Privacy Policy

Chartcastr takes your privacy seriously where we deal with your personal data. This means information that identifies you personally such as your name, billing information and contact details or data that can be linked with such information in order to identify you directly or indirectly.

References to "Chartcastr", "we", "us" or "our" in this privacy notice are to Drummerduck Pty Ltd, a company registered in Australia. We are the Controller of your personal data (this simply means we are responsible for what happens to your personal data).

Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

This privacy notice does not cover any personal data processed by us on behalf of our clients in relation to the Chartcastr data visualization platform. For information on how personal data is handled within specific charts and reports generated for our clients, please refer to our Data Processing Addendum (DPA).

Your Personal Data and How We Use It

We collect personal data about you, either directly from you, from a third-party source or by automated means (when you use our website or application). Under data protection law we can only use your personal data where we have a lawful basis (justification).

How We Share Your Personal Data

We share your personal data with trusted third parties who perform functions on our behalf and help us provide the service. These include:

• Auth & Identity: Clerk
• Payments & Billing: Stripe
• Hosting & Infrastructure: Vercel, Railway, Google Cloud Platform
• Storage & Security: Cloudflare
• Analytics: PostHog
• Communications & Delivery: Slack, Resend (Email processing), Svix
• AI Processing: Anthropic, OpenAI, and various open-source models via AI Gateway / Vercel AI

International Transfers

We are located in Australia. However, many of our service providers are located in the United States or other jurisdictions. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to project your personal data when transferred internationally.

Data Security

We are CASA Type 2 certified. We implement stringent technical and organizational measures to protect your data, including AES-256 encryption at rest and TLS for all data in transit.

Your Data Rights

By law, you have several rights regarding your personal data:

• Right of Access: Request a copy of the data we hold about you.
• Right to Rectification: Ask us to correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data where no compelling reason exists for continued use.
• Right to Restrict Processing: "Block" or suppress further use of your personal data.
• Right to Data Portability: Obtain your data in a structured, machine-readable format.
• Right to Withdraw Consent: Withdraw permission at any time where we rely on consent.

Contact Us

If you wish to exercise any rights or have questions about this notice, please contact us at: privacy@chartcastr.com