry, or CVC.

2.2 When you sign in to the web app (app.bushpass.com)

We use passwordless magic-link sign-in: you enter your email, we email you a single-use link, clicking it issues a session cookie scoped to app.bushpass.com. On our server we store:

your email address (the same one tied to your Stripe purchase)
the SHA-256 hash of the most recent magic-link token (never the token in clear), with a short expiry
your subscription / lifetime status (mirrored from Stripe)
the timestamp of your last sign-in (lastSeenAt) — used for inactivity-driven cleanups, not analytics
whether you have given consent to our Terms and Privacy Policy (captured at checkout by Stripe and persisted as consentedAt)

No background heartbeat, no usage tracking, no per-page telemetry from inside the app. The session cookie is HttpOnly + Secure + SameSite=Lax. You can sign out from Settings → Account, which clears the cookie.

2.3 When you activate the desktop app

The desktop app sends, to our licence server:

your licence key
a randomly generated device identifier (a UUID created locally on first activation)
the activation timestamp

This is only used to bind a key to a device and prevent shared use. There is no background heartbeat, no usage tracking, and no telemetry. To move your licence to a new device, email support@bushpass.com and we'll unlock the key.

2.4 When you use AI features

When you use an AI feature (CV polish, payslip scan, eligibility scoring, email rewrite), the relevant text or document is sent to our server-side proxy and forwarded to a third-party language model (currently OpenAI) to generate the response. We do not:

store the prompt content on our servers beyond the brief moment needed to forward it,
use your inputs or the model’s outputs to train any model,
or share that content with anyone other than the language-model provider strictly to fulfil the request.

The OpenAI API is configured with the “no training” setting, meaning your prompts are not used to train OpenAI’s models. See OpenAI’s API data usage policy.

2.5 What stays on your device — both web and desktop

The following content never leaves your device:

your CV(s), the text you type, any CV PDFs you import or export
your payslip uploads (the image is sent to OpenAI Vision for extraction only — we do not persist a copy after the response returns)
your saved jobs / "interested" status / filters
your outreach drafts and any "single email" you log in the app
your 88-day work-period log
your tax-calculator inputs and outputs
your harvest-calendar entries and saved seasons
your visa preferences and personal settings

On the web app (app.bushpass.com), this content lives in your browser's IndexedDB. Closing the tab does not delete it; clearing site data in your browser does. We provide an "Export browser data" button in Settings → Account that downloads everything as a JSON file so you can carry it to another browser or to the desktop app.

On the desktop app, the same content lives in a local SQLite database on your laptop that our servers never read. If you connect an SMTP account for outreach, those credentials are encrypted at rest using your OS keychain (Keychain on macOS, DPAPI on Windows).

2.6 Web sign-in cookies and marketing-site tracking

On app.bushpass.com we set a single first-party HttpOnly cookie for your authenticated session (bushpass-session). No analytics scripts, no Pixel, no third-party tracker fires inside the app.

On the marketing site bushpass.com we run Meta Pixel and Google Ads conversion tags only on the public pages (homepage, tour, pricing, what-it-does, thank-you) for advertising attribution. These do set third-party cookies — your browser’s tracking-protection settings (or any ad-blocker) will block them without affecting your ability to read the pages or buy a pass. We mirror conversion events to Meta’s Conversion API server-side from our Stripe webhook so the signal works whether you have trackers blocked or not — but we never share more than the order amount and a hashed identifier.

Standard server logs (IP, user-agent, page, timestamp) are collected by our hosting provider for security and abuse prevention, and are kept for up to 30 days.

3. Why we use your information: lawful bases

Purpose	Lawful basis
Issue your licence, deliver the software, take payment	Performance of contract
Send you support replies, security and update notifications	Performance of contract / legitimate interest
Bind your key to a device, detect licence abuse	Legitimate interest in protecting our product
Forward AI prompts to OpenAI to deliver requested features	Performance of contract (you triggered the feature)
Comply with tax, accounting and legal obligations	Legal obligation

4. How long we keep it

Licence and order records: kept for 7 years after your last purchase (Australian tax-record obligations).
Support emails: kept for 24 months after the last reply, then archived or deleted.
Magic-link token hash: 15 minutes after creation, regardless of whether it was used.
Session cookie: 30 days rolling from last activity. You can sign out to invalidate it immediately.
Server logs: 30 days.
AI prompts in transit: not stored after the response is returned.
Local app data (browser IndexedDB or desktop SQLite): as long as you keep it on your device.
Account after deletion request: a 30-day grace period where you can cancel the deletion by signing in again, then a daily cron hard-deletes the row from our database. After that we keep only the bare minimum required by Australian tax law on the original Stripe transaction (a customer reference, the amount, the date) — your email is replaced by a non-identifying token.

