OnDemandHire

Privacy Policy

Last updated: 21/05/2026

This Privacy Policy explains how On Demand Hire collects, holds, uses, and discloses personal information through the On Demand Hire website, web app, mobile application, and related services.

On Demand Hire is built for Australian construction hiring. We handle personal information in line with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and other Australian privacy and communications laws where they apply.

1. Who this policy covers

This policy applies to Worker Users, Business Users, business account owners and admins, applicants, accepted workers, invited business members, and anyone who contacts us about the Platform.

The Platform connects businesses and workers. On Demand Hire is not an employer, recruitment agency, labour hire provider, payroll provider, or party to any direct engagement between users.

2. Personal information we collect

  • Account information, such as name, email address, active role, login provider, account identifiers, authentication status, email confirmation status, and provider-owned Apple or Google identity details. Passwords are handled through our authentication provider.
  • Worker profile information, such as phone number, date of birth, profile photo, location, skills, certifications, primary languages, preferred working days, work experience, work status, ratings, reviews, saved jobs, job applications, accepted jobs, credential evidence images and metadata you choose to upload, and worker-approved credential evidence share request records.
  • Business information, such as business name, ABN, business account membership, owner/admin role, business invitations, admin seats, paused admin status, contact title, operating location, business phone, website, profile image, job listings, saved workers, applications, accepted jobs, ratings, and reviews.
  • Marketplace activity, such as job posts, drafts, direct job-share events and monthly usage, saved worker and saved job records, applications, application outcomes, chat messages, read receipts, hidden chat state, notification deliveries, support requests, account deletion requests, and safety or moderation records.
  • Subscription information needed to manage Business User plans, such as owner-tier state, product identifiers, entitlement status, billing platform, renewal/cancellation status made available by RevenueCat and supported app-store payment systems, and subscription sync events.
  • Web and authentication information, such as web signup/onboarding state, a short-lived OAuth signup intent cookie, web email confirmation, password reset flow state, and Firebase password bridge migration markers where a controlled migration bridge is enabled for marked accounts.
  • Device and technical information, such as device push tokens, platform type, app or web version, browser/session information needed to keep you signed in, basic diagnostic data, and notification preferences.
  • Location information you provide or select, such as suburb, postcode, state, country, and related coordinates used for matching, distance display, job alerts, and profile discovery. The current Platform does not continuously track your live GPS location.
  • Sensitive information only where you choose to provide it, such as information contained in support messages. Do not upload driver licences, passports, Medicare cards, TFN documents, bank details, payslips, police checks, Working with Children Check documents, medical records, third-party information, or unrelated identity documents as credential evidence.

3. How we collect personal information

  • Directly from you when you create an account, complete onboarding, complete or update a profile, post a job, apply for a job, upload images or documents, send messages, change preferences, request support, or delete your account.
  • From Apple or Google if you choose social sign-in, such as verified email and identity details those providers make available to the Platform.
  • From app-store and subscription providers, including RevenueCat, Apple, and Google, when a business owner opens or manages a plan and those providers make entitlement or purchase status available to the Platform.
  • From other users when they post jobs, review applicants, share listings directly with workers, accept or reject applications, send messages, complete jobs, leave reviews, invite business members, or interact with your profile through normal Platform features.
  • Automatically from the app, web app, and backend when needed to authenticate users, maintain sessions, complete web email confirmation, carry OAuth signup intent, deliver notifications, protect security, operate chat, and keep audit records.

4. Why we use personal information

  • Create, authenticate, manage, and secure user accounts across the mobile app, web app, and related services.
  • Set up worker profiles, business profiles, business memberships, business invitations, business admin seats, and business ABN checks.
  • Show relevant job listings, worker profiles, applicant details, business profiles, ratings, reviews, public business summaries, and accepted-job information to the users who need that information to use the Platform.
  • Process job posts, saved jobs, saved workers, direct job-share credits, applications, acceptances, rejections, completed-job status, chat access, and reviews.
  • Store worker credential evidence for the worker, record credential metadata and consent details, show Business Users credential summaries, and allow application-specific evidence access only when a Worker User approves a Business User request.
  • Send service messages, in-app notifications, notification-bell updates, and push notifications about account activity, applications, accepted jobs, chat messages, profile views, direct job shares, nearby job matches, completion reminders, and review prompts.
  • Manage Business User subscriptions, entitlement state, owner-only plan controls, plan limits, active job-listing limits, saved-worker limits, direct-share monthly limits, and business member seat limits.
  • Support controlled migration and account-continuity flows, including Firebase password bridge checks for marked migrated users where that bridge is enabled.
  • Support users, respond to complaints, investigate misuse, moderate unsafe or unlawful content, enforce our Terms, and protect users and the Platform.
  • Maintain, test, improve, and troubleshoot the Platform, including security, audit, backup, analytics, de-identified reporting, and product-quality checks.
  • Comply with legal obligations, regulatory requests, court orders, law enforcement requests, dispute resolution, and business record requirements.

