Last updated 5 May 2026

Privacy Policy

leasezy operates the property-intelligence service at leasezy.com.au. This policy explains what we collect, what we do with it, and your rights under the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles.

1. What we collect

Account

  • Email, when you sign in via magic-link or Google.
  • Name and profile photo, only if you sign in with Google. We do not request any other Google scope.

Usage

  • Address scoring requests: lat/lng, timestamp, endpoint. Kept 30 days for quota and audit.
  • Hashed IP for anonymous quota. SHA-256 of IP plus a daily-rotating salt. Raw IPs are not stored with usage records.
  • Saved addresses, only those you choose to save.

Payment

Stripe handles cards under PCI-DSS. We never see your card number. We store only the Stripe customer ID, subscription ID and current status.

2. How we use it

  • To run the service (scoring, shortlist, account).
  • To enforce free-tier quotas.
  • To process subscriptions via Stripe.
  • To send transactional email (sign-in links, payment receipts). No marketing without explicit opt-in.
  • To investigate security incidents (audit log, 12 months).

3. What we don't do

  • No selling, renting, or sharing of personal data with third parties for advertising.
  • No third-party advertising trackers.
  • No sharing your search history with agents, landlords, or anyone else.

4. Third parties

  • Supabase: authentication, user database, hosted in Sydney.
  • Stripe: payment processing.
  • Google Routes: commute time. We send a lat/lng pair; Google does not receive your identity.
  • Google OAuth: sign-in, only if you choose it.
  • MapTiler: basemap tiles.
  • OpenRouteService: walking-route polylines.

5. Data location and security

  • Account and saved-address data: Sydney, Australia (Supabase ap-southeast-2).
  • Reference data (addresses, POIs, transit, rent): self-hosted on a Sydney server.
  • All connections TLS 1.2+. Database encrypted at rest. Daily backups, 14-day retention.
  • No passwords stored. Magic-link only; Google handles its own auth.

6. Retention

  • Account: until you delete it.
  • Saved addresses: until you delete them.
  • Request log: 30 days.
  • Audit log: 12 months.
  • Stripe subscription records: 7 years (Australian tax law).

7. Your rights

Under the APPs you can:

  • Access the personal information we hold about you.
  • Correct inaccuracies.
  • Delete your account and associated data, honoured within 30 days. Stripe tax records are exempt.
  • Opt out of any non-essential email.
  • Complain to the Office of the Australian Information Commissioner if you believe we've breached your privacy.

Send any access, correction, or deletion request to hello@leasezy.com.au.

8. Notifiable Data Breaches

If a breach is likely to result in serious harm we will notify affected users and the OAIC within 30 days under the NDB scheme.

9. Children

The service is not directed at users under 16 and we do not knowingly collect data from children. Contact us and we will delete the account.

10. Cookies

First-party cookies only, all essential: authentication session (HttpOnly, Secure, SameSite=Lax) and a search-radius preference. No advertising or tracking cookies.

11. Changes

Material changes are emailed to signed-in users at least 14 days before taking effect.

12. Contact

Email hello@leasezy.com.au.