Privacy Policy
Last updated: 21 January 2026
This is the public baseline privacy notice for Core HR. Customer-specific commitments may also be set in a signed agreement, order form, or data processing addendum.
This Privacy Policy explains how CoreMethods ("CoreMethods", "we", "our") collects, uses, discloses, and safeguards information when you use Core HR, including our mobile app, website, and API (the "Services").
1) Scope
This policy applies to users of the Core HR app, administrators, and event providers. It does not apply to third‑party services linked from Core HR.
2) Information we collect
- Account data: name, work email, role, tenant/organisation identifiers.
- Workforce data: employee records, job roles, training/certification status.
- Event data: training events, attendance, booking metadata.
- Usage data: device info, logs, IP address, diagnostics, and analytics.
- Payment data: billing metadata from Stripe (we do not store full card details).
3) How we use information
- Provide and improve the Services and support requests.
- Authenticate users and enforce tenant isolation and access controls.
- Process payments and manage subscriptions.
- Send operational notifications and service updates.
- Maintain security, fraud prevention, and auditing.
4) Legal basis (where applicable)
We process personal data to perform our contract, comply with legal obligations, and for legitimate interests (e.g., security and service improvements).
5) Cookies, analytics, and diagnostics
Our websites and applications may use cookies, local storage, analytics tools, and technical diagnostics to keep sessions active, understand service usage, and improve reliability. You can usually control cookies through your browser settings, although some core functionality may be affected.
6) Data storage and location
Primary application data is stored in our configured data stores (including Airtable CRM and related services) and in regional cloud infrastructure used to operate the Services. Payment metadata is stored by Stripe.
If you require data residency guarantees, contact us and we will provide a statement for your tenancy.
7) Sharing and disclosure
- Service providers (subprocessors) that help us run the Services.
- Payment processors (Stripe) for billing and checkout.
- Legal or regulatory requests where required.
- Corporate transactions, financing, or due diligence activity where disclosure is reasonably required and subject to confidentiality protections.
8) International transfers
Where personal data is processed outside the country in which it was collected, we will rely on appropriate safeguards required by applicable law, including contractual protections where necessary.
9) Subprocessors
We maintain a subprocessor list. See the Subprocessors page for details.
10) Security
We use reasonable technical and organisational measures, including access controls, encryption in transit, and audit logging. See the Security page for a summary.
11) Service delivery model
Core HR is generally provided as a hosted service. This Privacy Policy explains how we handle personal data in that service model; it does not grant any right to access, copy, or receive the underlying source code, software components, or deployment infrastructure except where a signed agreement expressly says otherwise.
12) Data retention
We retain data for as long as the Services are active or as required by law. You may request deletion in accordance with applicable laws and your contract.
13) Your rights
Depending on your jurisdiction, you may request access, correction, deletion, or export. Submit requests to the contact below.
14) Children
The Services are intended for business and workforce operations use and are not directed to children.
15) Changes to this policy
We may update this Privacy Policy from time to time. The latest version will be posted on this page with the updated effective date.
16) Contact
Email: privacy@coremethods.com.au
Company: CoreMethods, Australia.