SMECentral

Legal

Privacy Policy

Effective date: 23 April 2026  ·  Last updated: 23 April 2026

Power Digital Solutions Australia ("we", "us", or "our") operates the SMECentral platform and associated website located at smecentral.au. We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains what information we collect, why we collect it, how we use and store it, and your rights regarding that information. By using our website or purchasing SMECentral, you agree to the practices described in this policy.

1. Who We Are

Company name: Power Digital Solutions Australia

Trading as: SMECentral

Country: Australia

Contact email: alex@powerdigital.au

2. Information We Collect

We collect personal information in the following circumstances:

2.1 Contact & Enquiry Forms

When you submit an enquiry via our website we collect your name, email address, website URL (optional), and the content of your message. This information is used solely to respond to your enquiry.

2.2 Purchase & Account Information

If you purchase SMECentral, we collect your name, business name, email address, and payment details (processed securely by our payment provider — we do not store raw card numbers). We also collect your Australian Business Number (ABN) for invoicing purposes.

2.3 SMECentral Application Data

SMECentral is a locally-installed or self-hosted platform. Business data you enter into the application (employees, invoices, payroll, etc.) is stored within your own database instance. We do not have access to this data unless you specifically grant us remote access for support purposes.

2.4 Website Usage Data

Our web server may log standard access information such as your IP address, browser type, pages visited, and referrer URL. This data is used solely for security monitoring and aggregate analytics. We do not use third-party behavioural tracking scripts on this site.

3. How We Use Your Information

  • To respond to your enquiries and provide customer support
  • To process your purchase and issue a tax invoice
  • To deliver software licence keys and product updates
  • To comply with Australian taxation and record-keeping obligations
  • To improve the security and performance of our website
  • To send you important notices about the product you purchased (not marketing, unless you opt in)

We will not use your personal information for any purpose incompatible with the reason it was collected without your consent, except where required or authorised by law.

4. Disclosure to Third Parties

We do not sell, rent, or trade your personal information. We may disclose it to trusted third parties only where necessary:

  • Payment processors — to securely handle your purchase transaction (e.g. Stripe, Square).
  • Email delivery providers — to reliably deliver transactional emails such as order confirmations.
  • Regulatory authorities — where required by Australian law, court order, or ATO compliance obligations.

Where we engage third-party service providers, we require them to handle your personal information in accordance with applicable Australian privacy law.

5. Biometric (Face ID) Data — Employee Time & Attendance

SMECentral offers an optional Face ID feature that lets employees clock in and clock out at an in-store kiosk by standing in front of the device camera. This feature is only enabled if the business owner explicitly chooses to use it, and it only applies to employees who have been enrolled by their employer.

Important — we do not use Apple Face ID. SMECentral does not use the iPhone Face ID biometric API, the Secure Enclave, or Apple's LocalAuthentication framework. All face matching is performed by SMECentral's own server-side recognition pipeline. The phrase "Face ID" in our app refers to our internal employee identification feature, not Apple's device-unlock technology.

5.1 What we collect

When a business owner enrols an employee for Face ID, we collect:

  1. A single still photo of the employee's face, captured by the device camera or uploaded from a file at enrolment time.
  2. A 512-dimensional face embedding — a list of 512 numbers produced from the photo by the InsightFace ArcFace model. The embedding is a one-way mathematical descriptor; it cannot be used to reconstruct the original photograph.

During each subsequent clock-in or clock-out, the device camera captures a momentary frame which is sent to our server, converted into an embedding for comparison, and then discarded immediately. The live frame is never stored.

5.2 How we use it

Face data is used only for the following purposes:

  • To identify an enrolled employee at clock-in and clock-out.
  • To record attendance entries (date, clock-in time, clock-out time) used by the employer for payroll and rostering.

We do not use face data for advertising, profiling, analytics, machine-learning training, or any other purpose.

5.3 Storage and security

  • All face data (photos and embeddings) is stored on SMECentral's own servers, hosted in Australia.
  • Data is partitioned per-company; a company's face data is only ever matched against employees of the same company.
  • All transport between the app and our server uses HTTPS (TLS).
  • Database and media files are protected by standard server-level access controls.
  • Only authorised admins of the same company — and SMECentral's own infrastructure operators for backup and restore — can access face data.

5.4 Who we share it with

We do not sell, rent, or share face data with any third party. Face data is never transmitted to Apple, Google, or any external biometric service. The recognition pipeline (InsightFace buffalo_l) runs entirely on SMECentral's own servers.

5.5 Retention

Face data is retained only for as long as the employee remains enrolled with their employer on the SMECentral platform.

  • When a business owner unenrols an employee or marks them inactive, both the photo and the embedding are removed from active records.
  • A deletion request from an employee or employer is honoured within 30 days.
  • If a business closes its SMECentral account, all of that company's face data is removed within 90 days of the closure.

We do not retain face data of former employees beyond these windows.

5.6 Your rights and how to delete your data

  • Enrolment is opt-in. An employee may decline Face ID and use alternative clock-in methods (manual entry, PIN, or a physical card if offered by the employer).
  • An employee may withdraw from Face ID at any time and request deletion of their face data.
  • To request deletion, contact your employer (the SMECentral account holder) or email support@smecentral.au. Deletion requests are honoured within 30 days.
If you have any questions about how SMECentral handles Face ID data, please email support@smecentral.au.

6. Data Storage & Security

Personal information we hold is stored on servers located in Australia. We implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure, including:

  • HTTPS encryption for all data in transit
  • Access controls limiting who can view customer records
  • Regular security reviews of our infrastructure

No method of internet transmission is 100% secure. If you believe your information has been compromised, please contact us immediately.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Purchase and invoicing records are retained for a minimum of 7 years in accordance with ATO record-keeping requirements. Contact form submissions are deleted after 12 months.

8. Cookies

Our website uses only essential session cookies required for form functionality (e.g. contact form captcha). We do not use advertising cookies, cross-site tracking, or analytics platforms that share your data with third parties. You can disable cookies in your browser settings; this may affect some form functionality.

9. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Complain about a breach of your privacy
  • Request deletion of your information where we no longer have a lawful basis to retain it

To exercise any of these rights, email us at alex@powerdigital.au. We will respond within 30 days.

10. Complaints

If you believe we have mishandled your personal information, please contact us in the first instance so we can attempt to resolve the matter.

If you remain unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992

11. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date at the top of this page will be updated accordingly. We encourage you to review this page periodically. Continued use of our website or product after changes are posted constitutes acceptance of the revised policy.

Questions about this policy?

Contact Us