Privacy Policy

BrokerMaite ("we", "us", or "our") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our payslip analysis service ("Service"). By using the Service, you consent to the collection and use of your information as described in this Policy.

Your Privacy Rights:

• You have the right to access your personal information
• You have the right to correct inaccurate information
• You have the right to request deletion of your data
• You have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

We collect the following types of personal information to provide and improve the Service:

Account Information:

• Email address
• Name
• User ID (automatically generated)
• Password (stored securely using industry-standard encryption)
• Account creation date

Document Content:

• Payslip PDFs you upload
• Financial data extracted from payslips (income amounts, employer details, payment dates, tax information)
• Metadata about uploaded documents (file names, upload timestamps)

Usage Information:

• IP addresses
• Browser type and version
• Device information
• Access times and dates
• Pages viewed and features used
• Analysis requests and results

Legal Acceptance Records:

• Terms and Conditions acceptance timestamp
• Privacy Policy acceptance timestamp
• IP address at time of acceptance
• User agent string at time of acceptance

We do NOT collect:

• Sensitive information as defined under the Privacy Act (except financial information necessary for the Service)
• Information about individuals other than account holders, except as contained in uploaded payslips

Direct Collection:

• When you create an account
• When you upload payslip documents
• When you accept our Terms and Conditions and Privacy Policy
• When you contact our support team

Automatic Collection:

• Through cookies and similar technologies when you use the Service
• Through server logs when you access the Service
• Through analytics tools to understand usage patterns

Third-Party Collection:

We do not collect personal information from third parties, except in cases where a mortgage broker or financial professional uploads client documents with proper authorization.

We collect and use your personal information for the following purposes:

Primary Purposes:

• Providing the Service: Processing payslip documents using cloud provider AI technology to extract and analyze income data
• Account Management: Creating, maintaining, and securing your user account
• Authentication: Verifying your identity when you log in
• Communication: Sending service-related notifications, updates, and responses to inquiries

Secondary Purposes:

• Service Improvement: Analyzing usage patterns to improve features and user experience
• Security: Detecting and preventing fraud, abuse, and security threats
• Compliance: Meeting legal and regulatory obligations
• Analytics: Understanding how the Service is used to optimize performance

We will NOT use your information for:

• Marketing or promotional purposes without your explicit consent
• Selling or renting to third parties
• Training AI models on your specific data without de-identification
• Purposes unrelated to providing the Service

Use of Third-Party AI Services:

The Service utilizes cloud provider artificial intelligence and machine learning services to analyze payslip documents. This processing is essential to the core functionality of the Service.

What This Means:

• Your uploaded payslip PDFs are transmitted to cloud provider AI services for analysis
• The cloud provider's AI models extract text and financial data from your documents
• AI algorithms process the extracted data to identify income patterns and calculate averages
• Processed data is returned to BrokerMaite and stored in our systems

Data Protection Measures:

• All data transmitted to cloud providers is encrypted in transit using TLS 1.2 or higher
• We use cloud providers that comply with industry-standard security frameworks
• Cloud provider AI services process data transiently and do not retain your documents for model training
• We have contractual agreements with cloud providers requiring appropriate data protection

Your Consent:

By using the Service, you consent to this cloud-based AI processing. If you do not consent, you should not upload documents to the Service.

We may disclose your personal information to:

Service Providers:

• Cloud Infrastructure Providers: For hosting, storage, and computing services
• AI Service Providers: For document analysis and data extraction (as described in Section 5)
• Authentication Services: For secure user login and identity verification
• Database Services: For secure data storage and retrieval

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements:

We may disclose your information if required or authorized by law, including:

• In response to court orders, subpoenas, or legal processes
• To comply with regulatory investigations or requests
• To protect our rights, property, or safety, or that of others
• To prevent or investigate fraud or security threats

We will NOT disclose your information to:

• Third-party marketers or advertisers
• Data brokers or aggregators
• Any party for purposes unrelated to providing the Service, except as required by law

International Data Transfers:

Your personal information may be disclosed to overseas recipients as part of our cloud-based Service infrastructure. This includes:

• Cloud Provider Data Centers: Data may be stored in cloud provider data centers located in the United States, Europe, or Asia-Pacific regions
• AI Processing Services: Document analysis may be performed by AI services operating in various global regions

Countries Your Data May Be Sent To:

• United States
• Singapore
• European Union member states
• Other regions where cloud provider infrastructure operates

Safeguards for Overseas Transfers:

• We only use cloud providers that comply with international data protection standards
• Data is encrypted in transit and at rest
• We have contractual arrangements requiring overseas recipients to protect your information
• Cloud providers comply with frameworks such as ISO 27001, SOC 2, and Privacy Shield principles

Your Consent:

By using the Service, you consent to the overseas disclosure of your personal information as described above. You acknowledge that overseas recipients may not be subject to the Privacy Act 1988 or APPs, and you may not be able to seek redress under Australian privacy law.

