re//factor

Privacy Policy: Refactor Labs Pty Ltd

Last updated: 12 Jul 2026

Refactor Labs Pty Ltd (ABN 59 700 054 600, "we", "us", "Refactor Labs") operates refactor.gg and its associated products and services, currently including Vantoro (vantoro.refactor.gg). This policy explains how we handle personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and applies across our website and products.

Scope note: This policy covers information about you as a website visitor, account holder, or user of one of our products' dashboards. It does not cover the data your organisation sends to one of our products via its API (whether directly or via an open-source SDK) as part of that product's core function (e.g., traced logic/business data from your own application, in Vantoro's case). That's covered by the relevant product's Data Processing Agreement, because in that context your organisation is the controller and we're the processor.

What we collect

How we use it

To provide and maintain the service, authenticate you, process payments, respond to support requests, send service communications, improve the product, detect abuse/security issues, and comply with legal obligations.

Who we share it with

We use third-party service providers to operate our website, product, and business, including for hosting, authentication, payments, and email. These providers are bound by their own terms and (where applicable) data processing agreements with us, and only process personal information for the purposes described in this policy.

We do not sell personal information. We only disclose it to these providers for the purposes above, or where required by law.

Cross-border disclosure

We may disclose personal information to service providers located in Australia and the United States, including the providers identified on our Subprocessors page.

Before disclosing personal information overseas, we take reasonable steps to ensure the overseas recipient handles that information consistently with the Australian Privacy Principles, including through contractual privacy and security obligations where appropriate.

Overseas recipients may be subject to laws that require them to disclose information to government authorities or other third parties in the country where they operate. You may contact us at support@refactor.gg for further information about the countries in which our service providers handle personal information.

Data retention

Most billing data is held by our payment provider, not by us directly. Account and subscription details we store ourselves are deleted when you delete your account. Product usage/log data tied to your account is retained per our standard retention settings (see the relevant product's documentation for current limits).

Note: retention of Customer Data transmitted via a product's API is governed separately; see that product's Terms of Use and Data Processing Agreement.

Security

We apply reasonable technical and organisational measures (encryption in transit, access controls, hosting within reputable cloud infrastructure) to protect personal information. No system is 100% secure, and we'll notify affected individuals and the OAIC per the Notifiable Data Breaches scheme if a breach meeting the legal threshold occurs.

Your rights

You may request access to, correction of, or deletion of your personal information by contacting support@refactor.gg. If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

EU/UK users

If you're located in the European Economic Area (EEA) or United Kingdom and use one of our products or interact with us as an account holder, the following also applies to you.

Legal basis for processing. We process your personal information on the following bases: performance of a contract (providing the Service to you), our legitimate interests (e.g. security, service improvement, responding to enquiries), consent (e.g. optional cookies or marketing, where applicable), and compliance with legal obligations.

Your rights. In addition to the rights described above, you have the right to:

To exercise any of these rights, contact support@refactor.gg.

International transfers. Where we transfer your personal information outside the EEA/UK (including to Australia or the United States, as set out in our Subprocessors page), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (or the UK's International Data Transfer Addendum), or a recognised adequacy mechanism where available.

Cookies

We use cookies necessary to operate the website and dashboard (e.g. authentication, session state). For analytics, we use PostHog in cookieless mode: it doesn't set cookies or collect personal identifiers. If we introduce any cookie-based non-essential tracking in future, we'll update this section and implement an opt-in consent mechanism before setting those cookies.

Children

Our products are B2B developer tools not directed at children. We don't knowingly collect data from anyone under 18 in a personal (non-work) capacity.

Changes

We'll update this policy as needed and update the "last updated" date. Material changes will be notified via email or in-product notice.

Contact

Refactor Labs Pty Ltd Level 1, 63-73 Ann Street, Surry Hills, NSW 2010 support@refactor.gg