Privacy Policy

Effective Date: December 11, 2024

1. Introduction

PDF Export for Asana ("Service", "we", "us", or "our") is operated by Double H Ventures Pty Ltd (as trustee for Hamilton-Hakim Family Trust) trading as Double H Marketing (ABN 38 137 697 042), an Australian company. We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using PDF Export for Asana, you consent to the practices described in this policy.

Key Privacy Commitment: We do not store your Asana project data. Your tasks, time entries, and project details are fetched on-demand and used only to generate your PDF. Once generated, the source data is immediately discarded.

2. Information We Collect

2.1 Information You Provide

When you use our Service, we collect:

  • Account Information: Your name, email address, and Asana user ID (received via Asana OAuth authentication)
  • Template Customisations: Company name, logo images, colour preferences, and layout settings you configure
  • Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
  • Communications: Any correspondence you send to our support team

2.2 Information Collected Automatically

  • Usage Data: Number of PDFs generated, export types, and feature usage for billing and analytics
  • Log Data: IP address, browser type, device information, pages visited, and timestamps
  • Generated PDFs: The PDF files you create are stored temporarily based on your subscription tier

2.3 Information from Third Parties

  • Asana: When you authorise our Service, we receive your Asana profile information (name, email, user ID) and temporary access to your workspace data for PDF generation
  • Stripe: Payment confirmation and subscription status

2.4 Information We Do NOT Collect or Store

  • Your Asana access tokens are session-only and never persisted to permanent storage
  • Your Asana tasks, projects, sections, or time entries (fetched on-demand, immediately discarded)
  • Your Asana workspace structure, team memberships, or organisation data
  • Credit card numbers or complete payment card details (handled by Stripe)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

  • Authenticating your identity via Asana OAuth
  • Generating PDF reports from your Asana projects
  • Storing and serving your generated PDF exports
  • Applying your branding and template preferences
  • Processing payments and managing subscriptions

3.2 Service Improvement

  • Analysing usage patterns to improve features
  • Monitoring performance and identifying issues
  • Developing new features based on user needs

3.3 Communications

  • Sending transactional emails (export notifications, account updates, billing receipts)
  • Responding to support inquiries
  • Notifying you of important service changes or security updates

3.4 Legal Compliance

  • Complying with applicable laws and regulations
  • Responding to lawful requests from authorities
  • Protecting our rights and preventing fraud

4. Legal Basis for Processing

Under the Australian Privacy Principles, we process your personal information based on:

  • Consent: You provide consent when you authorise Asana access and create an account
  • Contract Performance: Processing necessary to provide the Service you've requested
  • Legitimate Interests: Improving our Service, preventing fraud, and ensuring security
  • Legal Obligations: Complying with tax, accounting, and regulatory requirements

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

5.1 Service Providers

Provider Purpose Data Shared Location
Asana Authentication & data access OAuth tokens (session only) USA
Supabase Database & file storage Account data, templates, PDFs Australia/USA
Vercel Application hosting Log data, IP addresses Global (Edge)
Stripe Payment processing Billing information USA
Resend Transactional emails Email address, name USA

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any change in ownership or use of your personal information.

6. Cross-Border Data Transfers

As an Australian company, we may transfer your personal information to countries outside Australia, including the United States, where some of our service providers are located. When we do so, we take reasonable steps to ensure your information receives a level of protection comparable to that provided under Australian law.

By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than Australia. We ensure our service providers maintain appropriate security measures and comply with their obligations under relevant privacy frameworks.

7. Data Security

We implement robust security measures to protect your information:

  • Encryption in Transit: All data transmitted to and from our Service uses TLS 1.2+ encryption (HTTPS)
  • Encryption at Rest: Stored data is encrypted using AES-256 encryption
  • Access Controls: Row-level security (RLS) ensures users can only access their own data
  • Secure Authentication: OAuth 2.0 with PKCE flow, CSRF protection, and secure session management
  • Token Security: Asana access tokens are stored only in memory during your session
  • Rate Limiting: Protection against abuse and brute-force attacks
  • Security Headers: HSTS, CSP, X-Frame-Options, and other protective headers
  • Regular Updates: Dependencies are kept up-to-date to address security vulnerabilities

8. Data Retention

We retain your information only as long as necessary:

8.1 PDF Exports

Plan Retention Period
Free 7 days
Pro 90 days
Team 365 days

8.2 Other Data

  • Account Data: Retained while your account is active, deleted within 30 days of account closure
  • Template Settings: Retained while your account is active
  • Usage Records: Retained for billing and legal compliance (up to 7 years for financial records)
  • Log Data: Automatically deleted after 90 days
  • Support Communications: Retained for 2 years after resolution

9. Your Rights Under Australian Privacy Law

Under the Privacy Act 1988 and Australian Privacy Principles, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated data
  • Complaint: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)
  • Withdraw Consent: Revoke Asana access or close your account at any time

How to Exercise Your Rights

  • Delete Exports: Use the Exports page to delete individual PDFs
  • Delete Account: Contact support to request complete account deletion
  • Revoke Asana Access: Remove our app from your Asana account settings
  • Access/Correction Requests: Email us at team@doublehmarketing.com.au

We will respond to access and correction requests within 30 days. We may require identity verification before processing your request.

10. Cookies and Tracking

We use cookies and similar technologies for:

10.1 Essential Cookies

  • Authentication: Session cookies to keep you logged in
  • Security: CSRF tokens to prevent cross-site request forgery

10.2 Analytics

  • Vercel Analytics: Privacy-focused, anonymous usage analytics
  • Vercel Speed Insights: Performance monitoring

We do not use third-party advertising cookies or sell data to advertisers.

11. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately, and we will delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new effective date
  • Sending an email notification for significant changes
  • Displaying a notice within the Service

Your continued use of the Service after changes indicates acceptance of the updated policy.

13. Contact Us and Complaints

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Double H Ventures Pty Ltd (as trustee for Hamilton-Hakim Family Trust) trading as Double H Marketing

ABN 38 137 697 042

2/20 Hutchinson Street, Surry Hills, NSW 2010

Privacy Officer

Email: team@doublehmarketing.com.au

We aim to respond to all privacy inquiries within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

Website: www.oaic.gov.au

Phone: 1300 363 992

Online: Privacy Complaint Form

This Privacy Policy was last updated on December 11, 2024.

View our Terms of Service