Privacy Policy

Last updated: May 2026

1. About This Policy

This Privacy Policy explains how Trinity DAO Pty Ltd T/A PropertyLens (Aust) (ABN 14 681 800 724) ("we", "us", "our") collects, holds, uses, and discloses personal information in connection with the PropertyLens platform, including the website at https://propertylens.au, the application at https://app.propertylens.au, all reports, APIs, and related services (collectively, the "Platform").

We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you do not agree with this policy, please do not use the Platform.

2. Kinds of Personal Information We Collect

2.1 Information You Provide Directly

  • Account registration: Name, email address, password (hashed, never stored in plain text)
  • Contact forms and support: Name, email address, phone number (optional), message content
  • Payment: Billing name, billing address, and payment card details (processed and stored exclusively by Stripe; we do not store card numbers on our servers)
  • Report inputs: Property addresses you search, property details you enter, report preferences, and any notes or comments you provide
  • API access: Developer name, API key identifier, and usage logs
  • Marketing preferences: Email subscription status and communication preferences

2.2 Information Collected Automatically

  • IP address and approximate geographic location (city/state level)
  • Browser type, operating system, device type, and screen resolution
  • Pages visited, features used, and time spent on the Platform
  • Referring website URL and search terms used to find us
  • Error logs and performance data
  • Authentication tokens and session identifiers

2.3 Property Data

PropertyLens analyses publicly available property data from government registries, council portals, listing platforms, and statistical agencies. This data may include property addresses, lot and plan identifiers, sale prices, listing details, and planning overlays. In some cases, publicly available property records may contain names of vendors or purchasers. We do not actively seek to collect or store personal information about property owners beyond what is published in public datasets, and we do not use owner names for direct marketing or unsolicited contact.

3. How We Collect Personal Information

We collect personal information:

  • Directly from you, when you create an account, submit a form, purchase credits, run a report, or contact us
  • From Stripe, when a payment is processed (we receive a transaction reference and billing name, not card numbers)
  • Automatically, through cookies, session tokens, and server logs when you interact with the Platform
  • From publicly available sources, when we aggregate property data for analysis

4. Purposes for Which We Collect, Hold, Use, and Disclose Personal Information

We use the personal information we collect to:

  • Provide the Platform, generate reports, and deliver property research results
  • Create and manage your user account
  • Process credit purchases and manage billing
  • Respond to support enquiries and resolve disputes
  • Send transactional emails (report delivery, payment receipts, account notifications)
  • Send marketing communications where you have opted in (you can unsubscribe at any time)
  • Monitor Platform performance, detect errors, and improve features
  • Detect, prevent, and address fraud, abuse, and security incidents
  • Generate aggregated, de-identified analytics about property market trends (these analytics do not identify you)
  • Comply with our legal obligations, including tax record-keeping and responding to lawful requests from authorities

5. Use of AI and Automated Processing

When you request a report, your search inputs and the relevant property data may be sent to AI providers (currently Anthropic, the maker of Claude) to generate analysis. The AI provider processes the data to produce research outputs and returns the results to us. We do not send your payment card information, password, or full account profile to AI providers.

AI-generated outputs (price estimates, recommended bids, risk assessments) are research tools. PropertyLens does not use AI to make binding decisions about your legal rights, credit applications, insurance eligibility, tenancy applications, employment, or access to essential services. The Platform does not make automated decisions that produce legal effects concerning you as an individual.

From 10 December 2026, the Privacy Act 1988 will require additional transparency about automated decision-making that significantly affects individuals' rights. Our current AI use is limited to property research outputs and does not meet that threshold. We will update this policy if our use of automated processing changes in a way that triggers those requirements.

6. Disclosure of Personal Information

6.1 Third-Party Service Providers

We share personal information with the following categories of service providers:

Provider CategoryPurposeLocation
StripePayment processingUnited States
Anthropic (Claude AI)AI-powered property analysis and report generationUnited States
Cloud hosting (Azure)Platform infrastructure and database hostingAustralia (primary), with backups in other Azure regions
Email service (SendGrid)Transactional and notification emailsUnited States
CloudflareContent delivery, DDoS protection, DNSGlobal edge network
Domain.com.au, PropTrackProperty listing and sales data APIsAustralia

6.2 Overseas Disclosure

As shown above, some of our service providers are located outside Australia, primarily in the United States. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure they handle it consistently with the APPs, through contractual obligations, the provider's published privacy commitments, or both. By using the Platform, you acknowledge that some personal information may be processed outside Australia.

