Privacy Policy

1. Introduction

MyPropertyFlow Pty Ltd (“MyPropertyFlow”, “we”, “our”) is committed to protecting the privacy of all users of the MyPropertyFlow platform, including landlords, tenants, and service providers. This Privacy Policy sets out how we collect, use, disclose, store, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By accessing or using the MyPropertyFlow platform at mypropertyflow.com.au, you consent to the collection and handling of your personal information as described in this policy.

2. Information We Collect

We collect only information reasonably necessary for platform functions. This includes:

Account information

Name, email address, and password when you create an account. If you sign in via Google OAuth, we receive your name and email from Google.

Property and financial data

Property addresses, purchase prices, loan details, rental income, holding costs, market valuations, and other financial information you enter to manage your portfolio.

Tenant information (entered by landlords)

Tenant names, contact details, lease terms, bond amounts, and rental payment history as entered by landlord users. Landlords are responsible for ensuring they have appropriate authority to provide this information.

Service provider information

Business name, ABN, trade qualifications, contact details, service area, and job history for tradespeople using the Maintenance Marketplace.

Payment information

We do not store credit card numbers or bank account details. All payment processing is handled by Stripe Payments Australia Pty Ltd (AFSL No. 458010). We store Stripe customer IDs and subscription status only.

Usage data

We use PostHog analytics to understand how the platform is used, including page views, feature usage, and session duration. This data is collected in aggregate and is not used for advertising.

3. How We Use Your Information

We use personal information to:

• Provide and operate the MyPropertyFlow platform and its features
• Process subscription payments and platform service fees via Stripe
• Send transactional emails (account verification, password resets, critical alerts) via Resend
• Send critical SMS notifications (rent arrears, maintenance updates) via Twilio
• Generate financial projections, portfolio analytics, and property reports
• Facilitate rent collection and maintenance coordination between landlords, tenants, and service providers
• Improve the platform through aggregate usage analytics
• Comply with legal obligations, including the Privacy Act 1988 and taxation law

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising purposes.

4. Disclosure of Personal Information

We may disclose personal information to the following categories of recipients, only to the extent necessary for the stated purpose:

• Stripe Payments Australia Pty Ltd — to process payments, subscriptions, and Stripe Connect destination charges
• Supabase (via AWS infrastructure) — cloud database hosting and authentication services
• Vercel — web application hosting and content delivery
• Resend — transactional email delivery
• Twilio — SMS notifications for critical alerts only
• PostHog — product analytics (aggregate, non-advertising)
• Other users — where the platform facilitates communication between landlords, tenants, and service providers (e.g., maintenance requests, lease documents)
• Government authorities — where required by law, including the Australian Taxation Office and state tenancy authorities

5. Cross-Border Disclosure

Some of our service providers (Supabase, Vercel, Stripe, PostHog, Resend, Twilio) may store or process data in jurisdictions outside Australia, including the United States. By using the platform, you consent to the transfer of your personal information to these overseas recipients.

We take reasonable contractual steps to ensure that overseas recipients are bound by privacy obligations substantially similar to the Australian Privacy Principles, or are subject to an equivalent law in their jurisdiction.

6. Security of Personal Information

We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These measures include:

• Supabase Row-Level Security (RLS) enforcing that each user can only access their own data
• Stripe PCI DSS Level 1 compliance for all payment and financial data
• HTTPS encryption for all data in transit
• Multi-factor authentication (MFA) available for all account types
• Periodic security reviews and vulnerability assessments

Despite these measures, no internet transmission is completely secure. You should take steps to protect your own account credentials and notify us immediately of any suspected unauthorised access.

7. Access and Correction

You have the right to request access to personal information we hold about you, and to request correction of any inaccurate, incomplete, or out-of-date information. To make a request, contact us at MyPropertyFlow@outlook.com. We will respond within 30 days. In some circumstances we may decline to provide access or make corrections as permitted by the Privacy Act 1988.

8. Cookies and Analytics

We use PostHog analytics to understand how the platform is used. PostHog may set cookies on your browser. You can control cookie preferences through your browser settings. We do not use third-party advertising cookies. Our cookie usage is limited to session management, security, and aggregate usage analytics. For more detail, see our Cookie Policy.

9. Notifiable Data Breaches

If we become aware of a data breach that is likely to result in serious harm to any individual, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under Part IIIC of the Privacy Act 1988 (Notifiable Data Breaches scheme). Notification will be made within 30 days of us becoming aware of an eligible data breach.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with platform services. If you terminate your subscription, your data is retained for 90 days and then permanently deleted unless we are required to retain it by law (e.g., taxation records).

11. Contact Us

For all privacy enquiries, access requests, correction requests, or complaints, contact us at: MyPropertyFlow@outlook.com

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or on 1300 363 992.