Privacy Policy: Refactor Labs Pty Ltd
Last updated: 12 Jul 2026
Refactor Labs Pty Ltd (ABN 59 700 054 600, "we", "us", "Refactor Labs") operates refactor.gg and its associated products and services, currently including Vantoro (vantoro.refactor.gg). This policy explains how we handle personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and applies across our website and products.
Scope note: This policy covers information about you as a website visitor, account holder, or user of one of our products' dashboards. It does not cover the data your organisation sends to one of our products via its API (whether directly or via an open-source SDK) as part of that product's core function (e.g., traced logic/business data from your own application, in Vantoro's case). That's covered by the relevant product's Data Processing Agreement, because in that context your organisation is the controller and we're the processor.
What we collect
- Account & identity data: name, email, organisation, and authentication data.
- Billing data: payment and transaction records, processed via our payment provider; we don't retain full card details.
- Product usage data: dashboard interactions, feature usage, session data, log-in history.
- Communications: support and other correspondence you send us (e.g. to support@refactor.gg), and transactional emails we send you.
- Technical data: IP address, browser/device type, cookies (website and dashboard).
- Analytics data: usage and interaction data collected via our analytics provider (PostHog, configured in cookieless mode), used to understand how our products are used. No cookies are set and no personal identifiers are collected for this purpose.
How we use it
To provide and maintain the service, authenticate you, process payments, respond to support requests, send service communications, improve the product, detect abuse/security issues, and comply with legal obligations.
Who we share it with
We use third-party service providers to operate our website, product, and business, including for hosting, authentication, payments, and email. These providers are bound by their own terms and (where applicable) data processing agreements with us, and only process personal information for the purposes described in this policy.
We do not sell personal information. We only disclose it to these providers for the purposes above, or where required by law.
Cross-border disclosure
We may disclose personal information to service providers located in Australia and the United States, including the providers identified on our Subprocessors page.
Before disclosing personal information overseas, we take reasonable steps to ensure the overseas recipient handles that information consistently with the Australian Privacy Principles, including through contractual privacy and security obligations where appropriate.
Overseas recipients may be subject to laws that require them to disclose information to government authorities or other third parties in the country where they operate. You may contact us at support@refactor.gg for further information about the countries in which our service providers handle personal information.
Data retention
Most billing data is held by our payment provider, not by us directly. Account and subscription details we store ourselves are deleted when you delete your account. Product usage/log data tied to your account is retained per our standard retention settings (see the relevant product's documentation for current limits).
Note: retention of Customer Data transmitted via a product's API is governed separately; see that product's Terms of Use and Data Processing Agreement.
Security
We apply reasonable technical and organisational measures (encryption in transit, access controls, hosting within reputable cloud infrastructure) to protect personal information. No system is 100% secure, and we'll notify affected individuals and the OAIC per the Notifiable Data Breaches scheme if a breach meeting the legal threshold occurs.
Your rights
You may request access to, correction of, or deletion of your personal information by contacting support@refactor.gg. If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
EU/UK users
If you're located in the European Economic Area (EEA) or United Kingdom and use one of our products or interact with us as an account holder, the following also applies to you.
Legal basis for processing. We process your personal information on the following bases: performance of a contract (providing the Service to you), our legitimate interests (e.g. security, service improvement, responding to enquiries), consent (e.g. optional cookies or marketing, where applicable), and compliance with legal obligations.
Your rights. In addition to the rights described above, you have the right to:
- access the personal information we hold about you;
- request correction of inaccurate information;
- request erasure of your information, subject to legal exceptions;
- request restriction of, or object to, our processing in certain circumstances;
- request a portable copy of information you've provided to us;
- withdraw consent at any time, where processing is based on consent;
- lodge a complaint with your local supervisory authority (e.g. the Irish Data Protection Commission, or the UK Information Commissioner's Office).
To exercise any of these rights, contact support@refactor.gg.
International transfers. Where we transfer your personal information outside the EEA/UK (including to Australia or the United States, as set out in our Subprocessors page), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (or the UK's International Data Transfer Addendum), or a recognised adequacy mechanism where available.
Cookies
We use cookies necessary to operate the website and dashboard (e.g. authentication, session state). For analytics, we use PostHog in cookieless mode: it doesn't set cookies or collect personal identifiers. If we introduce any cookie-based non-essential tracking in future, we'll update this section and implement an opt-in consent mechanism before setting those cookies.
Children
Our products are B2B developer tools not directed at children. We don't knowingly collect data from anyone under 18 in a personal (non-work) capacity.
Changes
We'll update this policy as needed and update the "last updated" date. Material changes will be notified via email or in-product notice.
Contact
Refactor Labs Pty Ltd Level 1, 63-73 Ann Street, Surry Hills, NSW 2010 support@refactor.gg