JobUp — Job Management for Tradies
Effective Date: 13 May 2026
Last Updated: 13 May 2026
Version: 1.0
JobUp is operated by Lucas Tohmeh trading as JobUp ("JobUp", "we", "us", "our"). We are committed to protecting the privacy of your personal information and complying with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Spam Act 2003 (Cth), and Apple's App Store Review Guidelines.
This Privacy Policy explains how we collect, hold, use, and disclose personal information through the JobUp mobile application ("App"), the JobUp website at getjobup.com ("Website"), the JobUp customer portal ("Portal"), and our application programming interface ("API") (together, the "Services").
By using our Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not use our Services.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not, as defined in the Privacy Act 1988 (Cth).
Sensitive Information means personal information about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information, or biometric information.
Business User means a sole trader, business owner, or authorised employee who creates an account on JobUp to manage their business operations.
Customer means an individual whose personal information is entered into JobUp by a Business User as a client or customer of the Business User's trade or service business.
Portal User means any individual who accesses the JobUp customer portal via a secure link to view quotes, invoices, or booking information.
When you create a JobUp account and use our Services, we collect:
Account information: name, email address, phone number, password (hashed and salted — we never store plaintext passwords).
Business information: business name, Australian Business Number (ABN), business address, business phone number, business email address, GST registration status, bank account details (account name, BSB, account number) for display on invoices.
Business branding: logo image, brand colours, custom footer text for quotes and invoices, portal welcome message.
Service and job data: services offered, pricing, job details, scheduling information, job notes, internal notes, checklists, job status history, and job addresses.
Financial data: quotes, invoices, line items, payment records, amounts, due dates, and invoice history. All monetary values are stored as integers (cents) and are not processed as payment card data.
Device information: device type, operating system version, app version, push notification tokens (Apple Push Notification Service device tokens), and crash/error reports.
Authentication tokens: OAuth tokens for third-party integrations (such as Xero) are stored encrypted on our servers and used solely to sync data with the relevant third-party service on your behalf.
Usage data: timestamps of when you use the app, which features you access, and general interaction patterns to improve our Services.
Business Users enter their customers' personal information into JobUp. This may include:
Contact information: customer name, phone number, email address, physical address.
Notes: any notes the Business User records about the customer (such as access instructions, preferences, or job history notes).
Financial records: quotes sent, invoices issued, payment history, and total spend associated with the customer.
Communication history: records of SMS messages and email notifications sent to the customer through our Services, including message content, delivery status, and timestamps.
We collect and process this information on behalf of the Business User. The Business User is responsible for ensuring they have the appropriate consent or legal basis to provide this information to us and to send communications to their customers through our Services.
When a Portal User accesses the JobUp customer portal via a secure link:
Access data: IP address, browser type, device type, and the time and date of access.
Interaction data: whether a quote was accepted or declined, whether an invoice was viewed, and any messages sent through the portal.
We do not require Portal Users to create an account or provide a login. Portal access is controlled via secure, cryptographically random tokens embedded in URLs.
We do not collect:
We collect personal information:
Directly from you when you create an account, set up your business profile, enter customer details, create jobs, quotes, and invoices, and communicate with us.
From your customers when they interact with the customer portal (viewing quotes, accepting quotes, viewing invoices).
Automatically through your use of the Services, including device information, usage analytics, and push notification tokens.
From third parties only when you explicitly connect a third-party service, such as:
We do not purchase, obtain, or collect personal information from data brokers or any other source not described in this Privacy Policy.
We collect and use personal information for the following purposes:
4.1 Providing the Services: To operate the JobUp platform, including creating and managing jobs, quotes, invoices, customers, and scheduling.
4.2 Communication: To send SMS messages and email notifications to Business Users' customers on behalf of the Business User, including booking confirmations, reminders, invoice notifications, and follow-up messages. All SMS communications are sent at the instruction and on behalf of the Business User, not on behalf of JobUp.
4.3 Account management: To verify your identity, manage your account, process subscription payments (via Apple's in-app purchase system), and provide customer support.
4.4 Third-party integrations: To synchronise data with connected services (such as Xero) at your request and under your control.
4.5 PDF generation: To generate professional invoice and quote PDFs that include Business User details, customer details, line items, and payment information.
4.6 Improving our Services: To analyse usage patterns, identify bugs and errors, and improve the functionality and user experience of our Services.
4.7 Legal obligations: To comply with applicable laws, regulations, and legal processes, including the Privacy Act, the Spam Act, and Apple's App Store requirements.
4.8 Security: To detect and prevent fraud, abuse, security incidents, and other harmful activity.
We will not use or disclose personal information for a purpose other than those stated above unless we have the individual's consent, or the use or disclosure is otherwise authorised under the Privacy Act.
JobUp sends SMS messages to Business Users' customers on behalf of the Business User. These messages include booking confirmations, appointment reminders, quote notifications, invoice notifications, and follow-up messages.
Important: These SMS messages are commercial electronic messages under the Spam Act 2003 (Cth). The Business User is the "sender" of these messages for the purposes of the Spam Act. The Business User is responsible for ensuring:
JobUp provides the technology platform to send these messages. Business Users must comply with the Spam Act and all applicable laws when using our SMS features.
Opt-out: Customers can reply STOP to any SMS message to unsubscribe from future messages from that Business User. JobUp processes STOP replies and prevents further messages from being sent to that customer by that Business User.
We send email notifications to Business Users for account-related purposes (email verification, password resets, account alerts). These are transactional messages and are not commercial electronic messages under the Spam Act.
