compass

Privacy Policy

Last updated: 25 January 2025

TL;DR: We collect only what we need to run Compass. Your data stays yours. We don't sell it. We use industry-standard security. You can export or delete your data anytime.

1. Who We Are

Compass is operated by Ven Agency Pty Ltd, an Australian company based in Melbourne. We're the data controller for your personal information.

This policy applies to the Compass web application at compass.ven.agency and any related services.

2. Information We Collect

Account Information

When you sign up, we collect:

  • Email address
  • Name (optional)
  • Password (hashed—we never see or store it in plain text)
  • Company name (optional)

If you sign in with Google, we receive your name, email, and profile picture from Google. That's it.

Integration Data

When you connect third-party apps to Compass, we store:

  • OAuth tokens (encrypted) to maintain connections
  • Sync configuration you set up
  • Cached data from connected platforms as needed to perform syncs

Important: We only access and sync the data you explicitly configure. We don't go poking around in your connected accounts.

Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Feature usage and sync activity
  • Error reports and performance data

Payment Information

We don't store your credit card details. All payment processing goes through Stripe. We only receive confirmation of successful payments and a tokenized card reference for recurring billing.

3. How We Use Your Information

We use your data to:

  • Provide Compass — Run syncs, manage your integrations, keep everything working
  • Process payments — Bill you for your subscription
  • Communicate — Send important updates, security alerts, and (occasionally) product news
  • Improve the product — Understand usage patterns, fix bugs, build better features
  • Provide support — Help you when things go wrong
  • Stay legal — Comply with tax, fraud prevention, and other legal requirements

We have a legitimate interest in processing your data to provide and improve our service. For marketing emails, we rely on your consent (you can opt out anytime).

4. Third Parties We Share Data With

We never sell your data. We share it only with trusted services that help us run Compass:

Supabase (Database & Auth)

Hosts our database and handles authentication. Your data is stored on Supabase infrastructure.

Location: AWS ap-southeast-2 (Sydney)

Stripe (Payments)

Processes all payments. Receives your email and billing information.

Stripe is PCI-DSS Level 1 certified.

Xero, ClickUp, Google, Meta & Other Integrations

When you connect these services, we exchange data as necessary to perform the syncs you configure.

Vercel (Hosting)

Hosts the Compass web application. May process request logs.

We may also share data with law enforcement if legally required, or in connection with a company acquisition (you'd be notified).

5. Data Security

We take security seriously:

  • All data is encrypted in transit (TLS) and at rest
  • OAuth tokens and credentials are encrypted with AES-256
  • We use row-level security in our database
  • Access to production data is restricted and logged
  • We regularly review our security practices

That said, no system is 100% secure. If we discover a breach affecting your data, we'll notify you promptly.

6. Your Rights (GDPR & Australian Privacy Act)

You have the right to:

  • Access — Get a copy of all data we hold about you
  • Correct — Fix inaccurate information
  • Delete — Request deletion of your data ("right to be forgotten")
  • Export — Download your data in a portable format
  • Object — Opt out of marketing or certain processing
  • Restrict — Limit how we process your data in certain circumstances
  • Withdraw consent — For any processing based on consent

To exercise these rights, email us at privacy@compass.ven.agency. We'll respond within 30 days (or faster, usually).

For EU residents: You can also lodge a complaint with your local data protection authority.

For Australian residents: You can complain to the Office of the Australian Information Commissioner (OAIC).

7. Data Retention

We keep your data while your account is active. After you delete your account:

  • Personal data is deleted within 30 days
  • Sync data and cached records are deleted immediately
  • Backups are purged within 90 days
  • Some data may be retained longer for legal/tax requirements

8. Cookies

We use minimal cookies:

  • Essential cookies — Keep you logged in, remember preferences. Required.
  • Analytics (optional) — Help us understand how Compass is used. You can opt out.

We don't use advertising cookies or track you across other websites.

9. International Data Transfers

Our primary infrastructure is in Australia (Sydney region), but some data may be processed in other countries through our service providers (e.g., Stripe's global infrastructure).

For transfers outside Australia/EU, we ensure appropriate safeguards are in place (like Standard Contractual Clauses for EU data).

10. Children's Privacy

Compass is a business tool and not intended for anyone under 18. We don't knowingly collect data from children.

11. Changes to This Policy

We may update this policy occasionally. For significant changes, we'll email you. Minor updates (like clarifications) may just update this page.

12. Contact Us

Questions about your privacy? Reach out:

Compass (by Ven Agency Pty Ltd)

Privacy inquiries: privacy@compass.ven.agency

General: hello@compass.ven.agency

Melbourne, Victoria, Australia