formmyformmy

Version v1.0.0 · Effective 2026-04-23

Privacy Policy / 隐私政策

This Privacy Policy is written in English as the authoritative version. A Chinese translation is provided for reference only. In case of any discrepancy between the English and Chinese versions, the English version shall prevail.

本隐私政策以英文为权威版本,中文仅供参考。英中文版本如有歧义,以英文版本为准。

Effective Date: 23 April 2026 Version: v1.0.0 Governing Law: Commonwealth of Australia — Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

生效日期:2026年4月23日 版本:v1.0.0 适用法律:澳大利亚联邦 — 《1988年隐私法》(联邦法)及《澳大利亚隐私原则》(APPs)。

1. Introduction and Who We Are / 介绍与主体

AUGuide Pty Ltd (ABN 91 679 287 337; hereinafter "we", "us", or "our") is a proprietary limited company registered in Victoria, Australia. We operate the formmy.io website and application available at https://www.formmy.io (the "Service"), which provides automated Chinese-to-English translation for Australian immigration forms, with initial focus on the Department of Home Affairs Form 80 (Personal Particulars for Character Assessment) and Form 1221 (Additional Personal Particulars Information).

AUGuide Pty Ltd also operates auguide.com.au, a separate consumer service for Australian relocation guidance. Personal information collected via formmy.io is not shared with the AU Guide product unless you explicitly request a cross-product transfer (no such mechanism currently exists). Each product has its own privacy policy.

This Privacy Policy explains how we collect, hold, use, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) (the "Privacy Act") and the thirteen Australian Privacy Principles (APP 1–13). It applies to all users of the Service anywhere in the world.

By using the Service, you acknowledge that you have read, understood, and consent to the collection, use, and disclosure of your personal information as described in this Policy.

中文参考翻译:

formmy.io Pty Ltd(ACN 将在公司注册完成后公布;以下简称"formmy.io"、"我们"或"本公司")是一家在澳大利亚 [REGISTERED_STATE] 州注册的私人有限责任公司。我们运营位于 https://formmy.io 的网站与应用(以下简称"本服务"),提供面向澳大利亚移民表格的中英文自动翻译服务,首期聚焦于内政部 Form 80(品格评估个人信息表)。

本隐私政策依据《1988年隐私法》(联邦法,以下简称"《隐私法》")及十三项《澳大利亚隐私原则》(APP 1–13)说明我们如何收集、持有、使用、披露与保护个人信息,适用于全球所有本服务用户。

您使用本服务即表示您已阅读、理解并同意按本政策所述收集、使用和披露您的个人信息。

2. What Personal Information We Collect / 我们收集的个人信息类型

We intentionally minimise the personal information we collect and retain. Broadly, the data related to the Service falls into two categories: data we retain (limited) and data we process transiently but do not retain (extensive, including all form content).

2.1 Data We Retain

Category Examples Purpose
Account data Email address, display name, hashed password (managed by Supabase Auth), account creation timestamp, most recent login timestamp Authentication, account management, transactional email
Billing data Stripe customer ID, subscription tier, invoice metadata. We do not store full card numbers, CVV, or card expiry. All card data is handled directly by Stripe (PCI DSS Level 1 certified). Subscription management, invoicing, tax records
Audit metadata Conversion timestamp, user ID, conversion count, conversion type (e.g. "Form 80"), output PDF size in bytes, success/failure status Usage-based billing, rate limiting, service statistics, dispute resolution
Consent records Timestamp of Terms/Privacy acceptance, policy version accepted, IP address at time of consent Legal evidence of consent (APP 5)
Support correspondence Email you send to support addresses, ticket history Customer support

2.2 Data We Process But Do Not Retain

The following categories are handled exclusively in volatile memory (RAM) during a single translation request and are never written to persistent storage on our servers or databases. See Section 4 for the technical flow.

  • Full names, Chinese names, preferred names
  • Passport numbers, ID numbers, visa numbers
  • Dates of birth, places of birth
  • Current and previous residential addresses
  • Employment history, education history
  • Family member details
  • Military service history
  • Travel history
  • Character assessment answers (criminal history, association questions, etc.)
  • Any free-text content submitted via the translation form
  • Any uploaded source documents (if applicable)

2.3 Information We Do Not Collect

We do not collect: government-issued photo ID images for identity verification, biometric data, geolocation beyond coarse IP-derived country, contact lists, device advertising identifiers, or sensitive information categories beyond what is strictly required to perform the requested translation.