We may disclose personal information to the following categories of recipients:
We use the following third-party service providers who may access personal information in the course of providing services to us:
| Provider | Purpose | Data Accessed | Location |
|---|---|---|---|
| Supabase (Supabase Inc.) | Database hosting, authentication, file storage | All stored data | Cloud infrastructure (AWS, US regions) |
| Mobile Message (Mobile Message Pty Ltd) | SMS delivery | Customer phone numbers, message content | Australia |
| Apple (Apple Inc.) | Push notifications, in-app purchases, authentication | Device tokens, Apple ID email, purchase receipts | United States |
| Google (Google LLC) | Authentication (Google Sign In) | Email address, name | United States |
| Cloudflare (Cloudflare Inc.) | API hosting, DDoS protection, SSL | IP addresses, request metadata | Global CDN |
| Resend (Resend Inc.) | Transactional email delivery | Email addresses, email content | United States |
| Xero (Xero Limited) | Accounting integration (optional, user-initiated) | Business details, customer names, invoices, payments | Australia/New Zealand |
Each of these service providers is contractually required to protect personal information and to use it only for the purpose for which it was disclosed.
When a Business User sends a quote, invoice, or booking confirmation to their customer, the customer receives the Business User's business information (name, ABN, phone, email, address, bank details) via SMS, email, or the customer portal. This disclosure is at the instruction of and on behalf of the Business User.
We may disclose personal information if required by law, regulation, legal process, or enforceable governmental request, including to comply with a subpoena or court order.
If JobUp is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before personal information is transferred and becomes subject to a different privacy policy.
We do not sell, rent, or trade personal information to any third party for marketing, advertising, or any other purpose.
Some of our service providers are located outside Australia, including in the United States. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient complies with the APPs or is subject to a substantially similar privacy regime, in accordance with APP 8.
Specifically:
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, in accordance with APP 11.
Our security measures include:
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We retain personal information for as long as it is needed to provide our Services and fulfil the purposes described in this Privacy Policy, or as required by law.
Business User accounts: We retain account data for as long as the account is active. If you delete your account, we will delete or de-identify your personal information within 30 days, except where we are required to retain it for legal, accounting, or regulatory purposes.
Customer data: Customer data entered by Business Users is retained for as long as the Business User's account is active. If a Business User deletes a customer record, the data is soft-deleted (marked as deleted but retained for 90 days for recovery purposes) and then permanently deleted.
Job, quote, and invoice records: These are retained for a minimum of 5 years after creation to comply with Australian Taxation Office (ATO) record-keeping requirements for business records.
SMS message logs: Message content and delivery status are retained for 2 years for troubleshooting and compliance purposes.
Activity logs: Job activity timelines are retained for the life of the account.
Portal access logs: IP addresses and access timestamps from the customer portal are retained for 12 months.
Under the Australian Privacy Principles, you have the right to:
Access your personal information (APP 12): You can request access to any personal information we hold about you. You can access and export most of your data directly through the App. For information not accessible through the App, contact us at [email protected].
Correct your personal information (APP 13): You can update your account information, business profile, and customer records directly through the App at any time. If you believe any information we hold about you is inaccurate, incomplete, or out of date, contact us and we will take reasonable steps to correct it.
Delete your account: You can request deletion of your account by contacting us at [email protected]. We will delete or de-identify your personal information within 30 days, subject to our legal retention obligations.
Withdraw consent: Where we rely on your consent to process personal information, you can withdraw that consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.
Disconnect third-party integrations: You can disconnect Xero or other third-party integrations at any time through the App settings. This will revoke our access to the third-party service and delete stored tokens.
If you are a customer of a Business User and wish to access, correct, or delete your personal information held in JobUp, you should contact the Business User directly. The Business User is the controller of your personal information within JobUp.
If you are unable to resolve your request with the Business User, you may contact us at [email protected] and we will take reasonable steps to assist.
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us at [email protected]. We will respond to your complaint within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
The JobUp mobile app does not use cookies. We do not use any third-party analytics SDKs, advertising SDKs, or tracking technologies in the App.
The JobUp website and customer portal may use essential cookies that are strictly necessary for the functioning of the website (such as session management). We do not use cookies for advertising, analytics, or tracking purposes.
We do not use Google Analytics, Facebook Pixel, or any other third-party tracking technology on our website or portal.
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].
In accordance with APP 2, we will allow individuals to interact with us anonymously or using a pseudonym where it is lawful and practicable. However, due to the nature of our Services (which require account registration, business identification, and customer contact details to function), it is generally not practicable for Business Users or their Customers to use our Services anonymously.
You may contact us with general enquiries without identifying yourself.
JobUp uses automated processes for the following purposes:
These automated processes do not make decisions that significantly affect the rights or interests of individuals beyond the operational scope of the Services. We do not use automated decision-making for profiling, credit scoring, or any purpose that would trigger the enhanced transparency obligations under APP 1.7 (effective 10 December 2026).
If we introduce automated decision-making that could significantly affect individuals' rights or interests in the future, we will update this Privacy Policy accordingly.
Our Services may contain links to third-party websites or services (such as map applications for navigation, or Xero's website for accounting integration). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing them with personal information.
We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or Services. We will notify Business Users of material changes by:
We encourage you to review this Privacy Policy periodically. Your continued use of our Services after the publication of changes constitutes your acceptance of those changes.
If you have any questions about this Privacy Policy, your personal information, or our privacy practices, please contact us:
JobUp Privacy Team
For urgent privacy concerns or to report a data breach, email [email protected] with the subject line "URGENT: Privacy Concern" or "URGENT: Data Breach Report."
This Privacy Policy is governed by the laws of the State of New South Wales, Australia, and the Commonwealth of Australia, including the Privacy Act 1988 (Cth).
This Privacy Policy was last reviewed and updated on 13 May 2026.