Legal
We collect the information you give us to run the platform — your account details, breeding records, and standard technical data. We do not sell your data. We use a small number of trusted third-party providers to run the platform, including Supabase, Vercel, Stripe, Resend, Mailchimp, Sentry, and an AI provider for AI-assisted features. AI outputs are suggestions only and your data is not used to train models. You can access, correct, export, or delete your data at any time by emailing support@whelpora.com. The platform is currently in beta, so please do not store highly sensitive information during this phase.
Susse Pty Ltd ACN 695 394 079 trading as Whelpora (Whelpora, we, us, or our) operates the Whelpora platform (Platform), a dog breeding and whelping management tool for professional and hobby dog breeders.
We are committed to protecting the privacy of our users (you) and handling personal information responsibly. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information.
Whelpora is an Australian entity primarily regulated by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth). We also comply with:
Where this Policy refers to obligations under a specific law, those obligations apply only to users in the relevant jurisdiction. The strongest applicable standard always takes precedence.
If you have any questions about this Privacy Policy, please contact us at the details in clause 16.
We collect personal information:
We will only collect personal information that is reasonably necessary for our functions and activities. Where practicable, we will give you the option to interact with us anonymously or using a pseudonym, unless identification is required by law or to deliver the service.
We use your personal information for the following purposes. Where GDPR or UK GDPR applies, we also identify the lawful basis for each use.
| Purpose | Lawful basis (GDPR / UK GDPR) |
|---|---|
| Create and manage your account | Contract |
| Provide, operate, maintain, and improve the Platform | Contract |
| Communicate with you about your account, updates, or changes | Contract / Legitimate interests |
| Respond to your feedback, support requests, and enquiries | Contract / Legitimate interests |
| Process payments and manage billing | Contract |
| Analyse usage patterns and improve user experience | Legitimate interests |
| Comply with our legal obligations | Legal obligation |
| Detect, investigate, and prevent fraudulent or unlawful activity | Legitimate interests / Legal obligation |
| Send you product updates and feature announcements | Consent (opt out at any time) |
| Process AI-assisted feature requests (message drafting, coat prediction, document parsing) | Contract / Legitimate interests |
We will not use your personal information for a secondary purpose without your consent, unless an exception under the APPs or applicable law permits it.
To opt out of marketing communications, use the unsubscribe link in any such email or contact us at support@whelpora.com.
Your personal information is stored on servers managed by third-party infrastructure providers set out in clause 6. These servers may be located in Australia, the United States, and other countries.
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include:
In the event of an eligible data breach:
Some of our third-party service providers store or process data on servers located outside Australia, including in the United States of America. We take reasonable steps to ensure those providers apply data protection standards consistent with the APPs before disclosing personal information to them (APP 8).
For EU / UK users: where personal data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses approved by the European Commission (or equivalent UK mechanisms) as the transfer safeguard. For Mailchimp specifically, EU and UK transfers are covered by Standard Contractual Clauses incorporated into Mailchimp's Data Processing Addendum.
We may disclose your personal information to the following third-party providers:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database hosting and authentication | USA / Global (AWS) |
| Vercel | Web hosting and delivery | USA / Global |
| Stripe | Payment processing | USA / Global |
| Resend | Transactional email delivery (account notifications, invoice sends, contract signature notifications, support emails, cancellation emails) | USA / Global |
| Mailchimp (Intuit Inc.) | Mobile app waitlist and product update communications | USA |
| Sentry | Error monitoring and crash reporting. Sentry is configured to minimise collection of personally identifiable information. Sentry's Data Processing Agreement is available at sentry.io/legal/dpa. | USA / Global |
| AI provider (via Lovable AI Gateway) | AI-assisted features: buyer message drafting, coat colour prediction, DNA report parsing, pedigree document parsing. See clause 10 for details of what data is sent and how it is handled. | USA / Global |
We may engage additional third-party service providers from time to time. Where we do, we will update this Privacy Policy accordingly. All providers are contractually required to handle your personal information only as directed by us and in accordance with applicable privacy law.
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
We may disclose your personal information:
We retain personal information for as long as: (a) your account remains active; (b) it is necessary to provide the Platform to you; or (c) required by applicable law. Retention periods by data category:
| Data category | Retention period |
|---|---|
| Account data | Life of your account plus 30 days after deletion |
| Breeding records | Life of your account (or until you delete them) |
| Usage and analytics data | Up to 12 months |
| Support correspondence | Up to 2 years |
| Payment records | 7 years as required by Australian tax law. For EU and UK users, the longer applicable local retention period applies (for example, HMRC requires 6 years from the end of the relevant accounting period; certain EU member states may require longer periods). |
| Contract and e-signature records | Minimum 7 years from date of execution, to support legal enforceability. |
If you close your account, you may request deletion of your personal information. Upon receiving a valid deletion request, we will delete or de-identify your personal information within 30 days and notify you when deletion is complete.
We may retain certain information after deletion where required by law, for legitimate dispute resolution, or to enforce our agreements.
Email support@whelpora.com with the subject line "Data Deletion Request." Alternatively, account deletion may be available directly within your account settings.
You may request an export of your personal data and breeding records at any time by contacting support@whelpora.com. We will provide your data in a commonly used, machine-readable format within 30 days of your request. This right also applies under GDPR / UK GDPR Article 20 for EU and UK users.
| Tool | Type | Purpose | Can be declined? |
|---|---|---|---|
| Supabase Auth session cookie | Essential | Maintains your authenticated session. Without this cookie you cannot remain logged in. | No — required for login |
| Supabase Auth refresh token | Essential | Refreshes your session token to keep you logged in without requiring repeated password entry. | No — required for login |
| Cookie consent preference | Functional | Stores your cookie consent choice so we do not ask again on every visit. | No — required to remember your preference |
| Sentry | Functional | Error monitoring and crash reporting to maintain Platform stability. | No — required for Platform stability |
| Analytics (if introduced) | Analytics | Usage pattern analysis to improve the Platform. | Yes — via cookie banner |
We do not currently use third-party advertising or marketing cookies. If we introduce analytics tools that set cookies, we will update this section and present you with a cookie consent banner before any such cookies are set.