Security Measures:

We implement reasonable security measures to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure:

• Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
• Access Controls: Role-based access controls and multi-factor authentication for administrative access
• Secure Authentication: Industry-standard user authentication with secure password hashing
• Network Security: Firewalls, intrusion detection, and network segmentation
• Monitoring: Logging and monitoring of security events and anomalies
• Regular Updates: Timely application of security patches and updates

Important Limitation:

While we implement reasonable security measures, we cannot guarantee absolute security. No internet-based service can be completely secure. You acknowledge and accept the inherent security risks of transmitting data over the internet.

In the event of a data breach, BrokerMaite accepts no liability for any loss or damage (as detailed in our Terms and Conditions). However, we will comply with Australian data breach notification requirements under the Privacy Act.

Your Responsibilities:

• Keep your account credentials confidential
• Use strong, unique passwords
• Log out after using shared or public computers
• Report any suspected security incidents immediately

How Long We Keep Your Data:

• Account Information: Retained while your account is active, plus 7 years after account closure for legal and regulatory compliance
• Uploaded Payslips: Retained for 90 days after upload, then automatically deleted unless you delete them sooner
• Analysis Results: Retained for 2 years or until you delete them, whichever comes first
• Legal Acceptance Records: Retained for 7 years for compliance and legal purposes
• Usage Logs: Retained for 12 months for security and analytics purposes

Automatic Deletion:

We use automated time-to-live (TTL) mechanisms to permanently delete documents and analysis results after retention periods expire.

Your Right to Deletion:

You have the right to request deletion of your personal information at any time.

To request deletion:

• Email info@brokermaite.com.au with your account details
• Specify which data you want deleted (account, documents, analysis results, or all data)
• We will process your request within 30 days and confirm deletion

Exceptions to Deletion:

We may retain certain information if required by law, for legitimate business purposes (e.g., dispute resolution), or to comply with regulatory obligations. We will inform you if we cannot fully comply with your deletion request and explain the reason.

Your Right to Access (APP 12):

You have the right to request access to the personal information we hold about you. To request access:

• Email info@brokermaite.com.au with your account details
• Specify what information you want to access
• We will respond within 30 days
• We will provide access in a reasonable format (e.g., PDF, CSV)

We provide access free of charge. In some cases, we may charge a reasonable fee if your request is manifestly unfounded, excessive, or requires significant technical effort.

Your Right to Correction (APP 13):

You have the right to request correction of inaccurate, incomplete, or out-of-date information. To request correction:

• Email info@brokermaite.com.au with details of the inaccurate information
• Provide the correct information
• We will assess and respond to your request within 30 days
• If we correct your information, we will notify any third parties to whom we disclosed the incorrect information (where reasonable to do so)

Refusal of Access or Correction:

In limited circumstances, we may refuse your request if:

• Providing access would pose a serious threat to life, health, or safety
• Providing access would have an unreasonable impact on others' privacy
• The request is frivolous or vexatious
• The information relates to ongoing legal proceedings
• Providing access is unlawful or would prejudice enforcement activities

If we refuse your request, we will provide written reasons and inform you of your right to complain to the OAIC.

What Are Cookies:

Cookies are small text files stored on your device when you use the Service. We use cookies and similar technologies for authentication, security, and analytics.

Types of Cookies We Use:

• Essential Cookies: Required for authentication and core functionality (e.g., session management, login tokens)
• Security Cookies: Used to detect fraud and protect your account
• Analytics Cookies: Help us understand how the Service is used (anonymized where possible)

HTTP-Only Cookies:

We use HTTP-only cookies for authentication tokens (accessToken, idToken, refreshToken) to enhance security and prevent cross-site scripting (XSS) attacks.

Managing Cookies:

• You can configure your browser to refuse cookies, but this may limit Service functionality
• Essential cookies are required for the Service to operate and cannot be disabled
• Analytics cookies can be disabled through browser settings

Do Not Track:

We do not currently respond to "Do Not Track" browser signals, as there is no industry standard for how to interpret them.

How to Make a Privacy Complaint:

If you believe we have breached your privacy or mishandled your personal information, you have the right to make a complaint:

Step 1: Contact Us Directly

• Email: info@brokermaite.com.au
• Subject line: "Privacy Complaint"
• Include: Your account details, description of the issue, and desired resolution

Step 2: Our Response Process

• We will acknowledge your complaint within 7 days
• We will investigate and respond with our decision within 30 days
• If we need more time, we will notify you and provide an expected resolution date
• We will explain our decision and any actions we will take

Step 3: If You're Not Satisfied

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Postal: GPO Box 5218, Sydney NSW 2001

General Contact Information:

• Privacy Officer: info@brokermaite.com.au
• Support: info@brokermaite.com.au
• Legal: info@brokermaite.com.au
• Postal: BrokerMaite, Sydney NSW, Australia

Changes to This Privacy Policy:

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated Policy on our website
• Sending an email notification to your registered email address
• Requiring acceptance of the updated Policy upon next login

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

Last Updated: 1 January 2025

Version: 1.0.0