Privacy Policy

Last updated: 9 June 2026

This Privacy Policy explains how Txtly (“we”, “us”) handles personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to our websites, app, and APIs (the “Service”).

1. Information we collect

  • Account information — name, email, password (hashed), and team/organisation details.
  • Billing information — plan and subscription data. Card details are handled by Stripe; we do not store full card numbers.
  • Contact data you upload — the recipient details (email addresses, phone numbers, names, attributes) you import to message. We process this on your behalf as your processor; you are the controller.
  • Usage and technical data — log data, IP address, device/browser information, and message delivery events, used to operate and secure the Service.

2. How we use information

  • To provide, maintain, secure, and improve the Service.
  • To process payments and manage your subscription.
  • To send service and transactional communications (e.g. verification, billing, alerts).
  • To detect and prevent abuse, fraud, and spam.
  • To comply with legal obligations.

3. Disclosure and sub-processors

We share information with service providers who help us run the Service, including:

  • Amazon Web Services — hosting, and message delivery (email via SES; SMS and WhatsApp via AWS End User Messaging).
  • Stripe — payment processing.
  • Mobile carriers and Meta/WhatsApp, to deliver the messages you send.

We do not sell personal information. We may disclose information where required by law or to protect our rights and the safety of the Service.

4. Recipient (contact) data

We process the contact data you upload only to deliver your messages and provide the Service. You are responsible for having consent and a lawful basis to provide and message that data, and for honouring opt-outs, as described in our Acceptable Use Policy.

5. Overseas disclosure

Our providers may store or process data outside Australia (for example, in other AWS or Stripe regions). We take reasonable steps to ensure such recipients handle personal information consistently with the APPs.

6. Security

We use reasonable technical and organisational measures to protect personal information, including encryption in transit and at rest, access controls, and audit logging. No method of transmission or storage is completely secure.

7. Retention

We keep personal information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You can delete contact data from your account at any time.

8. Your rights

Under the APPs you may request access to or correction of the personal information we hold about you. To make a request, contact us at privacy@txtly.com.au.

9. Cookies

We use cookies and similar technologies for authentication, preferences, and analytics. You can control cookies through your browser settings.

10. Children

The Service is not directed to anyone under 18, and we do not knowingly collect their data.

11. Changes

We may update this Policy and will post the new version with an updated date. Material changes will be notified where practicable.

12. Contact and complaints

Contact our privacy team at privacy@txtly.com.au. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.