Privacy Policy
Last updated: 6 January 2026
Onmark (a division of Logicsync Pty Ltd, ABN: 12 620 184 867) ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at onmark.au (the "Website") and our client portal at app.onmark.au (the "Portal"), together referred to as the "Services". By accessing or using the Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.
1. Information We Collect
1.1 Account Information
When you create an account on the Portal, we collect:
- Full name
- Email address
- Phone number
- Company/organisation name
- Business address
- Job title or role
- Profile photo (optional)
- Password (encrypted)
1.2 Payment Information
When you make payments through the Portal, payment processing is handled by Stripe. We collect:
- Billing name and address
- Payment method details (processed securely by Stripe)
- Transaction history and invoices
Important: We do not store your full credit card numbers. Stripe processes and stores payment card data in compliance with PCI DSS (Payment Card Industry Data Security Standard). For recurring payments, Stripe securely stores your card details on their systems.
For more information, see Stripe's Privacy Policy.
1.3 Social Media Account Connections
When you connect your business social media accounts to the Portal for content publishing, we collect:
- OAuth access tokens and refresh tokens
- Social media account IDs and usernames
- Page/profile names and profile pictures
- Account permissions granted
- Content publishing history
Platforms we integrate with:
- Meta (Facebook Pages, Instagram Business)
- LinkedIn (Company Pages)
- X (Twitter)
- YouTube
- TikTok (Business accounts)
We only access information necessary to publish content on your behalf and monitor post performance. We do not access your personal social media accounts—only business accounts you explicitly connect.
1.4 Project and Communication Data
Through the Portal, we collect:
- Project briefs, files, and assets you upload
- Messages and communications within the Portal
- Feedback, comments, and approvals
- Content drafts and published content
- Meeting notes and project updates
1.5 Information from Contractors
If you are a contractor (e.g., photographer, videographer) working with us, we collect:
- Name and contact details
- Business name and ABN (if applicable)
- Bank account details for payments
- Work samples and deliverables
- Time tracking and task completion data
Contractors have limited access to client data only as necessary for their assigned tasks.
1.6 Information You Provide Voluntarily
We may collect personal information when you:
- Contact us via our contact form or email
- Subscribe to our newsletter
- Request a quote or enquire about our services
- Participate in surveys or promotions
1.7 Information Automatically Collected
When you use our Services, we automatically collect:
Analytics Data (via Vercel Analytics):
- Page views and navigation paths
- Browser type and version
- Device type (desktop, mobile, tablet)
- Approximate geographic location (country/region level)
- Referring website
- Time spent on pages
Vercel Analytics is privacy-focused and does not use cookies for tracking.
Portal Usage Data:
- Login times and session duration
- Features used and actions taken
- Error logs and performance data
Server Logs:
- IP address
- Access times and dates
- Pages and resources accessed
1.8 Cookies and Tracking Technologies
Our Services use the following cookies:
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security | Session |
| Functional | Remember preferences and settings | 1 year |
| Analytics | Vercel Analytics (cookie-free) | N/A |
We do not use third-party advertising cookies or tracking pixels.
2. How We Use Your Information
We use the information we collect to:
Provide and Manage Services:
- Create and manage your Portal account
- Process payments and manage billing
- Deliver project updates and communications
- Publish content to your connected social media accounts
- Facilitate collaboration between clients, team members, and contractors
Communicate With You:
- Respond to enquiries and support requests
- Send service-related notifications (project updates, invoices, etc.)
- Send marketing communications (with your consent)
Improve Our Services:
- Analyse usage patterns to enhance user experience
- Develop new features and functionality
- Troubleshoot technical issues
Legal and Security:
- Comply with legal obligations
- Enforce our terms and conditions
- Protect against fraud and unauthorised access
- Maintain security of the Services
3. Social Media Data and Permissions
3.1 What We Access
When you connect a social media account, we request only the permissions necessary to:
- View basic account/page information
- Create and publish posts on your behalf
- Upload media (images, videos) to your accounts
- View post insights and engagement metrics
3.2 What We Do Not Access
We do not:
- Access your personal social media profiles
- Read your private messages or direct messages
- Access accounts you haven't explicitly connected
- Sell your social media data to third parties
3.3 Disconnecting Accounts
You can disconnect any social media account at any time through the Portal settings. Upon disconnection:
- We will revoke and delete stored access tokens
- We will no longer be able to publish to that account
- Previously published content will remain on the platform
- Historical publishing data may be retained for your records
3.4 Third-Party Platform Policies
Your use of connected social media accounts is also subject to the respective platform's terms and privacy policies:
- Meta Privacy Policy
- LinkedIn Privacy Policy
- X Privacy Policy
- YouTube Privacy Policy
- TikTok Privacy Policy
4. Legal Basis for Processing (Australian Privacy Principles)
We collect and process your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We will only collect personal information that is reasonably necessary for our functions or activities.
