Privacy Policy

How we handle your data

Civil Mining Solutions is committed to protecting the privacy and security of your personal information. This policy explains what we collect, why, and how we keep it safe — in plain language.

Last updated: 15 March 2026

What we collect

We only collect information that is necessary to connect you with work or workers. The data we collect depends on how you interact with us:

Operators & Workers

  • Contact details — name, email, phone number
  • Work profile — sector preference, experience, availability, tickets & certifications
  • Resume — uploaded document (PDF, Word)
  • Chat transcripts — conversations with our AI assistant

Hirers & Employers

  • Contact details — name, email, phone, company
  • Enquiry details — roles needed, timing, location
  • Chat transcripts — conversations with our AI assistant

We also collect basic analytics (page views, form interactions) to improve the website experience. This data is anonymised and cannot identify you.

How we store your data

Your data is stored securely using enterprise-grade cloud infrastructure:

Supabase (Primary Database)

All candidate profiles, communications, and application data are stored in Supabase, an open-source platform built on PostgreSQL. Your data is:

  • Encrypted at rest using AES-256 encryption
  • Encrypted in transit via TLS 1.2+
  • Hosted on AWS infrastructure with SOC 2 Type II certification
  • Protected by row-level security policies — only authorised personnel can access your records
  • Backed up automatically with point-in-time recovery

Resume Storage

Uploaded resumes are stored in Supabase Storage, a secure object storage service. Resumes are:

  • Not publicly accessible — files require a time-limited signed URL to download
  • Signed URLs expire after 7 days and cannot be reused
  • Only accessible to CMS recruitment staff via internal tools
  • Encrypted at rest, same as all other data

Notion (Internal CRM)

Candidate and enquiry records are synced to our internal Notion workspace for our recruitment team to manage. Notion provides enterprise-grade security including SOC 2 Type II compliance and encryption at rest. Access is restricted to authorised CMS staff only.

AI-assisted screening

When you submit a resume, we use AI (Anthropic Claude) to help our team process applications faster. Here's exactly what happens:

  1. Your resume is read by the AI to extract relevant information — tickets, experience, and qualifications
  2. The AI generates a screening score (1–5) and summary to help our recruiters prioritise outreach
  3. No automated decisions are made — a human always reviews every application before any action is taken
  4. Your resume data is sent securely via API and is not used to train AI models

Our chat assistant also uses AI to have a conversation with you and gather relevant details. Chat transcripts are saved to help our team follow up, but the AI does not make recruitment decisions.

Why we collect your information

We use your personal information to:

  • Match you with suitable job opportunities or candidates
  • Contact you about roles, enquiries, or application status
  • Verify qualifications, tickets, and work eligibility
  • Improve our services and website experience
  • Comply with legal and regulatory obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.

Australian regulatory compliance

Civil Mining Solutions operates under and complies with Australian privacy legislation, including:

  • Privacy Act 1988 (Cth) — We adhere to the 13 Australian Privacy Principles (APPs) governing how personal information is collected, used, disclosed, and stored
  • Notifiable Data Breaches (NDB) scheme — In the unlikely event of a data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC as required
  • Australian Consumer Law — We are transparent about how your data is used and will never mislead you about our practices
  • Fair Work Act 2009 — Employee records are handled in accordance with fair work obligations

Our data infrastructure exceeds the baseline requirements of Australian privacy law. Supabase's SOC 2 Type II certification, AES-256 encryption, and row-level access controls provide a level of security typically seen in banking and healthcare applications.

Your rights

Under Australian privacy law, you have the right to:

  • Access your personal information we hold about you
  • Correct any inaccurate or outdated information
  • Request deletion of your personal information (subject to legal obligations)
  • Withdraw consent at any time for future processing
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at admin@civilminingsolutions.com.au. We will respond within 30 days.

Data retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy:

  • Candidate profiles & resumes — retained while you remain in our active talent pool, or until you request deletion
  • Hirer enquiries & communications — retained for the duration of the business relationship plus 2 years
  • Chat transcripts — retained for 12 months to improve our services
  • Analytics data — anonymised and retained indefinitely

Questions or concerns?

If you have any questions about this privacy policy or how we handle your data, get in touch:

Email: admin@civilminingsolutions.com.au

You can also lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

The short version

  • We only collect what we need to get you work or workers
  • Your data is encrypted and stored on enterprise-grade infrastructure
  • Resumes are never publicly accessible
  • AI helps us screen faster — humans make the decisions
  • We never sell your data
  • You can request deletion at any time

Security standards

  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • SOC 2 Type II certified infrastructure
  • Row-level security policies
  • Time-limited signed URLs for files
  • Automatic backups with point-in-time recovery

Compliance

  • Privacy Act 1988 (Cth)
  • 13 Australian Privacy Principles
  • Notifiable Data Breaches scheme
  • Australian Consumer Law
  • Fair Work Act 2009