SecondDesk Privacy Policy

Last Updated: 10 May 2026

SecondDesk is a trading name of Bravo Importing Pty Ltd (ABN: 78 638 732 555). We build compliance reports for Australian trades. To do that, we need to handle your data. This policy explains what we collect, where it goes, and how long we keep it. We keep it simple because you don't have time to read legal fluff.

1. What we collect

When you use SecondDesk, we collect:

Your account details: Name, business name, email address, and phone number.
Your job data: The photos, voice memos, logbook pages, and test sheets your technicians upload. These naturally contain site addresses, client names, asset details, and technician signatures.

2. What we use it for

We only use your information to:

Build and deliver your AS 1851 compliance reports.
Email you regarding your account, billing, or support requests.

We do not onsell your data to third parties. We do not use your logbooks, photos, voice memos, or client information to train AI models — ours or any third party's.

3. How AI fits in

SecondDesk uses AI tools to help draft your compliance reports and remedial works summaries from the evidence your technicians upload. Every AI-drafted output is reviewed by an authorised SecondDesk team member before it is provided to you.

The AI services we use process your data under enterprise terms that prohibit your data being used to train AI models, ours or anyone else's.

Our full Responsible AI practices — what AI does, what it doesn't do, how we handle errors, and how we align with the National AI Centre's guidance — are at seconddesk.com.au/responsible-ai.

4. Where your data goes

Parts of the software stack we use to process your reports are hosted on servers located outside of Australia. By using SecondDesk, you agree to your data being processed overseas to generate your reports. We take reasonable steps to ensure overseas providers handle your data consistently with the Australian Privacy Principles.

Note: If you service government, health, or critical infrastructure contracts that mandate strict Australia-only data sovereignty, tell us before you sign up so we can confirm if we are the right fit.

5. How long we keep it

Once a completed report is emailed to you, it belongs to you. It is your responsibility to file it for your own compliance records — Australian fire safety standards typically require building owners to retain inspection records for at least 7 years.

We keep a working copy of the uploaded photos and the generated PDF report on our end for 90 days. We do this so we can quickly fix mistakes or reissue a lost PDF if you ask us to.
After 90 days, those working files (photos and PDF) are permanently deleted from our system.
We retain anonymised structured records of the inspection (what was tested, results, defect counts) as internal service-history metadata. This metadata contains no photos, customer names, building addresses, or other personally identifiable information, and is used solely for our own quality assurance and aggregate analytics.

6. How we protect it

We use industry-standard encryption to protect your data while it's being uploaded and processed. However, no digital system is 100% bulletproof. We protect your data the same way we protect our own business records, but you use the service at your own risk.

7. Accessing or deleting your data

If you want to see exactly what information we hold about you, or if you want us to delete your account and wipe your data before the standard 90-day window, just ask. We will action deletion requests within 7 business days and provide written confirmation once your data has been purged from our systems.

8. Backups

We maintain encrypted database backups of our systems for disaster recovery purposes. These backups follow the same 90-day retention policy as our primary systems — any data deleted under Section 5 or Section 7 is also removed from backups within the same window.

9. Contact Us

If you have questions about this policy or how we handle your data, email the founder directly at hello@seconddesk.com.au.