5. Visibility to other users

The Platform works by showing some user information to other users. Worker profile and hiring-safe details may be shown to active Business Users so they can discover workers, save workers, share open listings directly with visible workers, and review applicants. Business profile, public business summary, rating, review, and job information may be shown to Worker Users so they can decide whether to apply for or accept work.

Worker credential evidence files are not public. Raw files and storage paths are visible to the worker who uploaded them. Business Users see credential summaries on profiles and applicant screens, and may receive short-lived signed access to a specific evidence file only after the Worker User approves that request for a specific application.

Chat messages, read receipts, and accepted-job information are visible to the participants in the relevant job thread and may be used by On Demand Hire for support, safety, legal, and moderation purposes. Public review surfaces are limited to rating and review information intended to be shown in the marketplace.

Profile-view notifications are anonymous to workers. Direct job-share notifications and in-app update rows identify the relevant listing and business context needed for the worker to view the shared job.

6. Who we disclose personal information to

  • Supabase and related hosting, database, authentication, storage, Edge Function, Realtime, and security services.
  • Expo and mobile platform services needed to register device tokens and deliver push notifications.
  • RevenueCat and supported app-store payment systems, including Apple and Google, when needed to manage Business User subscriptions and entitlement state.
  • Apple and Google when you use their sign-in services, app-store services, or device platform services.
  • Firebase only where a controlled migration bridge is enabled for marked migrated users and the bridge needs to verify an existing Firebase password server-side before setting the corresponding Supabase password.
  • Professional advisers, insurers, auditors, dispute-resolution providers, regulators, courts, law enforcement bodies, or government agencies where reasonably necessary or legally required.
  • Service providers who help us operate, secure, support, test, or improve the Platform, under appropriate confidentiality and security expectations.

7. Overseas disclosures

Some service providers may store or process personal information outside Australia. Where practicable, this may include the United States and other countries where our authentication, cloud infrastructure, storage, notification, app-store, analytics, support, or mobile platform providers operate.

When we disclose personal information overseas, we take reasonable steps required by the Australian Privacy Principles to protect that information, unless an exception applies.

8. Matching and automated decisions

We use profile, job, application, notification, and location information to help match workers with relevant jobs, surface worker profiles to businesses, rank and filter search results, and send job alerts or reminders. These features support marketplace discovery and workflow.

The current Platform does not use automated systems to make final hiring, employment, pay, safety, insurance, or legal-status decisions about users. Business Users and Worker Users remain responsible for direct engagement decisions and off-platform work arrangements.

9. Communications and marketing

We may send service communications about your account, security, applications, jobs, chats, notifications, reviews, support, subscriptions, business invitations, direct job shares, and changes to the Platform. These are part of operating the Platform.

If we send marketing or promotional electronic messages, we will do so with consent or where otherwise permitted by Australian law, identify the sender, and provide a functional unsubscribe method where required by the Spam Act 2003 (Cth). You can also manage notification preferences in the app where available.

10. Security

We take reasonable steps, including technical and organisational measures, to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. This includes role-based access controls, Supabase row-level security, private storage for worker credential evidence, signed preview URLs where used, expiring worker-approved share access, revocation controls, account authentication controls, internal procedures, and incident-response practices.

No mobile app, web app, network, or storage system can be guaranteed to be completely secure. Users should keep login credentials secure and only upload information they are comfortable using for the Platform purpose.

11. Retention and account deletion

We keep personal information while it is needed for the purposes described in this policy, including account operation, marketplace records, legal compliance, dispute handling, security, backup, audit, subscription records, and legitimate business needs.

Worker-deleted credential evidence files are removed from storage and metadata promptly. Account deletion removes worker credential evidence files under that worker storage folder before the account is deleted. If prohibited documents are identified, they may be deleted promptly.

Active credential evidence is marked for review at least annually. Automated retention cleanup is deferred until upload volume justifies it, but On Demand Hire maintains a manual monthly retention checklist before launch.

When personal information is no longer needed, we take reasonable steps to delete or de-identify it, unless we are required or permitted to retain it. Account deletion requests can be made in the app, but some records may be retained where needed for legal, security, dispute, audit, backup, subscription, migration, or marketplace-integrity reasons.

12. Access and correction

You can update many profile details in the app or web app where those controls are available. You may request access to personal information we hold about you, or ask us to correct it, by contacting info@ondemandhire.com.au.

We may need to verify your identity before actioning a request. If we refuse access or correction where Australian privacy law allows, we will explain why and tell you how to complain.

13. Data breaches

If we suspect a data breach, we will contain it, assess it expeditiously and generally within 30 days where practicable, and take reasonable steps to reduce the risk of harm. Where the Notifiable Data Breaches scheme requires it, we will notify affected individuals and the Office of the Australian Information Commissioner as soon as practicable after deciding an eligible data breach has occurred.

14. Complaints and contact

For privacy questions, access or correction requests, or privacy complaints, contact info@ondemandhire.com.au. Please include enough detail for us to understand and investigate the issue.

We aim to respond to privacy complaints within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.

15. Changes to this policy

We may update this Privacy Policy as the Platform changes or legal requirements develop. The latest version will be available through the app or website. Continued use of the Platform after an update means the updated policy applies from its stated effective date.