Privacy Policy

1. Introduction

This Privacy Policy explains how Desk4 ABN 85 173 073 187 ("we", "us", "our") collects, uses, stores, and discloses your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Contact Details: Email: hi@midlware.tech

2. Information We Collect

We collect the following types of personal information:

• Account Information: Email address, recruiter names, passwords (securely hashed), agency preferences, and dashboard configurations.
• Usage Data: IP addresses, browser types, device profiles, access timestamps, visited pages, and interaction patterns with our candidate management tools.
• Candidate Data & Resumes: Names, emails, phone numbers, recruiter assessment notes, job pipeline statuses, and physical attachment files (such as CVs, portfolios, and cover letters in PDF, Word, or text format) uploaded by recruiters.
• Payment & Billing Information: Payments are processed directly through Stripe. Stripe collects and stores card details, billing addresses, and payment histories. We receive only transaction statuses and the last 4 digits of the payment method, and do not store raw card numbers.

3. How We Collect Information

We collect personal information when you:

• Register for an agency account.
• Upload candidates, resumes, and document attachments.
• Log recruiter general notes or change application stages.
• Subscribe to paid plans or check out.
• Contact customer support.
• Interact with the Desk4 website (via cookies and tracking tags).

4. How We Use Your Information

We use your personal information to:

• Provide, operate, and maintain the Desk4 candidate tracking workspace.
• Manage user accounts, team invites, and logins.
• Securely store candidate files and resumes.
• Process payments and manage subscriptions through Stripe.
• Improve recruitment workflows, website loading performance, and UI usability.
• Send service-related emails, security alerts, and system status updates.
• Respond to support tickets and feature requests.
• Detect, prevent, and address security incidents or system abuse.
• Comply with necessary legal and tax obligations.

We will not use or disclose personal information for purposes other than those described without your consent, unless authorized or required by law.

5. How We Store and Secure Your Information

Security Measures: We implement standard security protocols to safeguard data:

• Encryption of data in transit (SSL/TLS) and at rest.
• Secure authentication structures and cryptographically hashed passwords.
• Access controls limiting employee visibility of agency database entries.
• Cloud database instances with automated backup architectures.

Data Retention: We store workspace entries and candidate records as long as your agency account remains active. Upon your request to delete a candidate profile (GDPR compliance) or close your agency account, we safely remove these records. Financial records related to transactions are kept for 7 years for compliance and audit logs before permanent removal.

6. Disclosure to Third Parties

We share personal information only in the following contexts:

• Payment Processing: Stripe processes payment transactions. Stripe is PCI-DSS compliant and governs this data under its own privacy policy at stripe.com/privacy.
• Service Providers: Standard cloud providers, host nodes, secure database storage platforms, email send providers (for transactional alerts), and speed optimization networks. All providers are contractually bound to maintain confidentiality.
• Legal Frameworks: When required by legislation, court orders, or law enforcement to protect legal boundaries and platform integrity.

We do not sell, rent, or lease candidate or recruiter information to third parties for marketing purposes.

7. Overseas Disclosure

Your workspace data and candidate attachments may be stored or backed up on cloud infrastructure located overseas, including:

• United States (hosting, payment gateways via Stripe, and transactional mail routers).

These jurisdictions may have differing privacy laws. We review security credentials and implement APPs compliant guidelines with our sub-processors.

8. Candidate Content and Intellectual Property

Your Data: Agencies retain full ownership of candidate CVs, details, and recruiter assessments uploaded to their workspace.

Database Access: We only process workspace data to provide candidate tracking functionality to your agency. We do not inspect or distribute candidate databases.

9. Accessing and Correcting Your Information

Under the Privacy Act, you have the right to:

• Access the recruiter and candidate information we hold.
• Correct inaccurate details.
• Delete specific candidate files or complete accounts.
• Request data exports of candidate list files.

To exercise these rights, please email us at hi@midlware.tech. We respond to verified requests within 30 days.

10. Cookies and Tracking

We use cookies and active local storage to maintain session states, remember preferences, and improve page render load times. You can disable cookies in your browser settings, though some functional sections of the recruitment dashboard may not load as expected.

11. Data Breach Notification

In the event of a database breach likely to cause serious harm, we will notify affected agencies, recruiters, and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.

12. Complaints and Disputes

If you have any questions or complaints about how we handle information, please contact us first at hi@midlware.tech. We will investigate and respond within 30 days. If you are unsatisfied, you can lodge a formal complaint with the OAIC:

• Website: oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au