Legal

Privacy Policy

Last updated: 7 May 2026  ·  Effective: 7 May 2026

The short version: Anonymous users submit through AnonaVoice with zero identifying data collected — no IP address, no device fingerprint, nothing. Organisation admins provide an email and payment details to manage their account. That's the full picture.

1. Who We Are

AnonaVoice is operated by Stacksy Pty Ltd (ACN 691 241 291), an Australian company. References to "AnonaVoice", "we", "us", or "our" in this policy refer to Stacksy Pty Ltd.

We can be contacted at privacy@anonavoice.com.

2. The Two Types of Users

AnonaVoice serves two distinct groups with very different privacy profiles:

  • Anonymous users (reporters) — individuals who submit feedback or reports through an organisation's AnonaVoice channel. We deliberately collect no identifying information about these users.
  • Organisation admins — representatives of organisations who create and manage an AnonaVoice account to receive and respond to submissions.

3. Anonymous Users — What We Collect (and Don't)

When you submit a report anonymously, we collect:

  • The content of your message
  • Any optional fields you choose to fill in (category, severity)
  • A randomly generated conversation ID and access token so you can return to check for replies
  • A timestamp for when the submission was made

We deliberately do not collect:

  • Your IP address — it is stripped from every request before reaching our application
  • Device identifiers or browser fingerprints
  • Cookies or tracking pixels
  • Any information that could identify you

Your anonymity depends not just on what we collect, but on what you write. Avoid including details in your message that could identify you, such as your name, role, or unique circumstances.

All message content is encrypted at rest using AES-256-GCM encryption. Your access token — which lets you return to your conversation — is stored only as a SHA-256 hash. We never hold the raw token.

4. Organisation Admins — What We Collect

When you create or manage an organisation account, we collect:

  • Account information: name, email address, organisation name, and a chosen URL slug
  • Billing information: payment is processed by Stripe. We store your Stripe customer ID and subscription status, but never your card number or full payment details
  • Usage data: conversation counts, timestamps, and admin activity within your account for the purpose of providing the service
  • Communications: emails we send you (verification, billing, notifications) may be logged for support purposes

5. How We Use Your Information

We use organisation admin data to:

  • Provide and maintain the AnonaVoice service
  • Process billing and send receipts
  • Send service notifications (new submissions, payment issues)
  • Respond to support requests
  • Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes.

6. Data Storage and Security

All data is stored on servers located in Sydney, Australia (AWS ap-southeast-2). Data does not leave Australia.

We implement the following security measures:

  • AES-256-GCM encryption for all message content at rest
  • TLS 1.2+ encryption in transit
  • IP address stripping at the application layer — we never log reporter IPs
  • Access tokens stored only as SHA-256 hashes
  • JWT-based authentication with short expiry for admin sessions

7. Third-Party Services

We use the following third-party services:

  • Stripe — payment processing. Stripe's privacy policy applies to payment data: stripe.com/au/privacy
  • Amazon Web Services (AWS) — cloud infrastructure, Sydney region only
  • Transactional email provider — for sending verification and notification emails to organisation admins

We do not use advertising networks, analytics platforms, or social media tracking on our application.

8. Data Retention

  • Anonymous submissions: retained for as long as the organisation account is active, then deleted within 90 days of account closure
  • Organisation admin data: retained for the duration of the account and for 7 years after closure to meet Australian tax and record-keeping obligations
  • Billing records: retained as required by law

Organisations can delete individual conversations from their dashboard at any time.

9. Your Rights (Australian Privacy Act 1988)

As an organisation admin, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your information

To exercise these rights, contact us at privacy@anonavoice.com. We will respond within 30 days.

Note: Because anonymous users provide no identifying information, we have no mechanism to look up, modify, or delete their data on request.

10. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. In the event of a data breach likely to cause serious harm, we will notify affected individuals and the OAIC as required by law.

11. Children

AnonaVoice is not intended for use by individuals under 18 years of age. We do not knowingly collect information from minors.

12. Changes to This Policy

We may update this policy from time to time. We will notify organisation admins of material changes by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

13. Contact

For privacy-related enquiries: privacy@anonavoice.com

For general enquiries: hello@anonavoice.com