中文参考翻译:

我们刻意最小化收集和保留的个人信息。与本服务有关的数据大致分为两类:我们保留的数据(范围有限)和*我们瞬时处理但不保留的数据(涵盖所有表格内容)。*

2.1 我们保留的数据

- 账户数据:邮箱、显示名、哈希密码(由 Supabase Auth 管理)、注册时间戳、最近登录时间戳 — 用于身份验证、账户管理与事务性邮件。 *- 计费数据:Stripe 客户 ID、订阅等级、发票元数据。我们不存储完整卡号、CVV 或有效期。所有信用卡数据由 Stripe(PCI DSS 一级认证)直接处理 — 用于订阅管理、开票与税务记录。* - 审计元数据:转换时间戳、用户 ID、转换次数、转换类型(如 "Form 80")、输出 PDF 字节大小、成功/失败状态 — 用于按量计费、速率限制、服务统计与争议解决。 - 同意记录:接受服务条款/隐私政策的时间戳、接受的版本号、同意时的 IP 地址 — 作为同意的法律证据(APP 5)。 - 客服往来:您发送至客服邮箱的邮件与工单历史 — 用于客户支持。

2.2 我们处理但不保留的数据

*以下内容仅在一次翻译请求过程中**在易失内存(RAM)**中处理,从不写入我们服务器或数据库的持久化存储。技术流程见第 4 节。*

全名、中文姓名、曾用名;护照号、身份证号、签证号;出生日期、出生地;现住址及历史地址;工作史、教育史;家庭成员信息;兵役史;旅行史;品格评估答案(犯罪史、关联问题等);通过翻译表单提交的任何自由文本内容;上传的源文档(若适用)。

2.3 我们不收集的信息

我们收集:用于身份核验的政府证件照片、生物识别数据、除基于 IP 推断的粗粒度国家信息以外的地理位置、联系人列表、设备广告标识符,以及任何超出完成所请求翻译所必需范围的敏感信息类别。

3. How Personal Information Is Collected / 我们如何收集个人信息

We collect personal information in two ways:

3.1 Directly from you. When you register an account, enter form content into the Service, upload source documents, purchase a subscription, or contact our support team, you provide information to us directly.

3.2 Automatically. When you use the Service, we automatically collect limited technical information to operate and secure the Service:

  • Session cookies and authentication tokens to keep you logged in.
  • Server logs, including IP address, user agent string, request timestamp, and HTTP response code, retained for up to 30 days for security, abuse detection, and debugging purposes. Server logs do not contain form field content.
  • CSRF tokens to prevent cross-site request forgery.

Wherever reasonably practicable, we collect personal information directly from you rather than from third parties, consistent with APP 3.6.

中文参考翻译:

我们通过两种方式收集个人信息:

3.1 直接来自您当您注册账户、在本服务中输入表格内容、上传源文档、购买订阅或联系客服时,您直接向我们提供信息。

3.2 自动收集当您使用本服务时,我们自动收集有限的技术信息用于服务运行与安全:

- 会话 Cookie 与认证令牌:用于保持登录状态。 - 服务器日志:包括 IP 地址、User Agent、请求时间戳与 HTTP 响应码,最长保留 30 天,用于安全防护、滥用检测与调试。服务器日志包含表格字段内容。 - CSRF 令牌:用于防范跨站请求伪造。

在合理可行的情况下,我们直接从您处而非从第三方收集您的个人信息,符合 APP 3.6 的要求。

4. How We Process Form Content in Memory / 表格内容的内存处理流程

This section describes the technical architecture that underpins our core privacy commitment. formmy.io does not persist the content of your translated forms. The following flow applies to every translation request:

