Privacy Policy
Last updated: May 2026
This Privacy Policy explains how Clovib Pty Ltd (ACN 697 964 122), an Australian proprietary company trading under the business name Schevib (the “Service”), collects, uses, discloses and protects personal information in connection with the Service. Clovib Pty Ltd is committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), even where we may not strictly be an “APP entity” under the Act.
By accessing or using Schevib, you consent to the collection, use and disclosure of personal information as described in this Policy. If you do not agree, please do not use the Service.
1. Who we are
- Entity: Clovib Pty Ltd, trading as Schevib.
- ACN: 697 964 122.
- ABN: 57 697 964 122.
- Registered office: Level 18, 570 George Street, Sydney NSW 2000, Australia.
- Privacy Officer: Doory Im.
- Privacy enquiries: privacy@clovib.com.au
- Security notices: security@clovib.com.au
2. What personal information we collect
We collect the minimum information needed to operate the Service.
2.1 Account information
- Email address (required — used for sign-in via one-time magic link).
- Display name (optional — defaults to the local part of your email).
- Avatar colour preference (a palette colour string, not an image).
- Time zone.
2.2 Workspace content
- Workspace name.
- Site records you create — residential or commercial street addresses, suburb, state, postcode, the latitude and longitude returned by Google Places for that address (used to render sites on a map), service type, schedule cadence, free-text notes and scope.
- Team membership data — names, roles, permissions and status of the people you invite to your workspace.
Work session records. When an operator (a field worker invited to a workspace) starts and finishes work at a site, Schevib records a work session: the operator's workspace membership, the site, and the start and finish times of that session. A workspace's Owners and Admins can view these work sessions in the Work history screen, so the workspace can keep a record of when work was carried out. We do not store the worker's GPS coordinates (see Section 2.5). Work session records are retained for 90 days and then automatically deleted.
2.3 Technical and session information
- A functional authentication cookie (
refresh_token, HTTP-only, Secure, SameSite=Lax) used only to keep you signed in. - Server access logs (IP address, request path, timestamp, response code, trace ID, account identifier) for security and operational purposes.
- A local cache of your own data held in your browser (IndexedDB) to make Schevib usable offline. You can clear this at any time by signing out and clearing site data in your browser.
2.4 Third-party personal information
Schevib is a scheduling tool for field-service businesses. When you add a “site ” — for example, a customer's house you regularly visit — you are providing Schevib with personal information about that third party (their address and, indirectly, their service cadence). You are responsible for ensuring you have a lawful basis to collect and store that information and for giving any notice required under the Privacy Act 1988 and the APPs to the person concerned. See our Terms of Service for the full warranty you provide to us in this regard.
2.5 What we do not collect
Schevib does not use third-party analytics, advertising, marketing pixels or usage tracking. We do not collect phone numbers, physical addresses, dates of birth or bank details about our users. We do not store payment card data on our servers; billing is handled by Stripe using a hosted checkout flow (see Section 6).
Location, audio and video. We do not record audio or video, and we do not keep a continuous GPS trail of users or workers — no GPS coordinate is stored on our servers. Schevib uses your device's location only in the limited ways below, each requiring your browser's Geolocation permission:
- the map's optional “centre on me” button pans the map to your position — the coordinate is not sent to our servers;
- the “Nearby” option, when you start a work session, sends your current position to our server once, only to list which of your assigned sites are close by, and does not store it; and
- a work session started from “Nearby” can end automatically when you leave the site — while that session is open, your device periodically checks your distance from the site on the device itself and ends the session when you move beyond the site's radius; only the fact that the session has ended is sent to us, never the coordinate.
We use only your device's GPS/Geolocation as described above. We do not use Bluetooth or Wi-Fi beacons, and we do not record audio or video.
