1. Introduction
ProjectIntelligence AU (ABN 00 000 000 000, “we”, “us”, “our”) is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, use, disclose and manage your personal information. By using our service, you consent to our collection and use of personal information as outlined in this policy.
Contact for Privacy Matters: [email protected]
2. Information We Collect (Australian Privacy Principle 5 — Notification)
We collect personal information directly from you and, in some cases, from third parties. The types of personal information we collect include:
- Account data: email address, password hash, Australian mobile number (+61), name
- Business information: Australian Business Number (ABN), roofing licence number, trade type
- Subscription data: billing address, payment card details (processed via Stripe; we do not store card numbers), plan type, trial/active status
- Location data: Greater Sydney LGA preferences (your nominated service areas for digest filtering)
- Usage data: digest open/click events, feedback (thumbs up/down) on development applications, interaction timestamps
- Feedback data: your ratings (up/down) on each development application in your digest
- Technical data: IP address, browser type, device type, pages visited (via PostHog analytics if you consent)
We do not require you to provide personal information to access our landing page. We only collect personal information when you create an account or use our service.
3. How We Use Your Information (Australian Privacy Principle 6 — Use and Disclosure)
We use your personal information for the following purposes:
- Service delivery: to create your account, deliver your Sunday digest, process your feedback, and provide customer support
- Billing: to process subscription payments, manage your trial and renewal, and issue invoices
- Communication: to send you digest emails, SMS alerts, account notifications, billing confirmations, and password reset links
- Improvement: to analyse digest accuracy, improve our relevance pipeline, and measure feature usage (with your consent for analytics)
- Legal compliance: to comply with Australian tax law, fraud prevention, and legal requests
- Marketing: to send you promotional emails about features or plans (you can opt out anytime)
4. Third-Party Processors (Australian Privacy Principle 1 — Open and Transparent Management)
We share your personal information with the following service providers to deliver our service. Each processor is contractually bound to protect your data:
| Service | Data Received | Purpose |
|---|---|---|
| Stripe AU | Card details, email, ABN | Billing, AUD/GST |
| Resend | Email, digest content | Email delivery |
| Twilio | Mobile number, SMS content | SMS delivery |
| Anthropic (Claude) | Anonymised DA descriptions, your LGA bundle | Relevance scoring AI |
| OpenAI | Anonymised DA descriptions, roofing vocabulary | Embedding generation |
| PostHog | Usage events, IP address | Analytics (consent-gated) |
| Sentry | Error logs, request headers | Error monitoring |
| GCP Cloud Storage | Digest PDFs (if exported) | Blob storage |
| Vercel | Your requests, analytics | Hosting and deployment |
These processors may be located outside Australia (USA, EU). By using our service, you consent to overseas disclosure. We require all processors to maintain security measures equivalent to the Privacy Act 1988.
5. Data Retention and Deletion (Australian Privacy Principles 11 & 13 — Security & Correction)
- Active accounts: Your email, password hash, LGA preferences, feedback, and digest history are retained while your account is active.
- Trial accounts: Trial data is deleted 30 days after trial expiration if not converted to a paid subscription.
- Cancelled subscriptions: Your account is marked as inactive; you retain read-only access to digest history for 30 days, then hard-deleted.
- Feedback data: Your thumbs ratings are retained as long as your account is active and used to improve your personalised ranking.
- Development Application records: We retain raw DA data (source: NSW Planning Portal, council feeds) indefinitely for historical queries; your feedback ratings are tied to DA IDs.
- Email/SMS logs: Delivery records from Resend and Twilio are retained for 90 days for compliance and support purposes.
- Backups: Deleted data may persist in backups for up to 30 days.
6. Your Privacy Rights (Australian Privacy Principle 12 — Access and Correction)
Under the Privacy Act 1988, you have the following rights:
- Right to access: You can request a copy of all personal information we hold about you by clicking “Download my data” in your account settings, or emailing [email protected]. We will provide your data in JSON format within 14 days.
- Right to correction: If your personal information is inaccurate, you can update your email, mobile number, and LGA preferences directly in your account settings.
- Right to deletion: You can request account deletion by clicking “Delete account” in your account settings. We will delete your data within 14 days (hard delete within 30 days of marked deletion).
- Right to complain: If you believe we have breached the Privacy Act 1988, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or call 1300 363 992.
7. Security (Australian Privacy Principle 11 — Security of Personal Information)
We implement reasonable security measures to protect your personal information:
- Encryption: All data in transit uses TLS 1.2+. Passwords are hashed using argon2id. Payment cards are tokenised by Stripe.
- Database security: Postgres is hosted on Google Cloud SQL with encryption at rest and managed backups.
- Access control: Only authorised personnel can access your data. API endpoints require Lucia session authentication.
- Monitoring: We use Sentry error tracking and PostHog analytics to detect suspicious activity.
No security system is impenetrable. We cannot guarantee absolute security, but we commit to industry-standard protections.
8. Cookies and Tracking (Australian Privacy Principle 1 — Open and Transparent Management)
We use the following cookies and tracking technologies:
- Essential cookies (no consent required): Lucia session cookie (httpOnly, SameSite=Lax) for authentication. Strictly necessary for service operation.
- Analytics cookies (consent required): PostHog SDK for feature usage, event tracking, and feature flags. You can opt out in your account settings or use the banner at first visit.
- Marketing cookies: Not used in V1.
You can manage your cookie preferences by clicking the “Manage Cookies” button in the footer, or by clearing your browser cookies. Opting out of analytics will not affect your service usage.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email to the address on your account. Your continued use of the service constitutes acceptance of the updated policy. We recommend you review this policy periodically.
10. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact:
ProjectIntelligence AU
Email: [email protected]
ABN: 00 000 000 000
Jurisdiction: New South Wales, Australia