  1. Input received. Your browser sends form field content (e.g. Chinese names, passport numbers, addresses) to our application server over TLS 1.3 encrypted HTTPS.
  2. Held in RAM. The server holds the content exclusively in volatile memory (process RAM) for the duration of the request. The content is not written to disk, database, log file, backup, cache, or message queue.
  3. Sent to AI translation provider. The in-memory content is transmitted over TLS to Anthropic Claude API (or, as fallback, OpenAI API) under an enterprise agreement that prohibits use of the data for model training. See Section 5.
  4. Translation received. The English translation is returned to our server, again held only in RAM.
  5. PDF generated. The server generates an unsigned English PDF in memory and streams it to your browser for download.
  6. Memory released. Upon request completion (typically within seconds), the request-scoped memory is released by the runtime. No long-lived process retains a reference to the content.
  7. Audit record written. A single database row is written containing only audit metadata (timestamp, user ID, conversion type, success/failure, PDF byte size). This record contains no form content.

Because of this architecture, if our database or file storage were compromised, the attacker would not recover any form field content, because none exists on disk to recover.

Important caveat: Form content does briefly transit through the memory of our hosting provider (Vercel) and is briefly processed in the memory of the AI provider (Anthropic or OpenAI). Those providers have their own security controls and data handling policies, which we have reviewed and rely upon. See Sections 5 and 6.

中文参考翻译:

*本节描述支撑我们核心隐私承诺的技术架构。**formmy.io 不持久化存储您翻译表格的内容。*以下流程适用于每一次翻译请求:

1. 接收输入:您的浏览器通过 TLS 1.3 加密的 HTTPS 将表格字段内容(如中文姓名、护照号、地址)发送至我们的应用服务器。 2. 驻留内存:服务器仅在请求期间将内容保存在易失内存(进程 RAM)中。内容不会写入磁盘、数据库、日志文件、备份、缓存或消息队列。 3. 发送至 AI 翻译服务商:内存中的内容通过 TLS 传输至 Anthropic Claude API(或备用的 OpenAI API),双方签订的企业协议禁止将数据用于模型训练。详见第 5 节。 4. 接收翻译结果:英文译文返回至我们的服务器,同样仅保存在 RAM 中。 5. 生成 PDF:服务器在内存中生成未签字的英文 PDF,并流式传输至您的浏览器供下载。 6. 释放内存:请求完成后(通常数秒内),请求作用域的内存由运行时释放。不存在任何长驻进程持有该内容的引用。 7. 写入审计记录:数据库中写入一行,仅包含审计元数据(时间戳、用户 ID、转换类型、成功/失败、PDF 字节大小),不含任何表格内容

由于此架构,即使我们的数据库或文件存储被攻破,攻击者也无法恢复任何表格字段内容,因为磁盘上根本不存在这些内容。

重要说明表格内容确实会短暂经过托管服务商(Vercel)的内存并在 AI 服务商(Anthropic 或 OpenAI)的内存中被短暂处理。这些服务商拥有各自的安全控制和数据处理政策,我们已经审阅并信赖。详见第 5 节与第 6 节。

5. Third-Party Data Processors / 第三方数据处理商

We use the following third-party service providers (data processors) to operate the Service. We have reviewed each provider's security practices and data handling terms. This disclosure satisfies our notification obligations under APP 5 and APP 6.

Provider Role Data Processed Location
Anthropic PBC AI translation (primary) Form content, transiently, under enterprise API terms. Anthropic contractually agrees not to use API inputs or outputs to train models. USA
OpenAI LLC AI translation (fallback) Form content, transiently, under enterprise API terms. OpenAI contractually agrees not to use API inputs or outputs to train models. USA
Stripe, Inc. Payment processing Name, email, card data (handled directly by Stripe, never touches our servers), billing address USA / global
Supabase, Inc. Database, authentication, hosting of retained data Account data, audit metadata, consent records South Korea (ap-northeast-2 region)
Vercel, Inc. Edge hosting of application and static assets Request routing, TLS termination, transient form content during request lifecycle Global edge network (primarily USA and EU)
Resend / transactional email Transactional email delivery (password reset, receipts) — [PLACEHOLDER: confirm provider] Email address, email body USA / EU
Analytics[PLACEHOLDER: PostHog self-hosted / Plausible / none] Privacy-respecting aggregate usage analytics Aggregate page views, no personally identifiable profiles To be confirmed

We do not sell, trade, rent, or share personal information with data brokers, advertisers, marketing platforms, or any third party for their own marketing purposes. We do not use Google Analytics, Meta Pixel, or any advertising-related tracker.

