Privacy Policy
Last updated: 2 July 2026
LawnOps ("LawnOps", "we", "us", "our") provides business management software for lawn and garden care operators, including quoting, scheduling, run sheets, invoicing, payments and a lead-generating website (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.
This policy applies to operators and their staff who create a LawnOps account ("Operators"), and to end customers of Operators who submit information through an Operator's LawnOps-powered website, quote or invoice ("End Customers").
1. Information we collect
Account & business information
- Name, business name, email address, phone number and password (hashed, never stored in plain text) when you create an account.
- Business details you add, such as ABN, address, logo, service area and payment terms.
Customer & job data you enter
- Client names, addresses, phone numbers, email addresses, property details and job notes that Operators enter to run their business.
- Quotes, invoices, job schedules, run sheet records, before/after photos, and payment status.
Lead & website data
- If an Operator publishes a LawnOps website, quote requests submitted by End Customers (name, phone, email, address, service requested) are stored and delivered to that Operator.
Payment information
- Payments are processed by Stripe. LawnOps does not collect or store full card numbers — Stripe handles card data under its own PCI-compliant systems.
Integration data
- If an Operator connects a third-party service (Google Calendar, Xero, MYOB or QuickBooks), we store the OAuth access/refresh tokens needed to sync data (e.g. calendar events, invoices) with that account. Tokens are encrypted at rest and used only for the connected feature.
Technical & usage data
- IP address, browser type, device information, pages visited and timestamps, collected for security, rate-limiting and diagnosing errors.
- If configured by an Operator's marketing site, Google Analytics and/or Meta Pixel may collect anonymised visitor analytics.
2. How we use information
- To provide, operate and maintain the Service (quoting, scheduling, invoicing, payments, run sheets and websites).
- To send transactional emails and SMS (e.g. quote/invoice delivery, job reminders, password resets).
- To process subscription billing via Stripe.
- To power optional AI features (e.g. AI-drafted quotes, AI routing, an AI business assistant) using OpenAI's API. Prompts sent to OpenAI are limited to the job/quote context needed to generate the response and are not used by us to train third-party models.
- To detect, prevent and respond to fraud, abuse and security incidents.
- To comply with legal obligations, including tax and accounting record-keeping.
3. Who we share information with
We do not sell personal information. We share data only with service providers who process it on our behalf, and only as needed to deliver the Service:
| Provider | Purpose | Data shared |
|---|---|---|
| Railway | Application & database hosting | All application data |
| Cloudflare (R2) | Photo & file storage | Uploaded photos/files |
| Stripe | Subscription billing & on-site payments | Email, payment details |
| OpenAI | AI quoting, routing & assistant features | Job/quote text relevant to the request |
| Resend / SMTP provider | Transactional email delivery | Recipient email address, email content |
| Twilio | SMS notifications (if enabled by an Operator) | Recipient phone number, message content |
| Google, Xero, MYOB, QuickBooks | Optional Operator-initiated integrations | Calendar events or invoice data, per the connected scope |
| Sentry | Error monitoring | Technical error data (no passwords or payment data) |
We may also disclose information if required by law, to enforce our Terms of Service, or to protect the rights, property or safety of LawnOps, our users, or the public.
4. Data retention
We retain account and business data for as long as your account is active. If you close your account, we delete or anonymise personal data within a reasonable period, except where we are required to retain records (e.g. financial records for tax purposes, typically 7 years under Australian law).
5. Security
We use industry-standard safeguards, including encrypted connections (TLS) between your browser and our servers, hashed passwords, encrypted storage of OAuth tokens, and role-based access controls scoped to each Operator's own organisation. No system is 100% secure, and we cannot guarantee absolute security.
6. Your rights and choices
- Access & correction — update your account and business details at any time from Settings.
- Export — request a copy of your data by contacting us at the address below.
- Deletion — request deletion of your account and associated personal data, subject to legal record-keeping requirements.
- Marketing communications — you can opt out of non-essential emails at any time; transactional emails required to operate your account (e.g. password resets, invoices) cannot be opted out of while your account is active.
If you are located in the EU/EEA or California, you may have additional rights under the GDPR or CCPA respectively (including the right to lodge a complaint with a supervisory authority). We honour these rights for all users regardless of location where reasonably practicable.
7. End Customers of an Operator
If you submitted your details through an Operator's LawnOps website, quote or invoice, that Operator is the data controller for the information you provided — LawnOps processes it on their behalf. To access, correct or delete your information, please contact the Operator directly; if you're unable to reach them, contact us and we will assist.
8. Cookies
We use essential cookies/local storage to keep you signed in and remember preferences. Operator marketing sites may use analytics cookies (Google Analytics, Meta Pixel) only where the Operator has configured them, for aggregated, anonymised traffic insight.
9. Children's privacy
The Service is intended for business use by adults operating a lawn and garden care business. We do not knowingly collect personal information from children under 16.
10. International data transfers
Our infrastructure providers may process data outside Australia (e.g. the United States). Where this occurs, we rely on providers with appropriate data protection safeguards in place.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above, and where appropriate, we will notify Operators by email.
12. Contact us
Questions about this Privacy Policy or your data? Contact us at privacy@lawnops.com.au.