5. Who we share with (subprocessors)

We use a small number of carefully chosen service providers:

Stripe Payments Australia Pty Ltd and affiliates: payment processing, checkout, receipts, the self-serve Customer Portal, fraud prevention, and (where enabled) tax calculation at checkout. Stripe privacy policy.
OpenAI, L.L.C.: AI model provider for in-app AI features (CV polish, payslip OCR via GPT Vision, eligibility scoring). Configured with no training on customer data via a signed Data Processing Addendum.
Vercel Inc.: hosting of bushpass.com, app.bushpass.com and our licence server (United States, Australian edge).
Neon Inc.: managed Postgres database for account and order data (United States / EU regions, TLS-encrypted in transit, at-rest encryption).
Resend Inc.: transactional email provider for magic links, receipts, licence keys and account-deletion confirmations.
Meta Platforms Ireland Ltd and Google Ireland Ltd: only on the marketing site (bushpass.com), for the Pixel / Google Ads conversion tags described in §2.6. Not active inside app.bushpass.com.

We do not sell, rent or trade your personal information to anyone. We never use customer content (CV, emails, 88-day log) to train models, build advertising profiles, or share with third parties beyond the strict subprocessor relationship above.

6. International transfers

Some of our subprocessors process data in the United States and the European Union. Where we transfer personal information outside Australia or the EEA, we rely on contractual safeguards (Standard Contractual Clauses for EU residents) and on the recipient’s own published security commitments.

7. Security

We take reasonable steps to protect your information: TLS in transit, hashed licence-key tokens, encrypted secrets at rest, OS-keychain storage for any email credentials, principle-of-least-privilege access on internal systems, and a short list of named individuals (currently: one) with access to production data. No system is perfectly secure; if a personal-data breach affects you we will notify you and the relevant regulator without undue delay, in line with applicable law.

8. Your rights — and the self-serve controls we built

Wherever you are, you can ask us to:

tell you what personal information we hold about you,
correct it if it’s wrong,
delete it (subject to our legal retention duties),
export it in a portable format,
stop processing it for purposes that rely on legitimate interest.

Most of these are one click inside the app under Settings → Account:

"Download my server data" — JSON dump of everything we hold on our side (email, plan, Stripe customer ID, consent timestamp, the list of magic-link events). Implements Australian Privacy Principle 12.
"Export browser data" (web app only) — JSON dump of your IndexedDB content (CV, 88-day log, drafts, preferences). Lets you move to a new browser or to the desktop app.
"Import browser data" (web app only) — re-loads a previous export, either replacing or merging.
"Delete my account" — schedules a 30-day grace deletion. Signing back in within the grace period cancels it. After 30 days a daily cron hard-deletes the row. Implements APP 13.
"Manage billing" — opens the Stripe Customer Portal so you can update payment method, change plan, cancel a subscription, or download past invoices, without going through us.

If you are in the European Union, the United Kingdom or another GDPR-aligned jurisdiction, you have the rights set out in Articles 15 to 22 GDPR, including the right to lodge a complaint with your national data-protection authority.

If you are in Australia, you can also complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Australian Privacy Principles.

To exercise any of these rights, email support@bushpass.com from the address associated with your purchase. We’ll reply within 30 days.

9. Children

Bushpass is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us personal information, contact us and we will delete it.

10. Changes

We may update this Privacy Policy from time to time. The latest version will always live at bushpass.com/privacy. If a change is material we’ll let you know by email and inside the app at least 14 days before it takes effect.

11. Contact

Bushpass · Australian sole trader business
ABN 93 228 693 498
Victoria, Australia
support@bushpass.com