Privacy Policy
Effective date: 15 March 2026 · Governing law: Queensland, Australia
1. Who We Are
PedigreeForge (“we”, “us”, “our”) is an online platform providing pedigree registry, animal management, and breeding tools for animal breeders and breed societies. We are bound by the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) contained therein.
2. What Personal Information We Collect
We collect personal information that is reasonably necessary for our functions and activities. This includes:
- Account information: name, email address, and password (hashed by our authentication provider, Clerk).
- Profile information: breeder display name, contact details, and optional profile photo you choose to provide.
- Animal records: pedigree data, registration numbers, photographs, health certificates, and related documents you upload.
- Billing information: payment method details are collected and stored by Stripe — we never store raw card numbers.
- Usage and technical data: IP address, browser type, pages visited, feature interactions, and error logs collected via Sentry and PostHog.
- Communications: any support messages or correspondence you send us.
3. How We Collect Personal Information
We collect personal information directly from you when you register an account, complete the onboarding wizard, upload animal records, make a payment, or contact us. We also collect technical data automatically through cookies, server logs, and third-party analytics tools when you use the platform. Where practicable, we collect information directly from you rather than from third parties.
4. Why We Collect and Use Personal Information
We collect and use personal information for the following primary purposes:
- Providing, operating, and improving the PedigreeForge platform.
- Processing registrations, transfers, and other animal record transactions.
- Processing subscription payments and managing billing.
- Sending transactional emails (account confirmation, payment receipts, alerts).
- Providing customer support and responding to enquiries.
- Detecting and preventing fraud, abuse, and security incidents.
- Complying with legal obligations, including responding to valid legal requests.
- Analysing aggregate usage patterns to improve product features (using pseudonymised or anonymised data where possible).
We will not use your personal information for a secondary purpose unless that purpose is related to the primary purpose and you would reasonably expect such use, or you have consented, or we are required or authorised by law (APP 6).
5. Disclosure to Third Parties
We do not sell your personal information. We disclose personal information only to the sub-processors and service providers listed below, each engaged under contractual obligations consistent with applicable privacy law:
| Sub-processor | Purpose | Location |
|---|---|---|
| Neon (Neon Inc.) | Serverless PostgreSQL database hosting | United States |
| Vercel Inc. | Application hosting and edge network | United States / Global CDN |
| Cloudflare Inc. | DNS, DDoS protection, and CDN | United States / Global |
| Clerk Inc. | User authentication and session management | United States |
| Stripe Inc. | Payment processing and subscription billing | United States |
| Resend Inc. | Transactional email delivery | United States |
| Sentry (Functional Software Inc.) | Error monitoring and crash reporting | United States |
| PostHog Inc. | Product analytics and feature flags | United States / EU |
By using PedigreeForge, you acknowledge and consent to your personal information being disclosed to overseas recipients as set out above (APP 8.1). These overseas recipients are located in countries that may not have privacy protections equivalent to Australia. Where practicable, we take contractual steps to ensure those recipients handle your information in a manner consistent with the APPs (APP 8.2).
We may also disclose personal information where required by law, in response to valid court orders or government requests, or to protect the rights, property, or safety of PedigreeForge, our users, or the public.
Organisational accounts and data processing: Where a breed society or registry administrator uploads member data (names, email addresses, membership status) on behalf of their members, PedigreeForge acts as a data processor on behalf of the organisation. Organisations requiring a formal Data Processing Agreement (DPA) for compliance purposes may request one by contacting privacy@pedigreeforge.com.
6. Data Quality and Security
We take reasonable steps to ensure the personal information we hold is accurate, complete, and up to date (APP 10). We implement technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (APP 11). These measures include encryption in transit (TLS), encrypted storage, access controls, and security monitoring. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
Data breach notification: In the event of an eligible data breach as defined under Part IIIC of the Privacy Act 1988 (Cth), we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme. We maintain an internal data breach response plan and will notify affected individuals as soon as practicable after becoming aware of an eligible breach.
7. Data Retention
We retain personal information for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. When you close your account, we will delete or anonymise your personal information within a reasonable time, subject to legal hold requirements. Animal records that form part of a breed registry may be retained in anonymised or de-identified form for historical integrity purposes even after account deletion.
No retention guarantee during beta: During the pre-launch beta period, we may reset, migrate, or delete data without notice. Do not use the platform for records you cannot afford to lose until a general availability release is announced.
8. Access, Correction, and Complaints
Under the Privacy Act you have the right to:
- Access the personal information we hold about you (APP 12).
- Correct personal information that is inaccurate, incomplete, or out of date (APP 13).
- Complain about a breach of the APPs. We will respond to complaints within 30 days.
To exercise these rights or lodge a complaint, contact us at privacy@pedigreeforge.com. If you are unsatisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
9. Cookies
We use cookies and similar tracking technologies to operate the platform, maintain your session, and analyse usage. For full details, see our Cookie Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or by a prominent notice on the platform. The effective date at the top of this page indicates when the policy was last revised. Continued use of the platform after notification of changes constitutes acceptance of the revised policy.
11. Contact
Questions or concerns about this Privacy Policy should be directed to: privacy@pedigreeforge.com.