2.6 Anonymity and pseudonymity (APP 2)
Schevib's authentication is based on email-only sign-in, so we cannot offer access to the Service without an email address. Within that constraint, you are free to use a pseudonymous email address (for example, an alias forwarder), and you may choose any display name — we do not require a real name. We do not ask for, collect or use any government-related identifier (such as a Tax File Number or Medicare number) as our own identifier of an individual (APP 9).
3. How we collect personal information
We collect personal information:
- directly from you when you sign up, sign in, create content or invite members;
- from a workspace owner or administrator when they invite you to join their workspace;
- automatically when you interact with the Service (server logs, functional session cookie); and
- from third-party providers acting on our behalf (for example, Google Places for address autocomplete — see Section 6).
4. Why we collect and how we use it
We use personal information to:
- authenticate you and keep your session active (magic link + functional session cookie);
- provide the Service — storing, displaying and organising your schedules;
- deliver transactional emails (sign-in links, trial and billing notices, downgrade warnings);
- bill you when you subscribe to a paid plan (via Stripe, when enabled);
- secure the Service (detecting abuse, enforcing rate limits, investigating incidents);
- comply with our legal obligations and respond to lawful requests from authorities.
We do not sell personal information. We do not use personal information for advertising or profiling, and we do not make automated decisions that have a legal or similarly significant effect on you.
Use limited to the purpose of collection (APP 6). We use personal information only for the purposes set out above. We will not use or disclose it for an unrelated purpose unless you consent or another exception in APP 6 applies (such as a legal obligation or an enforcement-related activity).
Direct marketing (APP 7). We do not use or disclose your personal information for direct marketing. Transactional emails (sign-in links, trial and billing notices, downgrade warnings) are sent under our service contract with you, not as marketing. Any future marketing communications would be sent only with separate, express consent and would include a functional unsubscribe facility.
Quality of personal information (APP 10). We take reasonable steps to ensure the personal information we hold is accurate, up to date, complete and relevant for the purpose for which we use it. You can correct your own profile, sites, schedules and team members at any time within Schevib.
5. Legal basis — APP 3 and APP 5
We collect personal information only where it is reasonably necessary for our business functions and activities (APP 3). Where we collect personal information directly from you, we do so with notice at or around the point of collection (APP 5), and the notice is this Policy together with any in-product messages.
6. Disclosure to third parties (including overseas recipients)
We disclose personal information only to the service providers listed below, solely to the extent necessary for them to perform their function on our behalf. Some of these recipients are outside Australia (APP 8). We take reasonable steps to ensure each recipient handles personal information in a manner consistent with the APPs.
| Recipient | Purpose | Location |
|---|---|---|
| Amazon Web Services | Application hosting, database, backups (all resources in Sydney region) | Australia (ap-southeast-2) |
| Google LLC (Maps & Places APIs) | Address autocomplete, geocoding and map rendering | United States / global |
| Stripe Payments Australia Pty Ltd ABN 78 622 032 617 | Trial-to-paid conversion, subscription billing and payment processing (hosted checkout; full card data is collected and held by Stripe and is not passed to Schevib) | Australia / United States |
| Postmark (ActiveCampaign Inc.) | Transactional email delivery (magic-link sign-in, billing and lifecycle notices) | United States |
We may also disclose personal information where required by law, to protect our rights, property or safety, or with your consent.
7. Storage and security
Schevib application servers and the customer database are hosted in Amazon Web Services' Sydney region (ap-southeast-2). We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure, including:
- TLS encryption for all data in transit;
- encryption at rest for the database and backups;
- role-based access controls and least-privilege administrative access;
- passwordless sign-in (magic link) — we do not store or process user passwords;
- audit logging of administrative actions and periodic review of access; and
- scheduled purging of expired sign-in tokens and revoked sessions.
8. Retention
- Account data: retained while your account is active, and for up to 90 days after account closure to allow for restore on request.
- Workspace content (sites, schedules, members): retained while the workspace is active or in a paid grace period (see Section 8.1). Soft-deleted workspaces are hard-deleted after 90 days unless you request immediate erasure.
