CORVEXA

Privacy Policy

Effective date: 29 April 2026

Corvexity Pty Ltd ("Corvexa", "we", "us", "our") is committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, store, and disclose your personal information.

1. Who We Are

Corvexity Pty Ltd operates the Corvexa ERP platform at https://corvexity.com and app.corvexity.com. Corvexa is a cloud-based enterprise resource planning (ERP) system designed for small and medium Australian businesses.

For privacy enquiries, contact our Privacy Officer at: privacy@corvexity.com

2. What Personal Information We Collect

We collect personal information that is reasonably necessary to provide our services, including:

  • Account information: First name, last name, email address, password (hashed by Clerk)
  • Business information: Company name, ABN, business address, phone number
  • Contacts and transaction data: Customer and supplier names, email addresses, phone numbers, addresses, and transaction history you enter into the platform
  • Usage data: Login timestamps, IP addresses, browser/device type (collected by Clerk)
  • Payment information: We record payment references and dates. We do not store credit card numbers — payment processing is handled by third-party providers

We only collect information you provide directly or that is generated through your use of the platform. We do not collect sensitive information (as defined by the Privacy Act) unless required by law.

3. How We Use Your Personal Information

We use your personal information to:

  • Provide, operate, and maintain the Corvexa platform
  • Create and manage your account and your company's workspace
  • Respond to support requests and communicate service updates
  • Send important notices (security alerts, billing updates, policy changes)
  • Comply with legal obligations, including tax and financial record-keeping requirements
  • Investigate and prevent fraud, abuse, or unauthorised access

We do not use your personal information or your customers' data for marketing, advertising, profiling, or any purpose beyond delivering the Corvexa service.

4. Data Storage and Security

All data is stored in Australia on Amazon Web Services (AWS) infrastructure in the ap-southeast-2 region (Sydney, NSW). Your data does not leave Australia except as described in Section 5.

We implement the following security measures:

  • Tenant isolation: Each customer's data is stored in a logically separated PostgreSQL schema. It is technically impossible for one customer to access another customer's data
  • Encryption in transit: All connections use TLS 1.2 or higher (HTTPS enforced)
  • Encryption at rest: Data is encrypted at rest by Neon (our database provider)
  • Authentication: Multi-factor authentication is supported. Passwords are hashed and never stored in plain text
  • Access controls: Role-based permissions restrict data access within your organisation
  • Point-in-time recovery: Database backups support restoration to any point within the retention window

5. Third-Party Service Providers

We share limited personal information with trusted sub-processors who assist us in operating the platform. Each is bound by confidentiality obligations and processes data only as instructed by us:

ProviderPurposeData LocationPrivacy Policy
ClerkAuthentication & identityUSA (SOC 2 Type II certified)clerk.com/privacy
NeonDatabase storageAustralia (AWS ap-southeast-2)neon.tech/privacy
RailwayApplication hostingAustralia (AWS ap-southeast-2)railway.com/legal/privacy

We do not sell, rent, or trade your personal information to any third party for their own purposes.

6. Data Retention

We retain your personal information and business data for as long as your account is active or as needed to provide the service. Specifically:

  • Active accounts: Data is retained for the life of the subscription
  • After cancellation: We retain data for 30 days to allow for account reactivation or data export, after which all data is permanently deleted
  • Legal obligations: Where required by Australian law (e.g. tax records under the Income Tax Assessment Act), we may retain certain records for up to 7 years

7. Your Rights

Under the Australian Privacy Act and applicable law, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information and all associated business data (see Section 8)
  • Portability: Request an export of your data in a machine-readable format
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at privacy@corvexity.com. We will respond within 30 days.

8. Data Deletion (Right to Erasure)

You may request complete deletion of your account and all associated data at any time. To do so:

  1. Email privacy@corvexity.com from your registered email address with the subject line "Data Deletion Request"
  2. We will confirm your identity and process the deletion within 5 business days
  3. You will receive written confirmation once your data has been permanently deleted

Deletion removes: your account credentials, all company data, contacts, transactions, inventory, and any other information stored within your Corvexa workspace. This action is irreversible. Any data we are legally required to retain (e.g. for tax purposes) will be held securely and deleted once the legal retention period expires.

9. Data Breaches

In the event of a data breach that is likely to result in serious harm to individuals, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act by:

  • Notifying affected individuals as soon as practicable
  • Notifying the Office of the Australian Information Commissioner (OAIC) within 72 hours of becoming aware of the breach
  • Providing details of the breach, the information affected, and the steps taken to contain it

10. Cookies and Tracking

Corvexa uses session cookies strictly necessary for authentication and maintaining your login session. We do not use third-party tracking cookies, advertising cookies, or analytics tools that identify individual users. Your session data is not shared with advertisers.

11. Children's Privacy

Corvexa is a business platform intended for use by organisations and individuals aged 18 and over. We do not knowingly collect personal information from persons under 18.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and notify active customers by email at least 14 days before material changes take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or complaints, please contact our Privacy Officer:

Corvexity Pty Ltd

Email: privacy@corvexity.com

Website: https://corvexity.com

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC): oaic.gov.au/privacy/privacy-complaints

© 2026 Corvexity Pty Ltd · Sign in