We require each processor to maintain security standards appropriate to the sensitivity of the data they handle, and we review our processor list periodically.

中文参考翻译:

我们使用以下第三方服务商(数据处理方)运营本服务。我们已审阅每家服务商的安全实践与数据处理条款。本披露满足 APP 5 与 APP 6 项下的告知义务。

- Anthropic PBC(AI 翻译,主):瞬时处理表格内容,企业 API 条款下承诺不将 API 输入/输出用于模型训练。位于美国。 - OpenAI LLC(AI 翻译,备用):瞬时处理表格内容,企业 API 条款下承诺不将 API 输入/输出用于模型训练。位于美国。 *- Stripe, Inc.(支付处理):姓名、邮箱、信用卡数据(由 Stripe 直接处理,从不经过我们服务器)、账单地址。美国/全球。* *- Supabase, Inc.(数据库、认证、保留数据托管):账户数据、审计元数据、同意记录。韩国节点(ap-northeast-2)。* *- Vercel, Inc.(应用与静态资源边缘托管):请求路由、TLS 终止、请求周期内瞬时表格内容。全球边缘网络(主要位于美国和欧盟)。* *- Resend / 事务邮件服务商(事务邮件)— [占位:确认服务商]:邮箱、邮件正文。美国/欧盟。* *- 分析工具[占位:PostHog 自托管 / Plausible / 无]:尊重隐私的聚合使用分析,无个人画像。待确认。*

**我们不向数据经纪商、广告商、营销平台或任何第三方出售、交易、出租或共享个人信息用于其自有营销目的。*我们不使用 Google Analytics、Meta Pixel 或任何广告类追踪器。

我们要求每一家处理方维持与其所处理数据敏感度相匹配的安全标准,并定期审阅处理方清单。

6. Cross-Border Data Transfer / 跨境数据传输

Under APP 8, we must take reasonable steps to ensure that any overseas recipient of personal information does not breach the APPs. This section discloses all cross-border data flows.

6.1 Where Your Data Goes

  • USA: Anthropic API, OpenAI API (fallback), Stripe, Vercel edge nodes may briefly route requests through US infrastructure.
  • South Korea (ap-northeast-2): Supabase hosts our database and authentication service. Your account data, audit metadata, and consent records are stored here at rest.
  • EU / global edge: Vercel may serve static assets from the nearest edge node to you.

6.2 What Is Transferred

Transient form content (held in RAM during a single request): transits the USA (Anthropic/OpenAI APIs) and Vercel's edge network. It is not stored at rest in any of these jurisdictions.

Account data, audit metadata, consent records: stored at rest in South Korea via Supabase.

Billing data: handled by Stripe globally.

6.3 Your Consent

By creating an account and using the Service, you explicitly consent to the cross-border disclosure of your personal information described above, as permitted by APP 8.2(b). This is necessary to provide the Service; the AI translation cannot be performed without transmitting the content to the AI provider.

6.4 Safeguards

We select providers that maintain contractual data protection commitments, industry-standard encryption (TLS in transit, AES-256 at rest where applicable), and access controls. However, you should be aware that privacy laws in overseas jurisdictions may differ from Australian law and may not provide equivalent protection. The US, for example, does not have a federal privacy law of general application.

If you do not consent to cross-border transfer on these terms, please do not use the Service.

中文参考翻译:

根据 APP 8,我们必须采取合理措施确保个人信息的境外接收方不违反 APPs。本节披露所有跨境数据流动。

6.1 您的数据流向

- 美国:Anthropic API、OpenAI API(备用)、Stripe、Vercel 边缘节点可能会短暂地将请求经由美国基础设施路由。 *- 韩国(ap-northeast-2):Supabase 托管我们的数据库与认证服务。您的账户数据、审计元数据与同意记录静态存储于此。* - 欧盟 / 全球边缘:Vercel 可能从离您最近的边缘节点提供静态资源。

