ChangeBreeze

1. Introduction

ChangeBreeze ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, organisation name
• Profile Information: Job title, phone number
• Payment Information: Billing details (processed securely through Stripe)
• Customer Data: Change requests, approvals, templates, and related content
• Assessment Data: Responses and scores from our MSP Change Management Maturity Assessment, along with your name, email, and company name
• Communications: Messages, support tickets, and feedback

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Pages viewed, features used, time spent
• Device Information: Browser type, operating system, IP address
• Log Data: Access times, error logs, performance data
• Cookies: Session cookies and preferences used to maintain your login state and remember your settings

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Deliver assessment reports and occasional MSP-related insights to assessment participants
• Respond to your comments and questions
• Monitor and analyse usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers

We may share your information with trusted service providers who assist us in operating our Service:

• Stripe: Payment processing
• Cloud Hosting: Data storage and infrastructure
• Email Services: Transactional emails and notifications
• HubSpot: CRM and lead management for assessment participants
• Analytics: Privacy-focused usage analysis (Simple Analytics)

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organisational measures to protect your information:

• Encryption in transit (TLS 1.2+) and at rest
• Regular security assessments and updates
• Access controls and authentication (including MFA)
• Multi-tenant data isolation
• Regular backups and disaster recovery procedures

For more details, see our Security & Trust page.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account termination, we retain data for 30 days before deletion, except where longer retention is required by law or for legitimate business purposes.

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your account information through your profile settings.

7.2 Data Portability

You can export your data in standard formats through the Service.

7.3 Deletion

You can request deletion of your account and data by contacting [email protected].

7.4 Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email. Assessment report delivery and transactional emails are not affected by this preference.

7.5 Cookies

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

10. Australian Privacy Act

ChangeBreeze complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). Australian users have the right to:

• Access and correct their personal information
• Make a complaint about a breach of the APPs
• Request deletion of personal information no longer needed

To make a privacy complaint, contact us at [email protected]. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

11. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

Our legal basis for processing your data is contractual necessity (to provide the Service), legitimate interest (to improve and secure the Service), and consent (for marketing communications and assessment participation).

12. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect
• Right to know if we sell or disclose your information
• Right to opt-out of sale (we do not sell your data)
• Right to deletion
• Right to non-discrimination

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. Continued use after changes constitutes acceptance.