Privacy Policy
Last updated: 24 June 2026
1. Information We Collect
When you use BrickTrack, we collect information you provide directly:
- Account information (name, email address)
- Property details you enter
- Financial data from connected bank accounts (via Basiq open banking)
- Documents you upload
- Export job records created when you request a data export
- A deletion log entry (hashed identifiers only) when your account is hard-deleted, retained for compliance evidence
2. How We Use Your Information
We use your information to:
- Provide and improve our services
- Generate reports and analytics for your properties
- Send service-related notifications
- Provide customer support
3. Bank Data Security
We connect to your bank accounts through Basiq, an accredited open banking provider. We never see or store your bank login credentials. All bank connections use bank-grade encryption and comply with Australian data security standards.
4. Data Storage
Your data is stored on secure servers located in Australia. We use encryption at rest and in transit to protect your information.
We use Supabase with point-in-time recovery (PITR) backups enabled. After your account is hard-deleted, residual data may remain in PITR snapshots for up to 7 days (preview) or the configured production backup retention window. If a database restore is performed from a pre-deletion snapshot, we re-run our deletion cron to purge any user whose deletion log confirms they were hard-deleted before the snapshot was taken.
5. Data Sharing
We do not sell your personal information. We share data only with the sub-processors below, each bound by a Data Processing Agreement or equivalent contractual terms. Deletion-mode footnotes reflect the current implementation state as of June 2026.
| Sub-processor | Hosting region | Purpose | On account deletion |
|---|---|---|---|
| Stripe | US (AU presence) | Payment processing & billing | Customer record anonymised at T+30 days; fully deleted at T+120 days via automated cron.1 |
| Supabase (Postgres + Storage) | Australia (ap-southeast-2) | Primary database & file storage | DB rows cascade-deleted; Storage objects under your user prefix purged on hard-delete.2 |
| Basiq | Australia | Open banking — bank account connection & transaction sync | Basiq holds transaction sync data. An on-delete API integration is in development (tracked separately).3 |
| PostHog | EU (configurable) | Product analytics (anonymous event capture) | A $delete_person integration to remove your analytics profile on hard-delete is in development.4 |
| Sentry | EU / US | Error monitoring | PII scrubbing is configured at the SDK level (beforeSend filter). A Sentry on-delete REST API call is in development.5 |
| Resend | US | Transactional email delivery (account, billing, digest, alerts) | Email address suppressed on deletion; transactional send records retained for 90 days then deleted. |
| Anthropic | US (Zero Data Retention) | AI-assisted transaction categorisation & chat | Anthropic Zero Data Retention (ZDR) is enabled — no prompt or response data is retained by Anthropic. No on-delete action required. |
| Vercel | Sydney (syd1) | Web hosting & serverless compute | No persistent user data stored at the platform layer. Server logs retained per Vercel platform defaults (typically 30 days). |
| Cloudflare (Turnstile) | Global edge | Bot-protection challenge on sign-up / sign-in | Challenge tokens are transient and not linked to your account after verification. No on-delete action required. |
1 Stripe customer records are anonymised at deletion and fully deleted at T+120 days via the cleanup-stripe-deletions cron.
2 Supabase Storage objects (documents and exports) are purged on hard-delete via recursive prefix purge.
3 Basiq holds transaction sync data; an on-delete API integration is in development (tracked separately).
4 PostHog event capture; a $delete_person integration is in development.
5 Sentry error capture; PII scrubbing is configured at the SDK level; an on-delete REST API call is in development.
We may also share data:
- When required by law or to protect our rights
- With your consent (e.g., sharing reports with your accountant)
6. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data as a structured archive (available via Settings → Account → Export Data)
- Disconnect bank accounts at any time
When you request an export, BrickTrack generates a ZIP archive containing your properties, transactions, documents, and other personal data in JSON and CSV formats. Your export is available for download for 7 days.
An audit log of significant account actions (e.g., property additions, bank connections) is included in your export. When your account is hard-deleted, audit log entries are anonymised (the actor reference is set to null) and retained as compliance evidence for any shared portfolio you were a member of. Stripe payment records are anonymised at T+30 days and fully deleted at T+120 days; a copy of your billing history is included in your export before deletion.
7. Cookies & tracking
We classify cookies and similar storage into three categories:
- Essential. Authentication session cookies, CSRF tokens, sidebar/UI preference state, and Cloudflare Turnstile challenge tokens. Always on — these are required for BrickTrack to function.
- Analytics. Anonymous product-usage events captured via PostHog (pageviews + activation funnel events). Off by default until you accept analytics in the cookie banner; you can opt out at any time from Settings → Preferences. Opting out sets a local persistence flag (
bt_analytics_optout) and instructs PostHog to stop capturing. - Marketing. BrickTrack does not currently set any marketing or advertising cookies, nor does it allow third-party advertising trackers.
Your cookie-consent choice is stored locally on your device and replayed on subsequent visits. Clearing browser storage will reset the choice.
8. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.
9. Contact Us
If you have questions about this privacy policy, please contact us at privacy@bricktrack.au.
10. Data Retention
BrickTrack retains your personal data for as long as your account is active. After you request account deletion, a 30-day grace period applies during which you may cancel the request. After the grace period expires, your database records, uploaded documents, and storage objects are permanently deleted. Hashed identifiers are retained in a deletion log for compliance evidence under the Australian Privacy Principles (APP 11.2).
Our detailed data retention windows, regulatory basis, and per-category disposition rules are documented in the BrickTrack Data Retention Policy (version 2026-06-04, status: ACTIVE).