6.2 传输内容

- 瞬时表格内容(单次请求期间保存在 RAM 中):经由美国(Anthropic/OpenAI API)及 Vercel 边缘网络传输,不在上述任何司法辖区静态存储。 - 账户数据、审计元数据、同意记录:通过 Supabase 静态存储于韩国。 - 计费数据:由 Stripe 全球范围内处理。

6.3 您的同意

创建账户并使用本服务即表示您明确同意上述个人信息的跨境披露,符合 APP 8.2(b) 的许可。这是提供本服务所必需的;不将内容传输至 AI 服务商则无法完成 AI 翻译。

6.4 安全保障

我们选择的服务商均维持合同化的数据保护承诺、行业标准加密(传输层 TLS、静态适用处 AES-256)以及访问控制。但请注意,境外司法辖区的隐私法律可能与澳大利亚法律不同,未必提供等同保护。例如美国目前并无普遍适用的联邦隐私法。

如您不同意上述跨境传输条款,请不要使用本服务

7. Cookies and Tracking / Cookies 和追踪

We use only the minimum cookies and storage technologies necessary to operate the Service.

Essential cookies (cannot be disabled without breaking the Service):

  • Session cookie: maintains your login state. HttpOnly, Secure, SameSite=Lax.
  • CSRF token cookie: prevents cross-site request forgery.
  • Supabase auth cookies: issued by Supabase Auth for token refresh.

Analytics cookies: [PLACEHOLDER: specify PostHog / Plausible / none]. If used, these collect aggregate usage statistics without building individual user profiles and without sharing data with advertisers.

Advertising / tracking cookies: none. We do not use any advertising, marketing, or cross-site tracking cookies, pixels, or similar technologies. We do not sell, trade, or share your browsing data with any third party for marketing.

You may configure your browser to block cookies; however, blocking essential cookies will prevent you from logging in or using the Service.

中文参考翻译:

我们仅使用运行本服务所必需的最少 Cookie 和存储技术。

必要 Cookie(禁用会导致服务无法正常运行):*

- 会话 Cookie:维护您的登录状态。HttpOnly、Secure、SameSite=Lax。 - CSRF 令牌 Cookie:防止跨站请求伪造。 - Supabase 认证 Cookie:由 Supabase Auth 颁发用于令牌刷新。

分析 Cookie[占位:指定 PostHog / Plausible / 无]。如使用,仅采集聚合使用数据,不构建用户个人画像,不与广告商共享数据。*

广告 / 追踪 Cookie。我们不使用任何广告、营销或跨站追踪 Cookie、像素或类似技术。我们不向任何第三方出售、交易或共享您的浏览数据用于营销目的。*

您可以配置浏览器阻止 Cookie,但阻止必要 Cookie 将导致您无法登录或使用本服务。

8. Data Retention / 数据保留

We retain personal information only as long as necessary for the purpose for which it was collected, consistent with APP 11.2. Specific retention periods:

Data Type Retention Period Rationale
Form content (names, passport numbers, addresses, answers to Form 80 questions, etc.) Not retained. Discarded from memory upon request completion, typically within seconds. Our core privacy commitment and product architecture.
Account data (email, display name, login timestamps) Retained while your account is active. Deleted within 30 days of account closure request or detected abandonment (24 months of inactivity with prior notice). Provide the Service, account security, transactional communication.
Billing data metadata (Stripe customer ID, subscription tier) While active + 7 years after final transaction, then deleted or anonymised. Compliance with Australian tax law (s 262A, Income Tax Assessment Act 1936 — 5-year record keeping) and audit obligations, with a conservative 7-year buffer.
Audit metadata (conversion timestamps, user ID, conversion counts) 7 years, then anonymised by stripping user ID and retaining only aggregate statistics. Tax, audit, dispute resolution, usage analytics.
Consent records (Terms/Privacy acceptance, version, timestamp, IP) 7 years from date of consent or from account closure, whichever is later. Legal evidence of informed consent.
Support correspondence 24 months from last contact, then deleted. Customer support continuity.
Server logs 30 days, then deleted. Security and debugging only.

When a retention period expires, we either permanently delete the data or irreversibly anonymise it so that it can no longer be associated with any identified or identifiable individual.

