Our privacy policy and how we use your data
Last updated: 30 January 2026
Wollemia Pty Ltd (ABN 35 692 226 323) ("we", "us", "our") operates Cavuno (cavuno.com). This policy explains how we collect, use, and protect personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). This policy also covers data collected on job boards operated by Cavuno customers on behalf of their organisations. For information about cookies and tracking technologies, please see our Cookie Policy.
Wollemia Pty Ltd is the data controller for personal information collected through the Cavuno platform, including account data, billing information, and usage analytics.
For personal information collected from visitors to customer-operated job boards (such as job alert subscriptions), the customer is the data controller and Wollemia Pty Ltd acts as a data processor. Customers are responsible for ensuring they have appropriate legal bases for collecting visitor data and for informing their end users about how their data is processed.
When you create an account, we collect your name, email address, and password. If you create or join a team account, we also collect your team or organisation name.
We collect information related to your job board setup, including site name, domain, branding preferences, configuration settings, analytics tracking IDs, custom domain settings, and SEO metadata.
We store job listings and company profiles that you create or upload to the platform, including AI-enriched content, vector embeddings derived from this data, and associated metadata.
When visitors subscribe to job alerts on your job board, we collect their email address, consent record, IP address, and user-agent at the time of subscription.
Payment details are processed and stored by Stripe. Stripe stores your payment method details, billing address, and transaction history. We store a reference to your Stripe customer ID and subscription status. We do not store full credit card numbers.
We collect information about how you use the platform, including pages visited, features used, device information, IP address, browser type, referral source, geographic region (derived from IP address), session duration, and interactions with specific features. Analytics data is pseudonymised where possible and aggregated for reporting purposes.
When you use location-based features such as job location search, we process location queries through Mapbox. We do not store precise geolocation data.
We automatically collect error reports and performance metrics through Sentry, which may include request URLs, browser information, and stack traces. This data is used solely for debugging and improving service reliability.
We use Cloudflare Turnstile to protect forms from automated abuse. This service may collect device and browser characteristics to distinguish human users from bots.
We use the information we collect for the following purposes:
We process data using artificial intelligence services from OpenAI and Anthropic. When you use AI features, relevant content (such as job descriptions, company information, or design preferences) is sent to these providers for processing. AI providers may process this data on servers located outside Australia. We do not send personal account information (such as your email or password) to AI providers.
We process personal information on the following legal bases:
We use the following third-party services to operate and improve Cavuno. Each service may process certain personal information on our behalf:
Each provider processes data in accordance with their own privacy policy. We encourage you to review their policies.
We may update our third-party service providers from time to time. Material changes to data processing arrangements will be reflected in updates to this policy.
Account data is retained for the duration of your account. Upon deletion request, account data is removed within 30 days.
Job board content (listings, company profiles, blog posts) is retained for the duration of your subscription and deleted within 30 days of subscription termination, unless you request earlier deletion.
Job alert subscriber data is retained until the subscriber unsubscribes or you delete the subscriber record.
Analytics and usage data is retained in aggregated form and is not personally identifiable after 26 months.
Error logs and performance data collected by Sentry are retained for 90 days.
Billing records may be retained for up to 7 years as required by Australian tax law.
Vector embeddings derived from your content are deleted when the source content is deleted.
Backup data may persist for up to 30 days after deletion from primary systems.
You may request deletion of your data at any time by contacting us at hi@cavuno.com.
We implement reasonable security measures to protect your information, including:
We require our third-party service providers to maintain appropriate security measures. Access to production systems is restricted to authorised personnel and governed by the principle of least privilege.
However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
Our service is hosted and operated using third-party providers that may process your data outside of Australia, including in the United States. Where your data is transferred internationally, we take reasonable steps to ensure that the recipients of your information maintain data protection standards consistent with Australian Privacy Principle 8.
Our primary third-party providers are based in or process data in the following jurisdictions: United States (Supabase, Stripe, Vercel, OpenAI, Anthropic, Resend, Sentry, Mapbox, Google, Meta, LinkedIn), Germany (Qdrant Cloud), and other regions where our providers operate infrastructure.
We take reasonable steps to ensure that overseas recipients of your personal information comply with the Australian Privacy Principles, including assessing each provider's data protection practices and contractual commitments (APP 8).
In accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988, we will notify you and the Office of the Australian Information Commissioner (OAIC) if we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved. Notification will be provided as soon as practicable after we become aware of the breach.
Under the Australian Privacy Act 1988, you have the right to:
To exercise any of these rights, please contact us at hi@cavuno.com. We will respond to your request within 30 days.
You may also contact the OAIC at www.oaic.gov.au (opens in new tab) or by phone at 1300 363 992.
If you are located in the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR), including the right to:
To exercise any of these rights, please contact us at hi@cavuno.com. We will respond within the timeframes required by applicable law.
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:
To exercise any of these rights, please contact us at hi@cavuno.com. We will verify your identity before processing your request and respond within 45 days.
Cavuno is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected information from a child under 16, we will take steps to delete that information promptly.
We may update this privacy policy from time to time to reflect changes in our practices or for legal and regulatory reasons. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page. Your continued use of the service after any changes constitutes acceptance of the updated policy.
If you have any questions or concerns about this privacy policy or our data practices, please contact us at: