Standara is built and operated by HunterFPM Pty Ltd in Australia. We hold the data you put into Standara on your behalf, treat it as yours, and let you export or delete it at any time. This page lists every system that touches your data and what it does with it.
1. Who we are
Operator: HunterFPM Pty Ltd (Australia), trading as Standara.
Contact: info@standara.com.au
This policy covers standara.com.au and any subdomains.
2. What we collect
Account information
- Email address and a password hash (you set the password; we never see the plaintext).
- Subscription tier and status (drawn from Stripe — see processors below).
- Account role (owner, member, viewer) if you're part of a multi-user account.
Site data you create
- Site details: name, address, contact name, phone, free-text notes.
- Asset register: assets you select from the AS/NZS-mapped library plus any custom edits.
- PPM planner state: scheduled task months, completion marks.
- Reactive maintenance log entries.
- Contractor directory entries you add.
- Documents you upload (stored in a private, access-controlled bucket; only your account can read them).
Technical data
- Authentication session tokens (stored locally in your browser, scoped to
standara.com.au). - Page-load and interaction events sent to Google Analytics 4 — only after you accept analytics cookies (see Section 5). No data is sent if you decline.
We do not collect special-category data (health, biometrics, racial/ethnic origin, etc.). If you put such data into a free-text notes field, you do so at your own discretion — Standara has no awareness of the content.
3. Where your data lives
Your authentication credentials and your site data are stored in Supabase in an Australian region. Documents you upload sit in a private storage bucket access-controlled to your account.
Your site data also caches in your browser's localStorage for performance; this cache is wiped if you sign out, clear browser storage, or use private/incognito mode.
Payment processing happens entirely on Stripe's servers. We never see or store your card details — only the subscription status Stripe tells us.
4. Third-party processors
The complete list of services that touch your data, and what each does:
| Service | What it processes | Where |
|---|---|---|
| Supabase | Authentication (email + password hash), site database, document storage. The system of record for your account. | Australia (ap-southeast-2) |
| Stripe | Subscription billing, card processing, customer billing portal. We only receive your subscription status (active / trialing / past_due) — never card details. | Global |
| Netlify | Hosts the Standara web application (HTML/CSS/JS). Sees IP addresses of visitors via standard server logs. | Global edge |
| Google Analytics 4 | Anonymised page-view and feature-use analytics. Only loaded after you accept analytics cookies (see Section 5). | Google global |
| web3forms.com | Routes contact-form submissions to info@standara.com.au. Receives the name, email, and message you type into the contact form. |
Global |
| Google Fonts | Serves the DM Sans / DM Serif Display / DM Mono fonts. Sees your IP address as part of standard CDN delivery. | Google global |
| jsdelivr.net | Serves the Supabase JavaScript client library. Sees your IP address as part of standard CDN delivery. | Global edge |
5. Cookies and analytics
Standara uses a small number of cookies and equivalent technologies:
- Authentication tokens (essential, no consent required) — kept in browser
localStorageso you stay logged in across visits. - Analytics (Google Analytics 4) — only loaded if you accept the analytics consent banner. If you decline or dismiss the banner, no analytics request is made and no analytics cookie is set.
- Stripe checkout (essential when you start a subscription) — Stripe sets its own cookies during checkout; these are governed by Stripe's policy.
You can change your analytics choice at any time by clearing your browser's site data for standara.com.au; the consent banner will reappear on your next visit.
6. Your rights
You have the following rights over the data Standara holds about you:
- Access: view all your site data through the subscriber app at any time.
- Export: the Sites page has a Backup action (under the ··· menu) that downloads every site you have as a JSON file.
- Correct or update: edit your site data, contact details, and contractor directory directly in the app.
- Delete: delete individual sites in-app (with a 10-second undo, then permanent). To delete your entire account and all associated data, email info@standara.com.au; we'll confirm and process within 30 days.
- Object or restrict: decline analytics cookies, or contact us to discuss other restrictions.
- Complain: if you believe we've mishandled your data, contact us first; if unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner.
7. Data retention
We keep your data for as long as your account is active. If you cancel and don't return within 12 months, we'll send you a heads-up and then delete inactive account data. You can request immediate deletion at any time by emailing us.
Backups and operational logs may persist for up to 90 days after deletion for disaster-recovery purposes, after which they are also purged.
8. Security
Authentication tokens are encrypted in transit (TLS 1.2+). Database access is gated by row-level security so users can only read or write their own data. Documents you upload sit in private storage buckets that require authenticated, account-scoped access. Passwords are hashed with industry-standard algorithms; we never store or see your plaintext password.
That said, no system is invulnerable. If we discover a security incident affecting your data, we'll notify you within 72 hours and tell you what we know.
9. Children
Standara is a B2B tool not directed to anyone under 16. We don't knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account.
10. Changes to this policy
We update this page when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be flagged via in-app notice or email.
11. Contact
Privacy questions, correction requests, or deletion requests:
HunterFPM Pty Ltd
Australia