Lawful bases for processing include:
- Consent: Where you have given clear consent (e.g., connecting social media accounts)
- Contract: Where processing is necessary to perform our contract with you
- Legitimate interests: Where processing is necessary for our legitimate business interests
- Legal obligation: Where processing is required by law
5. Disclosure of Your Information
We may share your information with:
5.1 Service Providers
We use trusted third-party service providers to operate our Services:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Vercel | Website hosting and analytics | vercel.com/legal/privacy-policy |
| Stripe | Payment processing | stripe.com/au/privacy |
| Sanity | Content management system | sanity.io/legal/privacy |
| Mux | Video hosting and streaming | mux.com/privacy |
| Meta | Social media publishing | facebook.com/privacy/policy |
| Social media publishing | linkedin.com/legal/privacy-policy | |
| X (Twitter) | Social media publishing | twitter.com/en/privacy |
| YouTube/Google | Social media publishing | policies.google.com/privacy |
| TikTok | Social media publishing | tiktok.com/legal/privacy-policy |
5.2 Team Members and Contractors
To deliver our services, your project information may be shared with:
- Onmark team members assigned to your project
- Approved contractors (photographers, videographers, etc.) with limited access to specific tasks
All team members and contractors are bound by confidentiality obligations.
5.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
6. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 7 years |
| Payment and billing records | 7 years (tax compliance) |
| Project files and communications | Duration of account + 2 years |
| Social media tokens | Until disconnected or account closure |
| Contact form submissions | 3 years |
| Newsletter subscriptions | Until unsubscribed |
| Analytics data | Aggregated; per Vercel's policies |
| Contractor records | 7 years after engagement ends |
Upon account closure, you may request deletion of your data subject to our legal retention obligations.
7. Your Rights
Under Australian privacy law, you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal obligations)
- Data portability: Request an export of your data in a portable format
- Withdraw consent: Withdraw consent for processing where consent was the legal basis
- Disconnect accounts: Remove connected social media accounts at any time
- Opt-out: Unsubscribe from marketing communications at any time
- Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
To exercise these rights, contact us at contact@onmark.au.
8. Email Marketing (SPAM Act 2003 Compliance)
If you subscribe to our newsletter or marketing communications, we comply with the Spam Act 2003 (Cth):
- We will only send commercial electronic messages with your consent
- All marketing emails will clearly identify us as the sender
- Every email will include a functional unsubscribe mechanism
- We will honour unsubscribe requests within 5 business days
Service-related communications (e.g., project updates, invoices, security notices) are not marketing and may be sent without separate consent as part of our service delivery.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- Secure HTTPS/TLS encryption for all data transmission
- Encrypted storage of sensitive data (passwords, tokens)
- Multi-factor authentication options for Portal accounts
- Role-based access controls limiting data access
- Regular security assessments and penetration testing
- PCI DSS compliant payment processing via Stripe
- Secure OAuth 2.0 protocols for social media connections
- Regular backups with encryption
Contractor Access Controls: Contractors are granted limited, task-specific access and cannot view:
- Payment or billing information
- Other clients' data
- Social media account credentials
- Full project histories beyond their assigned work
However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
10. International Data Transfers
Your information may be transferred to and processed in countries outside Australia, including the United States, where our service providers operate. These transfers are necessary to provide our Services.
Our service providers maintain appropriate safeguards to protect your information, including:
- Standard contractual clauses
- Privacy Shield certification (where applicable)
- Binding corporate rules
11. Children's Privacy
Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
12. Third-Party Links
Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this page.
For material changes, we will notify you via:
- Email to your registered account
- Prominent notice on the Portal
- In-app notification
We encourage you to review this Privacy Policy periodically.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Onmark (a division of Logicsync Pty Ltd) ABN: 12 620 184 867
Suite 37, 50 Mawson Lakes Boulevard Mawson Lakes SA 5095 Australia
- Email: contact@onmark.au
- Website: onmark.au
- Portal: app.onmark.au
For privacy complaints that we cannot resolve, you may contact the Office of the Australian Information Commissioner:
- Website: oaic.gov.au
- Phone: 1300 363 992