Privacy Policy
Last updated: 17 March 2026
COSAM Pty Ltd (ABN pending), trading as TradieLead, operates the TradieLead service. This policy explains how we collect, use, store, and protect your personal information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
In this policy, "we", "us", and "our" refers to COSAM Pty Ltd trading as TradieLead. "You" refers to users of our service, including tradies (subscribers) and their customers (callers).
1. Information We Collect
From tradies (subscribers):
- Full name and display name
- Business name and trade type
- Phone number and email address
- Service area / location
- Payment details (processed securely by Stripe — we do not store card numbers)
- Custom SMS greetings and work hour preferences
From callers (your customers):
- Phone number (received automatically via the phone call)
- SMS message content (when they reply to the auto-text)
- Call metadata (time, duration, status)
Automatically collected:
- IP addresses (for rate limiting and security)
- Browser/device information when visiting our website
- Service usage data (lead counts, SMS delivery status)
2. How We Use Your Information
- To provide the TradieLead service — routing missed calls, sending auto-reply SMS messages, and classifying leads
- To process payments and manage subscriptions
- To personalise voicemail greetings and SMS messages
- To send you account notifications (setup links, usage alerts, billing)
- To improve and maintain the service
- To comply with legal obligations
3. Third-Party Service Providers
We share data with the following providers, each with their own privacy policies, solely to deliver the service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Twilio | SMS messaging & phone calls | Phone numbers, SMS content, call metadata |
| Stripe | Payment processing | Name, email, payment details |
| OpenAI | AI lead classification | SMS reply content (anonymised — no phone numbers sent) |
| Railway | Application hosting | All service data (encrypted at rest and in transit) |
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
4. Data Storage and Security
- Data is stored in a PostgreSQL database hosted on Railway's Australian-region infrastructure
- All data is encrypted in transit (TLS/HTTPS) and at rest
- Admin access is protected by bcrypt-hashed passwords
- Twilio webhook requests are validated using cryptographic signatures
- Stripe webhook events are verified with signature validation and replay attack protection
- We implement rate limiting to prevent abuse of public-facing endpoints
5. Data Retention
- Active accounts: Data is retained for the duration of your subscription plus 90 days
- Cancelled accounts: Lead data and SMS logs are retained for 90 days after cancellation, then permanently deleted
- Caller data: Phone numbers and SMS content from callers are retained for as long as the tradie's account is active
- You may request early deletion at any time by contacting us
6. Your Rights Under the Privacy Act
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Correct any inaccurate or incomplete information
- Request deletion of your personal information
- Withdraw consent for data processing (which may require cancelling the service)
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs
To exercise any of these rights, email us at sam@tradielead.com.
7. Cookies
Our marketing website (tradielead.com) uses the Meta (Facebook) Pixel to measure the effectiveness of our advertising and understand how visitors interact with our site. This pixel may place cookies on your browser and collect anonymous data such as pages visited and actions taken. This data is used solely for advertising measurement and optimisation — we do not use it to personally identify you. You can opt out of Meta tracking via your Facebook Ad Settings.
The TradieLead application uses session cookies solely to maintain your login state — these are essential for the service to function and cannot be disabled.
8. Caller Consent
When a caller dials a tradie's TradieLead number, they hear an automated message and must press 1 or stay on the line to opt in to receiving an SMS. This serves as active consent for us to send them a text message on behalf of the tradie. Callers can reply STOP to any SMS to opt out of further messages.
9. Children's Privacy
TradieLead is a business service designed for trade professionals. We do not knowingly collect information from anyone under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to active subscribers. The "last updated" date at the top of this page indicates when it was most recently revised.
11. Contact Us
If you have any questions about this privacy policy or how we handle your data:
- Email: sam@tradielead.com
- Business: COSAM Pty Ltd trading as TradieLead
- Location: Melbourne, Australia
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.