6.3 Other Disclosures

We may also disclose personal information:

  • Where required or permitted by law, regulation, court order, or governmental request
  • To enforce our Terms of Service or protect our rights, property, or safety
  • In connection with a merger, acquisition, or sale of assets (with notice to affected users)

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

7. Cookies and Tracking Technologies

7.1 What We Use

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled without breaking core Platform functionality.
  • Functional cookies: Remember your preferences (such as saved searches and display settings).
  • Analytics: We collect anonymous usage events (page views, feature clicks, error occurrences) to understand how the Platform is used and to identify improvements. We do not use third-party advertising or behavioural tracking cookies.

7.2 Your Controls

You can manage cookies through your browser settings. Blocking essential cookies may prevent you from using authenticated features of the Platform. We honour Do Not Track (DNT) browser signals where technically feasible.

8. Data Security

We implement appropriate technical and organisational measures to protect personal information from unauthorised access, modification, disclosure, or destruction. These include:

  • Encryption of data in transit (TLS) and at rest
  • Secure password hashing (never stored in plain text)
  • Regular database backups with restricted access
  • Role-based access controls for internal staff
  • Monitoring and audit logging of administrative access
  • Payment card data handled exclusively by Stripe (PCI DSS compliant); we never store, process, or transmit card numbers

No system is completely secure. While we take reasonable steps, we cannot guarantee absolute security of information transmitted to or stored by the Platform.

9. Data Retention

  • Account data: Retained while your account is active. If you request account deletion, we will delete or de-identify your personal information within 30 days, except where retention is required by law (such as tax records, which we retain for 5 years).
  • Report data: Purchased reports are stored in your account for as long as it is active. After account deletion, report records are de-identified within 30 days.
  • Payment records: Transaction records (excluding card numbers) are retained for 7 years for accounting and tax compliance.
  • Server logs: Automatically purged after 90 days.
  • Support enquiries: Retained for 2 years after resolution, then deleted or de-identified.

10. Notifiable Data Breaches

If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

  1. Take immediate steps to contain the breach and minimise harm
  2. Assess the breach as required by Part IIIC of the Privacy Act 1988
  3. Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable if the breach is an eligible data breach
  4. Provide a statement to affected individuals that includes what happened, the kinds of information involved, and recommended steps they can take

11. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information
  • Request deletion of your personal information (subject to any legal obligation we have to retain it)
  • Opt out of marketing communications at any time using the unsubscribe link in any email or by contacting us
  • Complain about our handling of your personal information

To exercise any of these rights, email us at [email protected]. We will respond to access and correction requests within 30 days. We will not charge you for making a request, although we may charge a reasonable fee for providing access to voluminous records (we will notify you of any fee in advance).

12. Anonymity and Pseudonymity

You may browse the public website (suburb profiles, market data, blog) without identifying yourself. However, creating an account, purchasing credits, or generating reports requires your name and email address so we can deliver the service and manage your account.

13. Children

The Platform is not directed at children under 16. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 16, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. If a change materially affects how we handle your personal information, we will notify you by email or in-app notice at least 14 days before the change takes effect. We encourage you to review this policy periodically.

15. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, please contact us. We take privacy complaints seriously and will:

  1. Acknowledge your complaint within 5 business days
  2. Investigate the matter and respond within 30 business days
  3. Work with you to resolve the issue fairly

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

16. Contact Us

For any privacy enquiry, access request, correction request, or complaint:

  • Privacy Officer Email: [email protected]
  • Phone: +61 7 3132 2534
  • Operator: Trinity DAO Pty Ltd T/A PropertyLens (Aust)
  • ABN: 14 681 800 724
  • Location: Queensland, Australia