Cavuno
Sign InSign Up

Privacy Policy

Our privacy policy and how we use your data

Last updated: 1 March 2026

Introduction

Wollemia Pty Ltd (ABN 35 692 226 323) ("we", "us", "our") operates Cavuno (cavuno.com). This policy explains how we collect, use, and protect personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). This policy also covers data collected on job boards operated by Cavuno customers on behalf of their organisations. For information about cookies and tracking technologies, please see our Cookie Policy.

Data controller and processor roles

Wollemia Pty Ltd is the data controller for personal information collected through the Cavuno platform, including account data, billing information, and usage analytics.

For personal information collected from visitors to customer-operated job boards (such as job alert subscriptions), the customer is the data controller and Wollemia Pty Ltd acts as a data processor. Customers are responsible for ensuring they have appropriate legal bases for collecting visitor data and for informing their end users about how their data is processed.

Information we collect

Account information

When you create an account, we collect your name, email address, and password. If you create or join a team account, we also collect your team or organisation name.

Job board configuration

We collect information related to your job board setup, including site name, domain, branding preferences, configuration settings, analytics tracking IDs, custom domain settings, and SEO metadata.

Job and company data

We store job listings and company profiles that you create or upload to the platform, including AI-enriched content, vector embeddings derived from this data, and associated metadata.

Job alert subscriptions

When visitors subscribe to job alerts on your job board, we collect their email address, consent record, IP address, and user-agent at the time of subscription.

Billing information

Payment details are processed and stored by Stripe. Stripe stores your payment method details, billing address, and transaction history. We store a reference to your Stripe customer ID and subscription status. We do not store full credit card numbers.

Usage and analytics data

We collect information about how you use the platform, including pages visited, features used, device information, IP address, browser type, referral source, geographic region (derived from IP address), session duration, and interactions with specific features. Analytics data is pseudonymised where possible and aggregated for reporting purposes.

Location data

When you use location-based features such as job location search, we process location queries through Mapbox. We do not store precise geolocation data.

How we use information

We use the information we collect for the following purposes:

  • Providing and operating the Cavuno platform
  • AI-powered enrichment of job listings and company profiles (via OpenAI, Anthropic, and Voyage AI)
  • Powering semantic search functionality (via Qdrant vector database)
  • Sending transactional emails and job alerts (via Resend)
  • Analytics and service improvement (via Tinybird)
  • Processing payments and managing subscriptions (via Stripe)
  • Communicating service updates, changes, and support responses
  • Generating logos and brand assets using AI (via OpenAI)
  • Geocoding and location search for job listings (via Mapbox)
  • Managing custom domains and DNS configuration (via Vercel)

We process data using artificial intelligence services from OpenAI and Anthropic. When you use AI features, relevant content (such as job descriptions, company information, or design preferences) is sent to these providers for processing. AI providers may process this data on servers located outside Australia. We do not send personal account information (such as your email or password) to AI providers.

Legal basis for processing

We process personal information on the following legal bases:

  • Contractual necessity — to provide and operate the Cavuno platform, manage your account, process payments, and deliver the services you have subscribed to.
  • Legitimate interest — for analytics and service improvement, error monitoring, security measures, and fraud prevention, where these interests are not overridden by your rights.
  • Consent — for marketing cookies, advertising tracking, and optional communications. You may withdraw consent at any time.
  • Legal obligation — to retain billing records as required by Australian tax law and to comply with the Notifiable Data Breaches scheme.

Third-party services

We share data with third-party service providers to operate and improve Cavuno. Each provider processes data in accordance with their own privacy policy. For a complete list of subprocessors, the data they process, and their locations, see our Subprocessors page.

Data retention and deletion

Account data is retained for the duration of your account. Upon deletion request, account data is removed within 30 days.

Job board content (listings, company profiles, blog posts) is retained for the duration of your subscription and deleted within 30 days of subscription termination, unless you request earlier deletion.

Job alert subscriber data is retained until the subscriber unsubscribes or you delete the subscriber record.

Analytics and usage data is retained in aggregated form and is not personally identifiable after 26 months.

privacy.dataRetentionErrors

Billing records may be retained for up to 7 years as required by Australian tax law.

Vector embeddings derived from your content are deleted when the source content is deleted.

Backup data may persist for up to 30 days after deletion from primary systems.

You may request deletion of your data at any time by contacting us at hi@cavuno.com.

Data security

We implement reasonable security measures to protect your information, including:

  • Encryption of data in transit using TLS
  • Encryption of data at rest
  • Logical data isolation between tenants
  • Role-based access controls
  • Regular security reviews
  • Multi-factor authentication support for user accounts
  • Automated vulnerability monitoring
  • Secure webhook signature verification for third-party integrations

We require our third-party service providers to maintain appropriate security measures. Access to production systems is restricted to authorised personnel and governed by the principle of least privilege.

However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

International data transfers

Our service is hosted and operated using third-party providers that may process your data outside of Australia, including in the United States. Where your data is transferred internationally, we take reasonable steps to ensure that the recipients of your information maintain data protection standards consistent with Australian Privacy Principle 8.

Our primary third-party providers are based in or process data in the following jurisdictions: United States (Convex, Stripe, Vercel, OpenAI, Anthropic, Resend, Mapbox, Google, Meta, LinkedIn), Germany (Qdrant Cloud), and other regions where our providers operate infrastructure.

We take reasonable steps to ensure that overseas recipients of your personal information comply with the Australian Privacy Principles, including assessing each provider's data protection practices and contractual commitments (APP 8).

Notifiable data breaches

In accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988, we will notify you and the Office of the Australian Information Commissioner (OAIC) if we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved. Notification will be provided as soon as practicable after we become aware of the breach.

Your rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you (APP 12)
  • Request correction of inaccurate or outdated information (APP 13)
  • Request deletion of your personal information where we no longer need it for the purpose for which it was collected
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, please contact us at hi@cavuno.com. We will respond to your request within 30 days.

You may also contact the OAIC at www.oaic.gov.au (opens in new tab) or by phone at 1300 363 992.

International users

If you are located in the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR), including the right to:

  • Request erasure of your personal data (right to be forgotten)
  • Request portability of your personal data in a structured, commonly used, machine-readable format
  • Object to processing of your personal data based on legitimate interests
  • Request restriction of processing of your personal data
  • Lodge a complaint with a supervisory authority in your country of residence

To exercise any of these rights, please contact us at hi@cavuno.com. We will respond within the timeframes required by applicable law.

California residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to know — you may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to delete — you may request that we delete personal information we have collected from you, subject to certain exceptions.
  • Right to opt out of sale or sharing — we do not sell personal information. However, certain advertising cookies (such as those set by Google AdSense) may constitute "sharing" under the CCPA. You can opt out of personalised advertising via your cookie preferences.
  • Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us at hi@cavuno.com. We will verify your identity before processing your request and respond within 45 days.

Children's privacy

Cavuno is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected information from a child under 16, we will take steps to delete that information promptly.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal and regulatory reasons. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page. Your continued use of the service after any changes constitutes acceptance of the updated policy.

Contact us

If you have any questions or concerns about this privacy policy or our data practices, please contact us at:

  • Email: hi@cavuno.com
  • Entity: Wollemia Pty Ltd (ABN 35 692 226 323)
  • Location: Sydney, New South Wales, Australia