Privacy Policy

Spitta Chat – Privacy Policy

(Owned and operated by OCTEC Limited)

1. Introduction

1.1 Plain English, Not Legalese

 

Privacy matters to us, and we want you to clearly understand how your information is handled. We have written this Privacy Policy in clear, accessible language. Some sections may be refined over time as we continue to improve our processes.

Throughout this policy:

• “Spitta Chat” refers to the OCTEC Limited messaging application.
• “OCTEC”, “we”, “our”, or “us” refers to OCTEC Limited, the owner and operator of Spitta Chat.
• “Service” refers to the Spitta Chat application and any related OCTEC-hosted services.
• “User” refers to any person using Spitta Chat.
• “Customer” refers to organisations or entities that OCTEC may provide messaging or communication services to in a commercial capacity (if applicable).

OCTEC Limited is the Data Controller for all personal information collected through Spitta Chat. All data is processed and stored exclusively on OCTEC-owned servers located in Australia.

You may contact us at:

Email: privacy@octec.org.au
Postal Address:
OCTEC Limited
PO Box 1566

Orange NSW 2800

 

1.2 Scope of This Document

 

This Privacy Policy explains how OCTEC collects, stores, uses, and protects personal information related to:

• Users of the Spitta Chat application
• Customers who use OCTEC messaging platforms or hosted communication services

It also outlines rights and obligations under the Australian Privacy Principles (APPs).

1.3 The Customer and the User

 

You are a User if you use Spitta Chat to send and receive messages.

You are a Customer if OCTEC provides your organisation with a dedicated instance or communication service.

You may be both, but this policy explains your rights and OCTEC’s obligations in both contexts.

1.4 Changes to this Document

 

OCTEC may update this Privacy Policy from time to time. If we make material changes, we will notify Users and Customers within the Spitta Chat app or by email.

Your continued use of Spitta Chat constitutes acceptance of the updated Privacy Policy.

2. Access to Your Data

2.1 Legal Basis for Processing Your Data

2.1.1 Legal Basis

OCTEC processes personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

We collect and process your data on the following grounds:

• Legitimate business interests – ensuring the secure operation of the Spitta Chat service
• Security and fraud prevention
• Providing and improving the Spitta Chat platform
• With your consent, where applicable

2.1.2 Data Ownership

All information sent, stored, or processed in Spitta Chat is owned by OCTEC Limited and stored exclusively on OCTEC servers located within Australia.

Encrypted messages remain accessible only to authorised users and administrators with legitimate operational needs.

2.1.3 Your Rights Under Australian Law

Under the Australian Privacy Principles (APPs), you have the right to:

• Access your personal information
• Request corrections
• Request deletion where lawful and appropriate
• Withdraw consent (where applicable)
• Make complaints regarding misuse of personal information

To exercise your rights, email privacy@octec.org.au.

2.2 What Information We Collect and Why

We collect information to operate Spitta Chat securely, maintain the platform, improve functionality, and support users.

2.2.1 Information You Provide Directly

Spitta Chat Profile Information

When creating or managing your Spitta Chat account, we may collect:

• Full name
• Email address
• Phone number (optional unless required for 2FA)
• Profile picture
• Contacts (only if you grant permission)
• Authentication identifier
• 2-Factor Authentication details (if enabled)

This information is used to identify your account, secure your login, and provide communication features.

2.2.2 Information We Collect Automatically

Connection Information

We collect your IP address when you connect to the Spitta Chat app. This is used for:

• Security
• Abuse monitoring
• Ensuring reliable service operation

Connection logs are kept for up to 180 days unless required longer for security or legal reasons.

Usage Information

We may collect anonymous usage statistics to improve Spitta Chat’s features and performance. This is optional and opt-in only.

If you report errors, limited diagnostic information (such as device type, IP, or error logs) may be temporarily collected.

Location Information

Location information is only collected if you explicitly use a location-sharing feature within Spitta Chat.

Location data is always:

• Encrypted in encrypted chats
• Shared only within the chat where you choose to send it
• Never stored or used outside that purpose

2.3 Sharing Data in Compliance with Australian Law

OCTEC may disclose your information only when required by law or necessary to:

• Comply with a valid Australian legal request (e.g., court order)
• Prevent or investigate security threats or unlawful activity
• Protect OCTEC, its Users, or the public
• Respond to emergencies involving risk of serious harm

OCTEC does not sell or broker personal data.

2.4 How We Handle Passwords

Passwords:

• Are never stored in plain text
• Are stored using secure hashing (bcrypt or equivalent)
• Are encrypted in transit using SSL/TLS

You are responsible for keeping your login credentials secure. Notify OCTEC immediately at security@octec.org.au if you suspect unauthorised access.

2.5 Children’s Privacy

Spitta Chat is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16.

If you believe information has been collected from a minor, please contact us immediately.

2.6 Accessing or Correcting Your Information

You may request access to, or correction of, your personal information by emailing:

privacy@octec.org.au

OCTEC will respond within a reasonable timeframe as required under the APPs.

2.7 Internal Access to Your Data

Only authorised OCTEC employees or contractors with a legitimate operational need may access unencrypted data. Access is logged and tightly restricted.

OCTEC does not share this data with other users or unauthorised third parties.

2.8 Where Your Data Is Stored

All Spitta Chat data is hosted only on OCTEC-owned servers located in Australia.

No data is stored or transmitted through third-party cloud services unless explicitly disclosed and compliant with Australian privacy regulations.

2.9 Protecting Your Data from Other Users

User data is segmented and restricted through industry-standard security controls. OCTEC uses best-practice software isolation and access control mechanisms.

While OCTEC implements strong safeguards, no system is entirely immune to sophisticated attacks. We continuously invest in improving system security.

2.10 Reporting a Security Issue

If you identify a potential vulnerability or security risk, contact:

security@octec.org.au

OCTEC welcomes responsible disclosure and will work promptly to resolve verified issues.

 

3. Making a Complaint

OCTEC takes privacy concerns seriously. If you believe your personal information has been mishandled, please contact us at:

privacy@octec.org.au

If you are not satisfied with OCTEC’s response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)
https://www.oaic.gov.au/privacy/privacy-complaints