中文参考翻译:

我们仅在为收集目的所必需的期间内保留个人信息,符合 APP 11.2。具体保留期限:

- 表格内容(姓名、护照号、地址、Form 80 问题答案等):不保留。请求完成后立即从内存中丢弃,通常在数秒内完成。理由:我们的核心隐私承诺与产品架构。 - 账户数据(邮箱、显示名、登录时间戳):账户有效期内保留;收到账户关闭请求或检测到账户遗弃(经事前通知后连续 24 个月未活动)后 30 天内删除 - 计费数据元数据(Stripe 客户 ID、订阅等级):账户有效期 + 最后一笔交易后 7 年,然后删除或匿名化。依据:澳大利亚税法(《1936年所得税评估法》第 262A 条的 5 年记录保存义务)及审计义务,7 年为保守缓冲。 - 审计元数据(转换时间戳、用户 ID、转换次数):7 年,之后剥离用户 ID 仅保留聚合统计。理由:税务、审计、争议解决、使用分析。 - 同意记录(接受条款/隐私的时间戳、版本、IP):自同意之日或账户关闭之日起较晚者 7 年。理由:知情同意的法律证据。 - 客服往来:自最后一次联系起 24 个月,然后删除。 - 服务器日志30 天,然后删除。

保留期限届满后,我们将永久删除该数据或进行不可逆匿名化,使其不再能与任何可识别或可被识别的个人相关联。

9. Your Rights Under Australian Privacy Act 1988 / 您在澳大利亚隐私法下的权利

As a data subject, you have the following rights under the Privacy Act. We respond to requests within 30 days where reasonably practicable.

9.1 Right to Access (APP 12). You have the right to request access to the personal information we hold about you. We will provide it in a common electronic format (typically JSON or CSV) unless providing it would unreasonably interfere with the privacy of another individual or be otherwise prohibited by law.

9.2 Right to Correction (APP 13). If you believe any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. You can also correct most account information yourself from the account settings page.

9.3 Right to Account Closure and Deletion. You may close your account at any time from the account settings page or by emailing support@formmy.io. Upon closure, we will delete your account data within 30 days, subject to the retention requirements in Section 8 (audit metadata and consent records retained for 7 years for compliance purposes).

9.4 Right to Withdraw Consent. You may withdraw consent to optional processing at any time. Withdrawal does not affect the lawfulness of processing performed before withdrawal.

9.5 Right to Complain to Us. If you believe we have breached the Privacy Act or this Policy, please contact our Privacy Officer at support@formmy.io. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

9.6 Right to Complain to the OAIC. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: https://www.oaic.gov.au
  • Phone: 1300 363 992 (within Australia)
  • Email: enquiries@oaic.gov.au
  • Mail: GPO Box 5288, Sydney NSW 2001, Australia

9.7 Verification. For security, we may request proof of identity before responding to a rights request. We use the email address associated with your account as the primary verification channel.

9.8 No Fee. We do not charge a fee for reasonable rights requests. If a request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse the request and explain why.

中文参考翻译:

作为数据主体,您在《隐私法》下享有以下权利。我们在合理可行的情况下于 30 天内响应请求。

9.1 访问权(APP 12)您有权请求访问我们持有的关于您的个人信息。我们将以常见电子格式(通常为 JSON 或 CSV)提供,除非提供会不合理地干扰他人隐私或其他法律禁止。

9.2 更正权(APP 13)若您认为我们持有的关于您的个人信息不准确、过时、不完整、不相关或具有误导性,您可请求更正。多数账户信息您也可自行在账户设置页更正。

9.3 账户关闭与删除权您可随时通过账户设置页或发邮件至 support@formmy.io 关闭账户。关闭后我们将在 30 天内删除您的账户数据,第 8 节所述保留要求除外(审计元数据与同意记录因合规目的保留 7 年)。

9.4 撤回同意的权利您可随时撤回对可选处理活动的同意。撤回不影响撤回前处理的合法性。

9.5 向我们投诉的权利若您认为我们违反了《隐私法》或本政策,请联系我们的隐私官 support@formmy.io。我们将在 5 个工作日内确认收到投诉,并力争在 30 天内解决。