For users in the EU, UK, and other jurisdictions requiring prior consent for non-essential cookies: we will present a cookie consent banner that allows you to accept or decline analytics cookies before they are set. Essential and functional cookies required for the Platform to operate do not require your consent.
You can control cookies through your browser settings. Disabling essential cookies may affect Platform functionality.
This clause applies to individuals who receive a contract, invoice, or other document sent through the Platform by a Whelpora user (a breeder). If you are a breeder, please refer to the earlier clauses of this Policy which apply to your use of the Platform.
The breeder who sent you a document through the Platform is the primary data controller of your personal information. Whelpora is a joint controller to the limited extent required to maintain the integrity and enforceability of the e-signature audit trail, and acts as a data processor for all other processing.
When a breeder sends you a contract or other document for signature or review through the Platform, we collect the following information about you:
This information is collected to create a legally enforceable audit trail for the e-signed document, consistent with the requirements of the Electronic Transactions Act 1999 (Cth) and equivalent legislation in relevant jurisdictions (eIDAS (EU), ESIGN Act and UETA (USA), CCLA 2017 (NZ)).
For GDPR and UK GDPR purposes, the lawful bases are:
Your information is accessible to:
E-signature audit trail data is retained for a minimum of 7 years from the date of execution to support the legal enforceability of the document. After that period, data is deleted or de-identified unless a longer retention period is required by applicable law.
Your data may be processed on servers located in the United States via our infrastructure providers (Supabase / AWS, Vercel). Transfers are subject to appropriate safeguards as described in clause 5.4.
You have the right to access, correct, and in certain circumstances request deletion of your personal information. To exercise these rights, contact us at support@whelpora.com. Please note that we may not be able to delete certain information that forms part of the legal audit trail without compromising the enforceability of the signed document.
When you open a document sent through the Platform, you will be notified that your IP address, device information, and timestamps are being collected for the purpose of creating a legally enforceable audit trail. You do not need to create a Whelpora account to sign a document.
10.1 The Platform includes AI-assisted features powered by a third-party AI provider (via Lovable AI Gateway, which may use underlying providers including OpenAI, Anthropic, or Google). These features include:
10.2 Data sent to the AI provider is used solely to generate the requested output and is not used to train AI models.
10.3 AI-generated outputs are suggestions only. Consistent with GDPR Article 22, no decision that produces a legal or similarly significant effect for any person is made solely by automated means through this Platform. You remain the decision-maker and are responsible for reviewing and approving any AI-generated content before acting on it.
10.4 You can manage your AI feature usage and quota through your account settings.
Tax amounts you enter on invoices, receipts, and expenses are stored as part of your kennel records so you can review and export them. We do not transmit tax figures to any tax authority and we do not calculate or verify them. You are responsible for the accuracy of any tax figures you enter and for confirming your tax obligations with a qualified accountant or tax agent.
The Platform is not intended for use by persons under 18 years of age. Account registration requires confirmation that you are at least 18 years old. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information without appropriate consent, we will take steps to delete that information promptly.
If you believe a minor has provided us with personal information, please contact us at support@whelpora.com.
Note: A Children's Online Privacy Code for Australia is expected to be developed by December 2026 under the Privacy and Other Legislation Amendment Act 2024 (Cth). We will update this Policy accordingly when that Code is finalised.
Under the Australian Privacy Principles (APPs), you have the right to:
In addition to the above, you have the right to:
You have the same rights as EU users under clause 13.2, enforceable under UK GDPR. You may also lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.
You have the right to access and correct personal information we hold about you under the Privacy Act 2020 (NZ). You may also complain to the Office of the Privacy Commissioner (NZ): privacy.org.nz.
You have rights under PIPEDA to access and correct personal information we hold, and to withdraw consent for optional uses of your data. You may also complain to the Office of the Privacy Commissioner of Canada: priv.gc.ca.
To exercise any of these rights, contact us at support@whelpora.com. We will respond within 30 days. We will not discriminate against you for exercising your privacy rights.
Breeders who process buyer data and who are subject to GDPR or UK GDPR may also request a Data Processing Agreement by emailing support@whelpora.com.
If you believe we have mishandled your personal information, please contact us first at support@whelpora.com. We will acknowledge your complaint within 5 business days and respond with an outcome within 30 days.
If you are not satisfied with our response, you may contact the relevant regulator for your jurisdiction:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Your local data protection authority
Full list at: edpb.europa.eu
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Office of the Privacy Commissioner
Website: privacy.org.nz
Phone: 0800 803 909
Office of the Privacy Commissioner of Canada
Website: priv.gc.ca
Phone: 1-800-282-1376
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.
We will notify you of material changes by email or in-platform notification at least 14 days before the changes take effect. The "Last updated" date at the top of this Policy reflects the date of the most recent revision.
Your continued use of the Platform after the effective date of any changes constitutes acceptance of the updated Policy.
For all privacy-related enquiries, requests, and complaints:
Privacy Officer
Susse Pty Ltd ACN 695 394 079 trading as Whelpora
Level 1, 888 Brunswick Street, New Farm QLD 4005
Queensland, Australia
Email: support@whelpora.com
Website: whelpora.com
Susse Pty Ltd ACN 695 394 079 trading as Whelpora is an Australian entity subject to the Privacy Act 1988 (Cth) as amended, and the Australian Privacy Principles.