Privacy Policy

How Reportly handles your data

Reportly is an AI-powered client reporting product for marketing agencies and freelancers. This policy explains what information we collect, why we use it, and how you can ask us to access, correct, disconnect, or delete it.

Effective date: 3 June 2026

Questions about these pages, your data, or a deletion request? Contact hello@reportly.au and we’ll help route it.

1. Who we are

Reportly is operated from Australia and provides software that helps agencies connect reporting data sources, generate client-ready reports, and share those reports with clients.

You can contact us about privacy, security, access, correction, deletion, or complaints at hello@reportly.au.

2. Information we collect

We collect information you provide directly, information created while you use Reportly, and information we receive from connected third-party services that you authorise.

  • Account information, such as your name, email address, authentication identifiers, workspace details, and beta access status.
  • Agency and client information, such as agency name, client names, websites, reporting preferences, report titles, notes, and report recipients.
  • Report data, such as analytics metrics, advertising metrics, chart data, AI-generated summaries, recommended next steps, and public share-link content.
  • Integration data from connected services, including Google Analytics 4 property details and metrics, Meta Ads account/campaign/ad insights, account IDs, property IDs, campaign names, spend, clicks, impressions, conversions, and related reporting data.
  • OAuth information needed to provide the integration, including access tokens, refresh tokens where applicable, token expiry information, scopes, and connected account identifiers.
  • Usage, technical, and security information, such as log data, device/browser information, IP address, pages visited, feature usage, errors, and diagnostic events.
  • Support and communications, such as messages you send to hello@reportly.au or through any future support channel.
  • Billing information if paid plans are introduced, generally processed by a payment provider rather than stored directly by Reportly.

3. How we collect information

  • When you sign up, log in, update settings, create clients, generate reports, or share reports.
  • When you connect Google Analytics, Meta Ads, or other reporting integrations through OAuth or similar authorisation flows.
  • When connected services provide data back to Reportly under the permissions you granted.
  • When you contact us for support, feedback, beta access, or security concerns.
  • Automatically through hosting, analytics, logging, security, and product telemetry tools.

4. Why we use information

  • To create and manage your Reportly account and workspace.
  • To connect authorised Google, Meta, and other reporting sources.
  • To sync analytics and advertising data into client reports and dashboards.
  • To generate AI-assisted report summaries and recommended next steps.
  • To send account, password reset, report sharing, product, support, and service messages.
  • To keep the service secure, troubleshoot errors, prevent misuse, and monitor reliability.
  • To improve Reportly’s product experience, onboarding, beta learnings, and reporting quality.
  • To meet legal, compliance, platform, and accounting obligations where applicable.

5. Google and Meta data

Reportly only accesses Google Analytics and Meta Ads data after an authorised user connects the relevant account. We use this data to provide user-facing reporting features inside Reportly, including dashboards, report generation, client-ready summaries, and shareable reports.

We do not sell Google user data, Meta platform data, OAuth tokens, or client reporting data. We do not use Google or Meta data for unrelated advertising profiles. We request the scopes needed to provide the reporting features available in Reportly.

6. OAuth tokens and connected accounts

OAuth tokens are stored encrypted and used to access only the accounts and data sources you have authorised. You can disconnect an integration in Reportly where that option is available, revoke access through the relevant Google or Meta account settings, or contact us at hello@reportly.au for help removing connected account data.

If an integration is disconnected or revoked, Reportly may no longer be able to sync new data from that provider. Historical report data may remain in your workspace or backups unless you ask us to delete it or your account is deleted, subject to lawful retention requirements.

7. AI processing

Reportly uses AI providers to help generate plain-English report overviews and recommended next steps from reporting data. This may involve sending relevant report metrics, client/report context, and prompt content to an AI service provider so the requested report narrative can be produced.

AI-generated content can be incomplete or inaccurate. You are responsible for reviewing report text before sending it to clients or relying on it for business decisions.

8. Service providers and disclosures

We use trusted service providers to host, secure, authenticate, send, analyse, process, and operate Reportly. They may process information for us only as needed to provide their services, comply with law, or protect the service.

  • Hosting and deployment providers, such as Vercel.
  • Database, authentication, and storage providers, such as Supabase.
  • Email providers used for account, support, or report-sharing emails.
  • AI providers used to generate report narratives.
  • Connected platforms you authorise, such as Google and Meta.
  • Analytics, logging, error monitoring, security, and product operations tools.
  • Payment processors if paid plans are introduced.
  • Professional advisers, regulators, law enforcement, or courts where required by law.

9. Overseas processing

Reportly is operated from Australia, but our cloud, authentication, email, analytics, AI, support, and integration providers may process or store information in other countries, including the United States and other regions where those providers operate. We take reasonable steps to use reputable providers and protect information according to this policy.

10. Security

We take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification, and disclosure. These steps include encrypted token storage, access controls, least-privilege practices where practical, secure authentication, monitoring, backups, and provider security controls.

No internet service can be guaranteed perfectly secure. If you believe you have found a security issue, contact hello@reportly.au so we can investigate.

11. Your responsibilities

If you connect client analytics, advertising, website, or reporting accounts to Reportly, you are responsible for confirming that you have permission to do so and that your use of Reportly complies with your obligations to those clients.

12. Access, correction, deletion, and complaints

You can ask to access, correct, export, disconnect, or delete your personal information or connected account data by emailing hello@reportly.au. We may need to verify your identity before acting on a request.

If you have a privacy complaint, contact us first at hello@reportly.au and we will try to resolve it. If you are not satisfied, you may be able to contact the Office of the Australian Information Commissioner at oaic.gov.au.

13. Retention

We keep information for as long as needed to provide Reportly, maintain security and backups, resolve disputes, meet legal obligations, improve the product, and support beta operations. When information is no longer needed, we take reasonable steps to delete or de-identify it.

14. Changes to this policy

We may update this policy as Reportly changes. If the changes are material, we will take reasonable steps to notify users, such as updating this page, sending an email, or showing an in-product notice.