9.6 向 OAIC 投诉的权利若您对我们的回复不满,您有权向澳大利亚信息专员办公室(OAIC)提起投诉:

- 网站:https://www.oaic.gov.au - 电话:1300 363 992(澳大利亚境内) - 邮箱:enquiries@oaic.gov.au - 邮寄:GPO Box 5288, Sydney NSW 2001, Australia

9.7 身份核验出于安全原因,我们在响应权利请求前可能要求您提供身份证明。我们以账户关联邮箱作为主要核验渠道。

9.8 免费我们不对合理的权利请求收费。若请求明显无依据或过度,我们可能收取合理的管理费用或拒绝请求并解释原因。

10. Notifiable Data Breaches Scheme / 数据泄露通知机制

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act, as amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017.

10.1 Our Commitment. If we become aware of an eligible data breach — that is, unauthorised access to, unauthorised disclosure of, or loss of personal information that is likely to result in serious harm to one or more individuals — we will:

  • Conduct an assessment to confirm whether the breach is eligible (within 30 days of becoming aware of suspected breach, per s 26WH of the Privacy Act).
  • Notify affected individuals and the OAIC as soon as practicable once an eligible breach is confirmed, consistent with ss 26WK and 26WL.
  • Provide information required by s 26WK: a description of the breach, the kinds of information involved, and recommendations for steps individuals should take.

10.2 Architectural Resilience. Because our architecture does not persist form content (see Section 4), the realistic scope of a data breach involving the most sensitive categories of information is substantially reduced. A breach of our database would expose account data, audit metadata, and billing metadata — it would not expose passport numbers, addresses, family details, or character assessment answers, because those are not stored.

10.3 What Is Still at Risk. A breach could still affect email addresses, display names, hashed passwords, conversion history metadata, and Stripe customer identifiers. We assess the harm potential of this data as lower than form content but non-trivial, and we treat it accordingly.

10.4 No Guarantees. No system is impenetrable. We implement industry-standard security measures (TLS 1.3, bcrypt password hashing via Supabase Auth, least-privilege access, audit logging, periodic dependency scanning) but we cannot and do not guarantee absolute security.

中文参考翻译:

我们遵守《隐私法》第 IIIC 部分下的数据泄露通知(NDB)机制,该部分由《2017年隐私法修正案(数据泄露通知)法》引入。

10.1 我们的承诺若我们意识到发生*符合条件的数据泄露——即个人信息被未授权访问、未授权披露或丢失,且可能对一名或多名个人造成严重伤害——我们将:*

- 在知悉疑似泄露后 30 天内完成评估以确认是否构成符合条件的泄露(《隐私法》第 26WH 条); - 一经确认为符合条件的泄露,应尽快通知受影响的个人及 OAIC(第 26WK、26WL 条); - 提供第 26WK 条要求的信息:泄露描述、涉及的信息类型、建议个人采取的步骤。

10.2 架构韧性由于我们的架构不持久化表格内容(见第 4 节),涉及最敏感信息类别的数据泄露的现实范围被大幅削减。我们数据库的泄露会暴露账户数据、审计元数据和计费元数据——但不会暴露护照号、地址、家庭成员信息或品格评估答案,因为这些信息并未存储。

10.3 仍存在的风险一次泄露仍可能影响邮箱地址、显示名、哈希密码、转换历史元数据和 Stripe 客户标识符。我们评估此类数据的危害潜力低于表格内容但非微不足道,并相应对待。

10.4 不做担保没有任何系统绝对安全。我们实施行业标准的安全措施(TLS 1.3、通过 Supabase Auth 的 bcrypt 密码哈希、最小权限访问、审计日志、定期依赖项扫描),但我们无法也不保证绝对安全。

11. Children's Privacy / 儿童隐私

The Service is intended for adults who are preparing Australian immigration forms, including Form 80, which is typically required for applicants aged 16 and over. We require users to be at least 16 years old to create an account.

We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child under 16 has provided personal information to us, please contact support@formmy.io and we will delete the information promptly.

If a user is preparing a Form 80 on behalf of a family member (including a minor family member as required by the immigration process), the user — not the minor — is the data subject with respect to this Service, and the user is responsible for having appropriate authority to process that family member's information.

