Privacy Policy

EstateOS is an Australian real estate practice management application. This policy explains how we collect, use, store, disclose, and protect personal information when you (a) visit our website, (b) sign up for an EstateOS agency tenant, or (c) interact with an EstateOS-powered portal as a vendor, landlord, buyer, tenant, conveyancer, or tradesperson.

This policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) issued by the OAIC. It is version 1 and pending formal legal review. Where this version conflicts with the eventual lawyer-reviewed version, the lawyer-reviewed version will prevail and we will notify affected individuals before any material change.

Identification and contact information you provide directly: name, email address, phone number, agency name, role. For external portal users: the information your agency has shared with you (e.g. property campaign data for a vendor portal, lease details for a tenant portal).

Operational information your agency users enter into the system: property records, listing data, contact notes, inspection reports, maintenance requests, communications.

Technical information: IP address, browser type, device type, pages visited, timestamps. This is used for security, performance monitoring, and abuse prevention.

AI invocation logs: which prompts were run, when, by whom, on what entity, with what reviewer, the before / after content of the output. This is logged for ACCC content-accuracy obligations and Privacy Act ADM transparency.

To provide the service: storing, processing, and displaying your agency data; generating AI outputs you request; routing communications and dispatches as configured by your agency.

To meet legal and regulatory obligations: OAIC consent tracking, ACCC content-accuracy posture, ADM transparency, audit logging, DSAR fulfilment.

To improve the service: aggregated and de-identified usage analytics. We do not use individual agency data to train third-party AI models without your explicit written consent.

To communicate with you: service notifications, billing emails, security incident notices. Marketing communications only with your opt-in consent.

All agency data, including the data of external portal users, is stored in Australian-region cloud infrastructure (ap-southeast-2, Sydney). Where a third-party AI provider (OpenAI, Anthropic) processes a request, we pin to AU/APAC endpoints where available. If a fallback region is required, it is disclosed in this policy.

PII is pseudonymised before being sent to a third-party AI provider — see /responsible-ai for the technical detail. Medical-equivalent, DV-flagged, and counsellor-equivalent fields are never sent externally under any circumstances.

Within your agency tenant: with the EstateOS users your agency has authorised. EstateOS enforces role-based access control and audit logs every cross-role read of sensitive fields.

With third-party processors strictly necessary to provide the service: cloud infrastructure (AWS ap-southeast-2), AI providers (OpenAI, Anthropic via the BridgeOS AI platform), payment processors. Each processor has a written data-processing agreement.

With third parties where required by law (warrant, court order, regulator).

We do not sell personal information. We do not license your data to advertisers.

You may request access to the personal information we hold about you. We will respond within 30 days. See /security for our DSAR workflow.

You may request correction of inaccurate information. You may withdraw consent for non-essential processing (e.g. marketing emails). You may lodge a complaint with the OAIC if you are not satisfied with how we have handled your request.

Where you are an external portal user (vendor, landlord, tenant, etc.), your information was provided to us by your agency. We will direct DSAR-type requests to the relevant agency principal where appropriate, and assist them in fulfilment.

We apply AES-256 encryption at rest and TLS 1.3 in transit. Sensitive fields (DV-suppressed contact addresses and equivalent safety-sensitive data) are column-level encrypted with role-gated reveal and audit-event logging on every read.

We use tenant isolation via Postgres row-level security plus an application-layer re-check. We do not have completed SOC 2 or ISO 27001 as of v1 and we say so on /security. Both are on the roadmap before the first non-design-partner customer signs.

The public website uses minimal first-party cookies for session management and theme preference. We do not currently use third-party advertising trackers. If we add analytics, we will update this policy and provide opt-out controls.

You may contact us via /contact for any privacy-related question. For formal complaints, mark your email "Privacy Complaint". We will acknowledge within 5 business days and respond substantively within 30 days. If you remain unsatisfied, you may escalate to the OAIC.