Privacy Policy

1. Who we are

Totum is a payment workflow for Australian construction with integrated compliance and audit workstreams. Totum is operated by FIVO Pty Ltd (ABN 27 688 306 783) in Sydney, New South Wales, Australia.

Totum does not process, hold, transfer or facilitate financial transactions. Totum is not a payment processor, escrow service or financial institution. All payments between parties occur externally through their existing banking arrangements. Totum records payment confirmations and receipt verifications as entered by users for audit and compliance purposes only.

2. What we collect

We collect the following categories of information:

• Account and profile information
  • Name, email address, phone number
  • Business name and ABN
  • State of operation
  • Account type (Project Owner or Contractor)
• Project and payment workflow data
  • Project details, milestone definitions and contractor assignments
  • Progress claim submissions and supporting documentation
  • Claim review decisions (approvals, rejections, revision requests)
  • Payment confirmation records (date, reference number, remittance uploads)
  • Receipt verification records
  • SOPA compliance deadline calculations and status transitions
  • Audit trail records (timestamped actions within the payment workflow)
• Usage and technical data
  • Pages viewed, time on page, clicks and form interactions
  • Browser type, device type, approximate location (via IP), referrer URL
  • Cookie and similar identifiers used for analytics
• Waitlist data (pre-launch)
  • Email address and selected role
  • Optional responses about payment challenges or feedback

We do not intentionally collect sensitive personal information.

3. How we use your information

We use your information to:

• Operate and deliver the Totum payment workflow platform
• Calculate SOPA compliance deadlines for your state jurisdiction
• Generate and maintain audit trail records of payment workflow activity
• Send transactional notifications (claim submissions, approvals, payment confirmations, deadline alerts)
• Communicate platform updates, maintenance notices and support responses
• Manage the Totum waitlist and early access programme
• Improve platform functionality and user experience
• Comply with Australian legal and regulatory obligations

We will not sell, rent or trade your personal information to third parties.

4. Legal basis (if applicable)

Where privacy laws apply (for example, GDPR for visitors from the EU/UK), we rely on:

• Your consent – when you create an account or join the waitlist
• Performance of a contract – to deliver the Totum platform services you have signed up for
• Our legitimate interests – to improve our services and understand platform usage
• Legal obligation – where we are required to retain records for compliance purposes

You can withdraw your consent at any time by contacting us or using the unsubscribe link in our communications.

5. Sharing your information

We may share your information with:

• Service providers that help us operate the Totum platform, including:
  • Hosting and infrastructure providers (Vercel, Supabase, Railway)
  • Email delivery services (Resend)
  • Analytics providers
• Other users within your projects – project owners and contractors on shared projects can see workflow data relevant to their role, including claim submissions, review decisions and payment status. Contractors cannot see other contractors’ financial data.
• Professional advisers (for example, legal or accounting) where reasonably necessary
• Regulators or authorities where required by law

We do not authorise service providers to use your personal information for their own marketing. These providers may process data on our behalf in accordance with their own privacy policies.

6. Data location and security

All data is stored on servers located in Australia where possible. We use industry-standard encryption for data in transit and at rest. Access to user data is restricted to authorised personnel only.

No online service can be guaranteed 100% secure, but we take reasonable steps to protect your information from unauthorised access, use or disclosure.

7. How long we keep your information

We keep your personal information:

• For the duration of your account and for seven years after account closure, to support compliance and audit trail obligations
• Waitlist data is retained for as long as we maintain pre-launch communications
• As long as required by applicable law or to resolve disputes

If you request deletion, we will remove you from active communications and, where practical, delete or de-identify your personal data. Note that deletion of audit trail records may be restricted where retention is required for legal compliance purposes.

8. Your rights

Depending on your location, you may have rights to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information (subject to legal retention obligations)
• Object to certain uses (for example, direct marketing)
• Withdraw consent where processing is based on consent

To exercise these rights, contact us at: privacy@usetotum.com.au.

You can also unsubscribe from marketing emails at any time by using the link included in those emails.

9. Cookies and analytics

We may use cookies and similar technologies to:

• Understand how visitors use this Site and the Totum platform
• Measure the performance of our communications
• Improve site speed and reliability

You can usually control cookies through your browser settings, but blocking cookies may impact how the Site functions.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will indicate the latest version.

11. Contact

If you have any questions about this Privacy Policy or how we handle your personal information, contact us at:

FIVO Pty Ltd trading as Totum
ABN 27 688 306 783
Sydney, New South Wales, Australia
support@usetotum.com.au