Privacy Policy

This policy applies to:

• Business operators — individuals and organisations that create a ServQueue account to manage a queue ("Operators").
• Customers — individuals who join a queue managed through ServQueue ("Customers").
• Visitors — anyone who visits servqueue.com.

From Operators:

• Name and email address (via account registration)
• Business name, industry, and phone number
• Billing information (processed by Stripe — we do not store card details)
• Staff email addresses added to the account

From Customers joining a queue:

• First name (or full name if provided)
• Australian mobile phone number (stored in E.164 format)
• Queue activity: time joined, position, wait time, service time, outcome (served, no-show, etc.)

Automatically collected:

• IP address and browser type when visiting our website
• Usage data such as pages visited and features used (used only for product improvement)

We do not collect sensitive information as defined under the Privacy Act (e.g. health, racial or ethnic origin, political opinions) unless an Operator's industry (e.g. medical clinic) inherently involves health-related context — in which case only queue management data (name, phone, wait time) is stored, not clinical records.

We use personal information to:

• Provide and operate the ServQueue service
• Send SMS queue notifications to Customers on behalf of Operators
• Deliver live chat messages between Operators and Customers, and send SMS fallback notifications when a Customer is offline
• Process billing and subscription management
• Authenticate users and manage account access
• Respond to support enquiries
• Improve our product using anonymised, aggregated usage data
• Comply with legal obligations

We do not use Customer personal information for marketing purposes. We do not sell personal information to third parties.

When a Customer joins a queue, they provide their mobile number and implicitly consent to receiving queue status SMS messages from the Operator via ServQueue. These messages include:

• Queue join confirmation with estimated wait time
• "You're next" alert when they reach position #1
• "It's your turn" message when the Operator calls them
• Custom broadcast messages sent by the Operator (e.g. "running 10 minutes late")
• SMS fallback notifications letting the Customer know the Operator has replied to them in the live chat (sent only when the Customer is not actively viewing their chat page)

Customers can reply LEAVE to any SMS to remove themselves from the queue and opt out of further messages for that visit. Standard Australian carrier rates may apply to inbound replies.

Live chat messages exchanged between Operators and Customers are stored on ServQueue infrastructure in Australia for the duration of the queue visit and the standard retention period (see Section 7). Chat content is treated with the same confidentiality as all other Customer data.

All personal data collected by ServQueue is stored in Australia (AWS Sydney, ap-southeast-2). Data does not leave Australian jurisdiction except where necessary to process payments via Stripe (PCI DSS compliant) or send SMS via ClickSend (Australian-founded, with local infrastructure).

We implement the following security measures:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access control — staff can only access their organisation's data
• Multi-tenancy isolation enforced at the database query level
• No payment card data stored — Stripe handles all card processing
• Regular dependency and vulnerability scanning

We may disclose personal information to:

• Stripe — payment processing (billing information only)
• ClickSend — SMS delivery (Customer phone number and message content only)
• Clerk — identity and authentication (Operator email and name only)
• AWS — cloud hosting infrastructure (data stored in ap-southeast-2)

We do not disclose personal information to any other third parties without consent, except where required by Australian law or a court order.

• Active accounts: Data is retained for as long as the account is active.
• Cancelled accounts: Data is retained for 30 days after cancellation to allow export, then permanently deleted.
• Customer queue data: Retained for 12 months after the queue visit, then purged. Operators may request earlier deletion.
• Notification logs: Retained for 90 days for billing reconciliation, then deleted.

Soft deletion is used throughout — records are flagged as deleted before permanent purging to maintain audit trail integrity as required under the Privacy Act.

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate or out-of-date information
• Request deletion of your personal information (subject to legal retention obligations)
• Complain if you believe we have breached the APPs

To exercise any of these rights, email us at privacy@servqueue.com. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

In the event of an eligible data breach as defined under the Notifiable Data Breaches (NDB) scheme, we will notify affected individuals and the OAIC as required by law, within 30 days of becoming aware of the breach.

ServQueue uses minimal cookies — only those necessary to maintain your session and authenticate your account. We do not use third-party advertising trackers or sell behavioural data.

We may update this policy from time to time. Material changes will be notified to Operators via email at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

For any privacy-related questions or requests:

• Email: privacy@servqueue.com
• Post: ServQueue Pty Ltd, Australia