中文参考翻译:

*本服务面向准备澳大利亚移民表格的成年人,包括 Form 80(通常要求申请人年龄在 16 岁及以上)。我们要求用户年满 16 岁方可注册账户。*

我们不会有意收集 16 岁以下儿童的个人信息。如您是家长或监护人,且认为您未满 16 岁的孩子向我们提供了个人信息,请联系 support@formmy.io,我们将及时删除该信息。

若用户为家庭成员(包括移民流程所要求的未成年家庭成员)代办 Form 80,则就本服务而言,用户本人(而非该未成年人)是数据主体,用户有责任拥有处理该家庭成员信息的适当授权。

12. Changes to This Policy, Contact, and Complaint Resolution / 政策变更、联系方式与投诉

12.1 Policy Updates. We may update this Privacy Policy from time to time to reflect changes in our practices, third-party providers, or applicable law. We maintain a version history:

Version Date Summary of Change
v1.0.0 2026-04-23 Initial publication.

For material changes (e.g. new third-party processor, new category of collected data, changed retention period), we will notify registered users by email at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

For non-material changes (e.g. typography, clarification of existing obligations), we will update the "Effective Date" at the top of this Policy.

12.2 Contact — Privacy Officer.

  • Email: support@formmy.io
  • Postal address: [REGISTERED_ADDRESS], Australia
  • Response target: 5 business days for acknowledgement; 30 days for substantive response.

12.3 Complaint Resolution Process.

  1. Contact our Privacy Officer (above).
  2. If unresolved after 30 days, or if you are dissatisfied with the response, lodge a complaint with the OAIC: https://www.oaic.gov.au/privacy/privacy-complaints.
  3. The OAIC will assess whether to investigate. You may also seek independent legal advice at your own cost.

12.4 Supervisory Authority. Office of the Australian Information Commissioner (OAIC), GPO Box 5288, Sydney NSW 2001, Australia. Phone: 1300 363 992. Website: https://www.oaic.gov.au.

中文参考翻译:

12.1 政策更新我们可能会不时更新本政策以反映我们做法、第三方服务商或适用法律的变化。我们维护版本历史:

- v1.0.0,2026-04-23:首次发布。

对于*实质性变更(如新增第三方处理方、新增收集的数据类别、变更保留期限),我们将在变更生效前至少 14 天通过邮件通知已注册用户。生效日期之后继续使用本服务即视为接受更新后的政策。*

对于*非实质性变更(如排版、对既有义务的澄清),我们将更新本政策顶部的"生效日期"。*

12.2 联系方式——隐私官:*邮箱 support@formmy.io;通讯地址 [REGISTERED_ADDRESS], Australia。响应目标:5 个工作日内确认收到;30 天内实质回复。*

12.3 投诉处理流程1) 联系我们的隐私官(见上);2) 若 30 天后仍未解决或您对回复不满,向 OAIC 投诉:https://www.oaic.gov.au/privacy/privacy-complaints;3) OAIC 将评估是否调查。您也可自费寻求独立法律意见。

12.4 监管机构澳大利亚信息专员办公室(OAIC),GPO Box 5288, Sydney NSW 2001, Australia。电话:1300 363 992。网站:https://www.oaic.gov.au

Legal References / 法律依据

  • Privacy Act 1988 (Cth)
  • Australian Privacy Principles (APP) 1–13, Schedule 1 to the Privacy Act
  • Privacy Amendment (Notifiable Data Breaches) Act 2017
  • Income Tax Assessment Act 1936 (Cth), s 262A — record keeping obligations
  • Office of the Australian Information Commissioner (OAIC) guidance

Placeholders Requiring Completion / 待补充的占位符

The following placeholders in this Policy must be confirmed before the Policy is published:

  • [REGISTERED_STATE] — Australian state of company registration (e.g., NSW, VIC).
  • [REGISTERED_ADDRESS] — Registered postal address of formmy.io Pty Ltd.
  • ACN — Australian Company Number, once ASIC registration is complete.
  • Transactional email provider — confirm Resend, AWS SES, Postmark, or other.
  • Analytics tool — confirm PostHog (self-hosted) / Plausible / none.

End of Privacy Policy / 隐私政策完。