Legal

ServiceM8 Add-Ons Privacy Policy

Last updated: 9 May 2026

1. Introduction

Welcome to Overgeek. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you use our ServiceM8 add-ons (the "Add-Ons"), including any associated website, application, or related services (collectively, the "Services").

We are committed to protecting your privacy and safeguarding your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Who We Are

Overgeek

3. What Personal Information We Collect

We may collect the following types of personal information:

a. Information you provide directly:

  • Name
  • Email address
  • Business name and contact details
  • Account or login details

Provided when you create an account, contact us, or use the Service.

b. Automatically collected information:

  • Anonymous usage data related to how you interact with the Add-Ons (e.g. feature usage metrics)

This data may be used to improve the Services. We do not collect personal information that you don't expressly choose to provide.

4. How We Collect Personal Information

We collect personal information:

  • When you create or update your account
  • When you contact support or engage with us directly
  • When you interact with our Add-Ons or Services
  • Through automated technical collection (e.g. analytics)

We do not collect ServiceM8 usernames, passwords, or other sensitive account credentials.

5. How We Use Your Personal Information

We may use your information for:

  • Providing and maintaining the Services
  • Responding to support requests
  • Improving our Add-Ons or developing new features
  • Communicating changes to policies and terms
  • Compliance with legal obligations

We will not use your personal information for unrelated purposes without your consent.

6. Storage, Security & Retention

All personal information and account data is stored in Australia. We do not transfer your data to servers or infrastructure outside of Australia.

We take reasonable steps to protect your personal information from unauthorised access, disclosure, and misuse, including:

  • Secure storage with encryption at rest and in transit
  • Limiting access to authorised personnel only
  • Using industry-standard security practices
  • Regular review of our data handling processes

We retain personal information only for as long as necessary to fulfil the purposes outlined here or to comply with applicable laws. When you close or delete your account, all associated personal information and account data is automatically deleted within 30 days of account deletion.

ServiceM8 Data Retention (OG Portal)

To provide our OG Portal client portal Add-On, we retain a local copy of your ServiceM8 data (including job details, site information, assets and related records). This is required to service your clients effectively while operating within ServiceM8 API limitations.

This data is stored in Australia in accordance with industry best practices, including encryption at rest and restricted access controls. If you disable or uninstall the OG Portal Add-On, all retained ServiceM8 data associated with your account will be permanently purged within 30 days of deactivation.

7. Disclosure of Personal Information

We do not sell your personal information to third parties.

We may disclose personal information to:

  • Service providers who help us operate the Services
  • Legal or regulatory authorities, where required by law

Any external service provider we use must have privacy and security obligations in place.

7a. Third-Party Services

To deliver our Services, we utilise a number of trusted third-party platforms. Each has its own privacy policy and data handling practices, which we encourage you to review:

  • Mapbox — Used for mapping and location features (e.g. job site mapping in Job Radar). Mapbox may process location data to render maps. Mapbox Privacy Policy
  • Mailjet — Used for transactional email delivery (e.g. notifications and account emails). Mailjet Privacy Policy
  • Brevo (formerly Sendinblue) — Used for email communications and marketing. Brevo Privacy Policy
  • Cloudflare — Used for content delivery, DDoS protection, and DNS. Cloudflare may process request metadata including IP addresses. Cloudflare Privacy Policy
  • ServiceM8 — Our Add-Ons integrate directly with the ServiceM8 platform. Data accessed via the ServiceM8 API is subject to ServiceM8's own privacy policy. ServiceM8 Privacy Policy
  • Google Fonts — Used to serve web fonts on our website. Google may collect request metadata. Google Privacy Policy

We only work with third-party providers that we consider reputable and that maintain appropriate privacy and security standards. We are not responsible for the privacy practices of these external services.

8. International Data Transfers

All data collected and processed by our Services is stored in Australia. We do not transfer personal information to servers, infrastructure, or third parties located outside of Australia. Your data stays in Australia.

9. Cookies & Tracking Technologies

If applicable (e.g. on our website), we may use cookies or similar tracking technologies to collect data about your visit and interactions. This information helps us analyse trends and improve our Services.

10. Children's Privacy

Our Services are not intended for children under 13. We do not knowingly collect personal information from children under this age.

11. Your Rights & Data Deletion

You have the right to:

  • Request access to the personal information we hold about you
  • Ask for corrections to be made to your personal information
  • Request deletion of your personal information (where lawful)
  • Object to or restrict how we process your personal information
  • Request a copy of your data in a portable format

To submit a data deletion request or exercise any of the above rights, contact us at [email protected]. We will respond to all requests within a reasonable timeframe and no later than 30 days.

If you close your account, all personal information and account data associated with your account will be automatically deleted within 30 days of account closure. You may also request manual deletion at any time by emailing [email protected].

12. Data Processing

We process your personal information on the following legal bases:

  • Contract performance: Processing necessary to provide the Services you have subscribed to.
  • Legitimate interests: Processing necessary for us to operate our business, improve our Services, and ensure their security, where those interests are not overridden by your rights.
  • Legal obligation: Processing required to comply with applicable Australian laws and regulations.
  • Consent: Where you have provided explicit consent, such as for optional communications.

We do not use your personal information for automated decision-making or profiling that produces legal or significant effects.

13. GDPR Compliance

While Overgeek is an Australian business primarily governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles, we recognise that some of our users may be located in the European Economic Area (EEA) or the United Kingdom. To the extent that the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal information, we are committed to meeting those obligations.

Under the GDPR, you have the following additional rights:

  • Right to erasure ("right to be forgotten"): Request that we delete your personal data where there is no compelling reason for continued processing.
  • Right to restriction of processing: Request that we restrict how we process your data in certain circumstances.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing of your personal data where we rely on legitimate interests as our legal basis.
  • Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

All data is stored in Australia. Where this constitutes an international transfer under GDPR, we ensure appropriate safeguards are in place to protect your information.

To exercise any GDPR rights, contact us at [email protected]. If you believe we have not handled your data in accordance with the GDPR, you have the right to lodge a complaint with your local supervisory authority.

14. Changes to This Policy

We may update this Privacy Policy occasionally. When we do, we will revise the "Last updated" date. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy or your privacy rights, contact us:

← Back to ServiceM8 Addons