- Sign-in tokens: 15 minutes (magic link), then destroyed.
- Session tokens: rolling 60 days from last use, or until you sign out.
- Invite tokens: 7 days, then destroyed.
- Server access logs: up to 90 days, then destroyed or de-identified.
- Backups: up to 90 days rolling. Deletion requests are honoured in the live database immediately; data residing in backups expires within this window.
8.1 Subscription lifecycle and data access
Schevib does not offer a permanent free tier. All new workspaces start a 14-day free trial with full feature access; thereafter continued use of the Service requires a paid subscription. Your data remains accessible for export (in CSV) at every stage of the lifecycle:
- During trial (TRIALING): full access for 14 days. No payment method is required to start the trial.
- Trial expired without payment (EXPIRED): interactive features are locked; Settings and CSV export remain available so you can take your data with you. Workspace data is retained for 90 days after this point and is then hard-deleted unless you have subscribed.
- Paid (ACTIVE): data retained while the subscription is active.
- Paid grace (IN_GRACE): if a renewal payment fails, the workspace becomes read-only for up to 14 days while we retry. Data is fully retained; no mutations are accepted.
- Paid expired (EXPIRED): if grace lapses without payment, interactive features are locked. Settings and CSV export remain available, and workspace data is retained for a further 90 days before hard deletion (subject to any earlier erasure request you make).
9. Your rights
9.1 Access (APP 12)
You can access your sites and schedules at any time by signing in and using the Export feature in Settings, which produces CSV files of your sites and schedules (available even if your subscription has lapsed). For other personal information we hold about you, email privacy@clovib.com.au. We will respond within a reasonable period, and normally within 30 days.
9.2 Correction (APP 13)
You can edit your display name, avatar colour and time zone in Settings, and you can edit or remove any site or schedule you created. For corrections we cannot make through the product, email privacy@clovib.com.au.
9.3 Erasure
To request deletion of your account and personal information, email privacy@clovib.com.au from the email address associated with your account. We will honour the request within 30 days, subject to any overriding legal obligation (for example, retaining records required by the Fair Work Act 2009). Data held in backups will expire within the retention window set out in Section 8.
9.4 If we refuse access or correction
We may decline an access or correction request only on grounds permitted by the Privacy Act (for example, where the request is frivolous, where granting it would have an unreasonable impact on the privacy of other individuals, or where we are required or authorised by law to refuse). If we refuse a request we will give you written notice setting out:
- the reasons for the refusal, except where it would be unreasonable to do so;
- the complaint mechanism described in section 9.5; and
- in the case of correction, that you may ask us to associate a statement with the personal information indicating that you consider it inaccurate, out of date, incomplete, irrelevant or misleading. We will take reasonable steps to give effect to such a request.
9.5 Complaints
If you believe we have breached the Privacy Act or this Policy, please contact our Privacy Officer first at privacy@clovib.com.au. We will investigate and respond within 30 days. If you are not satisfied with our response, you may refer the complaint to the Office of the Australian Information Commissioner (OAIC):
- Online complaint form: oaic.gov.au/privacy/privacy-complaints
- Telephone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
10. Cookies
We use one functional cookie to keep you signed in (refresh_token). We do not use tracking, analytics or advertising cookies. If Stripe Checkout is used to process a payment, Stripe may set its own cookies on the Stripe-hosted page; see Stripe's privacy notice for details.
11. Children
Schevib is a business tool and is not intended for use by individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
12. Data breach notification
If we suspect a data breach that is likely to result in serious harm, we will assess it within the 30-day window required by the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988) and, where required, notify the OAIC and affected individuals as soon as practicable.
13. Changes to this Policy
We may update this Policy from time to time. We will post the updated Policy here and change the “Last updated” date above. Material changes will be communicated by email to the address associated with your account.
14. Contact
For any privacy-related question or request: privacy@clovib.com.au.