Privacy Policy

ImmiGrant — Privacy Policy Last updated: November 2025

Who We Are (Controller)

Controller: Ayden Mich (trading as Kindled Studio), Sydney, Australia. Contact: support@kindled.app Policy URL: https://kindled.app/docs/immigrant/privacy-policy

This Privacy Policy explains what data we collect, why we collect it, how we use it, and when it may be shared when you use the ImmiGrant mobile app (“App”).

Not legal advice – this document is for informational purposes only.

1. Information We Collect

How We Collect Your Information

We collect personal information directly from you (for example, when you add a visa application or update its status) and automatically from your device via app SDKs (for example, crash/diagnostic reports and analytics configured to reduce direct identifiers). We store this information in secure cloud services and apply access controls and logging.

Category	Examples	Purpose
Visa-related details you enter	Visa subclass, lodged date, status updates, country of passport	Power your personal visa watchlist
Account & device data	Name, email, authentication identifiers, device tokens for push notifications	Account management and secure login
Usage & diagnostics	Feature interactions, performance metrics, crash reports	Improve reliability, diagnose errors, prioritise features

We do not collect sensitive biometric data, financial card numbers, or government-issued ID numbers. Some optional fields (e.g., country of passport) may be sensitive; provide them only if you choose.

2. How We Use Your Information

Provide core services: display your visa watchlist and allow you to track your applications.
Improve the App: analyse usage and diagnostics to keep the App reliable and relevant.
Legal obligations: comply with applicable laws or lawful requests.
We do not sell your personal data or use it for third-party advertising.

2.1 Push Notifications

With your permission, we send device push notifications. You can disable notifications in your device settings.

2.2 Emails

We may send you emails related to your account and updates to the app. Every message includes sender identification and an unsubscribe method.

We do not sell your personal information. We may share it:

As required by law or to protect rights, safety, or integrity of the service.

Third-Party Processors (examples)

Error/crash monitoring (e.g., Sentry): we filter personal fields before sending crash reports where feasible.
Analytics/performance (e.g., PostHog): configured to reduce collection of direct identifiers; used for product analytics.

Processors are contractually bound to handle data in accordance with this Policy and applicable law. Some processors may store data outside Australia; see International Transfers.

We may cache limited fields from public sources (e.g., figures, titles, last-updated dates) to improve reliability and reduce load on those sources.

4. Data Security

We employ reasonable safeguards, including:

TLS encryption in transit;
role-based access controls and audit logs;
cloud infrastructure with routine backups.

Access to production data is limited to staff who need it. No internet transmission or storage system is 100% secure, but we take reasonable measures to protect your data from unauthorised access or disclosure.

4.1 Notifiable Data Breaches

If an eligible data breach occurs, we will assess and notify affected individuals and the OAIC in accordance with Australian law.

5. Retention & Deletion

When you delete your account, we remove personal identifiers from active systems and from backups within a reasonable period (subject to technical and legal limits).

Typical retention:

Account data: while your account is active (and for a reasonable period after for operational/legal needs).
Crash/diagnostic logs: typically ≤ 12 months.

6. Your Rights

Subject to local law, you can:

Access or correct your stored data;
Export your application data in a portable format;
Delete your account & associated personal data;
Manage marketing emails and notification preferences.

We respond to verified requests within reasonable timeframes required by law. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).

7. Children

The App is not directed to anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us information, please contact us for removal.

8. International Transfers

Where data is transferred outside Australia, we take steps consistent with applicable law for cross-border disclosures (e.g., contractual safeguards). Our service providers may process data in Australia, the United States, the European Union/EEA, and other locations where they operate. Where Australian Privacy Principle 8 applies, we take reasonable steps to ensure overseas recipients do not breach the APPs in relation to your information.

9. Changes to This Policy

Material changes will be highlighted via an in-app notice and/or email, and by updating the “Last updated” date above. Continued use of the App after changes constitutes acceptance of the revised Policy.

10. Contact & Complaints

Email: support@kindled.app In-app: support feature Website: kindled.app

Questions or complaints. We will acknowledge your complaint within 7 days and aim to respond within 30 days.

Who We Are (Controller)​

1. Information We Collect​

How We Collect Your Information​

2. How We Use Your Information​

2.1 Push Notifications​

2.2 Emails​

3. Sharing & Disclosure​

4. Data Security​

4.1 Notifiable Data Breaches​

5. Retention & Deletion​

6. Your Rights​

7. Children​

8. International Transfers​

9. Changes to This Policy​

10. Contact & Complaints​