Privacy Policy
Last updated: 17 March 2026
Applies to: The Dwindle cloud‑based depreciation software and related websites and support channels (together, the Service).
Dwindle Australia Pty Ltd (ABN 80 671 820 616) (Dwindle, we, us, our) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you or your Users access or use the Service.
We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where you provide us with personal information about someone else (e.g., a colleague you invite as a User), you must ensure you have authority to do so and direct them to this Policy. The terms used here align with the Dwindle Software as a Service Agreement.
1. Who we are and how to contact us
Controller: Dwindle Australia Pty Ltd (ABN 80 671 820 616)
Registered address: Lobby 1, Level 2, 76 Skyring Terrace, Newstead QLD 4006
Email (privacy & support): support@dwindle.co
2. The types of information we collect
We collect the following categories of information:
2.1. Account & Organisation information
Names, email addresses, roles, Organisation and Entity associations, and authentication identifiers for Users.
2.2. Customer Data
Information you enter or upload into the Service, including asset registers, depreciation schedules, records, and associated details. Customer Data may contain personal information if you choose to include it.
You own Customer Data. We process it solely to operate the Service.
2.3. Payment & billing information
Subscription tier, invoices, billing history, and failed payment notifications.
Credit card details are collected and processed by our third‑party payment processor; we receive only limited metadata (e.g., last 4 digits, expiry month/year) where provided by the processor.
2.4. Usage & technical data
IP address, browser details, device information, access times, pages viewed, interaction logs, and diagnostic events. Used for service delivery and improvement.
2.5. Communications
Support correspondence, feedback, and other communications you send us.
We do not intentionally collect sensitive information (e.g., health, biometric, or racial information) and the Service is not intended for children under 18.
3. How we collect personal information
Directly from you: when creating accounts, adding Users, entering Customer Data, paying Fees, or contacting support.
Automatically: through cookies and analytics tools for authentication, performance, and product improvement.
Third‑party providers: such as the payment processor and identity providers you choose to use.
You can manage cookies via your browser settings; disabling strictly necessary cookies may limit functionality.
4. Why we collect and use personal information
Provide and operate the Service, including hosting, authentication, maintenance, and functionality.
Support and secure the Service, including detecting misuse, managing outages, and responding to support requests.
Manage billing, including charging Fees via our payment processor, handling renewals, upgrades, downgrades, and refunds.
Improve the Service using aggregated and anonymised non‑identifiable analytics. We do not attempt to re‑identify individuals from this data.
Communicate with you about updates, material notices, service changes, and legal updates. You may opt out of non‑essential marketing; you cannot opt out of service or transactional notices.
Comply with law and enforce agreements, including responding to lawful requests.
5. Our role and your responsibility
You own Customer Data. We access and process it only to operate, maintain, and improve the Service in accordance with your instructions and our SaaS Agreement.
You are responsible for the accuracy and lawfulness of Customer Data you submit and for ensuring your collection and use of any personal information complies with applicable privacy laws.
6. Where we store and process data
We keep Customer Data in Australia. We won’t send Customer Data overseas unless you agree in writing or the law requires it.
Some limited account and operational information may be shared with service providers, including providers outside Australia.
7. Disclosures to third parties (sub‑processors and others)
7.1. We may disclose personal information to:
Hosting, payment, analytics, and support providers engaged as sub‑processors to operate the Service. We require them to comply with confidentiality and data protection obligations consistent with this Policy and our SaaS Agreement.
Professional advisers (lawyers, accountants) under confidentiality obligations.
Regulators, law enforcement, courts, or as otherwise required by law, where we will provide reasonable prior notice to you where permitted.
Related bodies corporate in connection with corporate transactions (e.g., merger, acquisition), subject to this Policy.
7.2. Sub‑processors:
We use third-party service providers to support the operation of the Services. We do not maintain a published list of sub-processors, however we will provide information about material sub-processors on request where required by law.
8. Direct marketing
We may send you product announcements, educational content, or offers relevant to your subscription. You can opt out at any time via the email footer or by contacting support@dwindle.co. Transactional and service‑related messages will still be sent.
9. Data security
We implement reasonable technical and organisational measures to protect personal information, recognising that no system is completely secure. Measures include access controls, encryption in transit, least‑privilege access, logging/monitoring, and employee confidentiality obligations.
10. Data breaches and mandatory notification
If we experience a data breach that is likely to result in serious harm, we will assess and notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act. We will also notify you promptly of any confirmed sub‑processor security breach affecting your Customer Data and take reasonable steps to mitigate its impact.
11. Retention and deletion
Active subscription: We retain Customer Data for the duration of your subscription.
On termination: Your access ceases immediately. We will delete Customer Data within 90 days of termination unless earlier deletion is required by you or by law. Backup copies may persist for a limited period and are deleted in the ordinary course of operations.
We may retain minimal records necessary to comply with legal, tax, and audit obligations (e.g., invoices, contract dates) after account closure.
12. Access, correction, and privacy rights
You may request access to, or correction of, your personal information by contacting support@dwindle.co. Where feasible, you can also update details in‑app. If we decline a request (for example, where providing access would unreasonably impact the privacy of others or is unlawful), we will tell you why and how to complain.
13. International users
The Service is designed and intended for Australian‑based customers operating under Australian tax law. We make no representation that the Service is appropriate or lawful for use in other jurisdictions and we do not support use in the United States or Canada.
14. Children’s privacy
Our Service is not directed to individuals under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.
15. Third‑party links and integrations
The Service may contain links to third‑party websites or allow integrations you choose to enable (e.g., identity providers). This Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review their privacy policies.
16. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the updated version at dwindle.co/privacy and provide not less than 14 days’ notice for material changes. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
17. Complaints
If you have concerns about how we handle your personal information, please contact us at support@dwindle.co. We will respond within a reasonable time. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Website: https://www.oaic.gov.au
Phone: 1300 363 992
Mail: GPO Box 5218, Sydney NSW 2001
18. Beta Service notice (where applicable)
During any Beta Service period, functionality, availability, and support may be limited and may change. Outputs are indicative only and must be independently verified before reliance. These Beta terms apply in addition to this Policy and our SaaS Agreement.
Defined terms
Capitalised terms not defined in this Policy have the meanings given in the Dwindle Software as a Service Agreement. In the event of any inconsistency between this Policy and the SaaS Agreement concerning the handling of Customer Data, this Policy governs our privacy practices, while the SaaS Agreement governs your and our contractual rights and obligations.
Annex A — Summary of key data handling practices aligned to the SaaS Agreement
Hosting & locality: Customer Data stored and processed in Australia; no overseas transfers without written consent, except as required by law.
Sub‑processors: Hosting, payment, analytics, and support providers bound by confidentiality and data protection terms; prompt notice of confirmed sub‑processor breaches.
Security: Reasonable technical and organisational measures; no absolute security guarantee.
Breach notification: NDB scheme compliance; prompt notice to you for eligible breaches.
Retention & deletion: Your access ceases immediately post‑termination; deletion within 90 days unless earlier or required by law; minimal retention for legal/audit.
Jurisdiction & scope: Service intended for Australian customers operating under Australian tax law; not supported in the US or Canada.