Privacy Policy

Last updated: May 2026

1. About Us

HR Konnect (ABN 62 463 579 168) is an Australian HRIS (Human Resource Information System) platform operated from New South Wales, Australia (“we”, “us”, “our”).

We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, store, and disclose personal information when you use our Service.

2. Information We Collect

We collect information you provide when using the Service, including:

  • Organisation details (business name, ABN, billing contact, subscription information)
  • Employee records (name, employment details, position, department, start date)
  • Leave records (leave type, dates, supporting documentation)
  • Timesheet and rostering data
  • HR documents uploaded by your organisation
  • Emergency contact information provided by employees
  • Training and certification records
  • Payroll-related data shared with connected integrations (e.g. Xero)
  • Usage data (login events, feature usage) for product improvement and security

Sensitive information

As an HRIS platform, we may process sensitive information as defined under the Privacy Act, including health information contained in leave records or medical certificates, and information about individuals in care-sector roles. We collect sensitive information only as necessary to provide the Service and with the consent of the relevant individual, or where otherwise permitted by law. We handle sensitive information with a higher standard of care in accordance with APP 3.

We do not collect sensitive information for our own marketing purposes.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and improve the HR Konnect Service
  • Process payroll exports and third-party integrations (e.g. Xero) at your direction
  • Send service notifications, announcements, and support responses
  • Deliver email notifications you or your organisation configure within the platform
  • Maintain security, audit logging, and compliance records
  • Comply with legal obligations under Australian law

We do not sell, rent, or share your personal information with third parties for marketing purposes. If we send you direct marketing communications, you may opt out at any time by following the unsubscribe instructions in those communications or by contacting us at privacy@hrkonnect.com.au directly.

4. Data Storage and Security

Our primary database is hosted on Neon PostgreSQL in Sydney, Australia (AWS ap-southeast-2 region). HR documents and file attachments are stored using Cloudflare R2 with Oceania region (OC) — Australia & Pacific configuration. We take reasonable steps to ensure personal information is not stored outside Australia.

We implement industry-standard security controls including:

  • Encryption of data at rest and in transit (TLS)
  • HTTP security headers (HSTS, X-Frame-Options, Content Security Policy)
  • Role-based access control and database row-level security
  • Signed authentication sessions
  • Full audit logging of all HR actions

5. Third-Party Service Providers (Subprocessors)

We use the following third-party service providers to deliver the Service. Each processes personal information only on our instructions and in accordance with their respective privacy commitments:

ProviderPurposeLocation
Neon (PostgreSQL)Primary databaseSydney, AU (ap-southeast-2)
Cloudflare R2File and document storageOceania region (OC) — Australia & Pacific
ResendTransactional email deliveryUSA (email transmission only)
VercelApplication hostingSydney, AU (syd1 region)

When you connect third-party services such as Xero or MYOB, data is shared with those services in accordance with your instructions and their own privacy policies. HR Konnect is not responsible for third-party data practices once data is transmitted at your direction.

6. Data Retention

We retain your data for the duration of your subscription. Following account closure, we retain data for up to 7 years to comply with Australian record-keeping obligations under the Fair Work Act 2009 and taxation laws, after which it is securely deleted.

You may request earlier deletion of data subject to any applicable legal retention obligations. Upon cancellation, we will provide a full export of your organisation’s HR data on request within 30 days (see Section 7).

7. Access, Correction, and Portability

Under the Privacy Act, individuals have the right to access and correct personal information we hold about them. Employees can update their own details via the Employee Self-Service portal. Administrators can manage organisational data via the Admin Console.

Organisation administrators may request a full export of their organisation’s HR data at any time via the platform or by contacting us. We will action export requests within 30 days.

To make a formal access, correction, or deletion request, contact our Privacy Officer at privacy@hrkonnect.com.au.

8. Notifiable Data Breaches

HR Konnect is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. In the event of an eligible data breach — one that is likely to result in serious harm to affected individuals — we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
  • Notify affected individuals directly where required
  • Take immediate steps to contain and remediate the breach

We maintain an internal incident response process and conduct regular security assessments to minimise breach risk.

9. Cookies

We use session cookies solely for authentication. Session cookies contain a signed session identifier — no personal information is stored in the cookie itself. We do not use tracking, advertising, or analytics cookies. Disabling cookies in your browser will prevent you from signing in.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email at least 14 days before material changes take effect. The date of the most recent update appears at the top of this page.

11. Contact and Complaints

For privacy questions, access requests, or complaints, contact our Privacy Officer:

HR Konnect (ABN 62 463 579 168)
New South Wales, Australia
privacy@hrkonnect.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/privacy-complaints to submit a complaint.