← Home

Privacy Policy

Effective Date: 8 March 2026

1. Introduction

QUALIFYMATE PTY LTD ("we", "us", "our", or "QualifyMate") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mortgage assessment service platform ("Service"). This policy applies to information we collect through our website and related services.

2. Information We Collect

Personal Information

We collect information that you provide directly to us, including:

  • Name and contact information (email address, phone number)
  • Financial information (income details, expenses, liabilities)
  • Employment information
  • Document metadata extracted during AI processing
  • Property and asset information
  • Other information relevant to mortgage assessments

Usage Information

We automatically collect certain information about your device and usage of our Service, including:

  • IP address and device identifiers
  • Browser type and operating system
  • Access times and dates
  • Pages viewed and links clicked

2.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to help us understand how visitors use our Service. Google Analytics collects information such as how often you visit our Service, which pages you view, how you arrived at our Service, your general geographic location, and technical information about your device and browser.

Google Analytics uses cookies and similar technologies to collect and analyse this information. The data collected is aggregated and anonymised, and is used solely to improve our Service and understand user behaviour. Google may process this data on servers located outside Australia, including in the United States.

For more information about how Google collects and processes data, please visit Google's Privacy Policy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

2.2 PostHog Analytics

We use PostHog, a product analytics platform, to help us understand how users interact with our Service and to monitor application performance. PostHog collects information such as user interactions (clicks, page views, feature usage), user journey information, application errors, technical information about your device, and performance metrics.

We use PostHog's privacy masking features to ensure sensitive content such as input fields, passwords, and financial information is masked client-side before any data is transmitted to PostHog's servers.

For more information about how PostHog collects and processes data, please visit PostHog's Privacy Policy.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our mortgage assessment services
  • Process and analyse mortgage applications, and classify and rename mortgage documents on your behalf
  • Communicate with you about our services
  • Improve and optimise our Service
  • Comply with legal obligations and regulatory requirements
  • Detect and prevent fraud or security issues
  • Provide customer support

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • With your consent: We share information with your explicit consent
  • Service providers: With third-party vendors who perform services on our behalf, including AI services for document processing and payment processing
  • Payment processing: With Stripe, Inc. for processing subscription payments and billing (see Section 4.1 below)
  • Legal requirements: When required by law or to respond to legal process
  • Business transfers: In connection with any merger, sale, or acquisition
  • Protection of rights: To protect our rights, privacy, safety, or property

4.1 Payment Processing via Stripe

We use Stripe, Inc. as our third-party payment processor. When you provide payment information:

  • Payment card details are transmitted directly to Stripe's secure servers and are never stored on our systems
  • We only receive limited information from Stripe, such as the last 4 digits of your card and payment status
  • Stripe processes your payment information in accordance with their privacy policy and PCI-DSS compliance standards
  • Stripe may process payment data in the United States and other jurisdictions where they operate
  • Your use of Stripe's services is subject to Stripe's Privacy Policy

QualifyMate does not have access to your complete payment card information.

5. Chrome Extension Data Practices

QualifyMate offers a Chrome browser extension that enables mortgage brokers to export assessment data to third-party platforms. This section describes how the extension handles your data in compliance with the Chrome Web Store User Data Policy.

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

5.1 Data Collected by the Extension

  • Authentication tokens: Stored locally to maintain your session with QualifyMate
  • Account statistics: Aggregated metrics from your QualifyMate account displayed in the extension popup
  • Assessment data: Financial information from your QualifyMate assessments, retrieved only when you explicitly request an export
  • Page content: Limited interaction with supported third-party platforms to facilitate form filling

5.2 Permitted Uses of Extension Data

Data accessed by the extension is used exclusively for:

  • Providing the extension's single purpose: auto-filling forms with your QualifyMate data
  • Authenticating your identity with QualifyMate services
  • Displaying account statistics in the extension popup
  • Populating forms on third-party platforms at your explicit request

5.3 Data Use Restrictions

The extension does NOT use your data for any of the following purposes:

  • Transferring or selling data to third parties for advertising purposes
  • Transferring or selling data to data brokers or information resellers
  • Determining creditworthiness or for lending decisions (the extension is a data transfer tool only)
  • Tracking your web browsing activity beyond the supported platforms
  • Profiling users for targeted advertising

5.4 Human Access to Data

QualifyMate personnel do not access, read, or review the data processed by the extension except: (a) with your explicit consent for support purposes; (b) as necessary for security investigations or to protect against fraud or abuse; (c) to comply with applicable laws or valid legal process; or (d) in aggregated and anonymised form for internal operations.

5.5 Data Storage and Transmission

The extension stores authentication tokens locally in your browser's secure storage. Assessment data is retrieved on-demand from QualifyMate servers and is not persistently stored by the extension. All data transmission occurs over encrypted HTTPS connections.

6. Use of AI Services

We use Google Gemini AI services to enhance our document processing and analysis capabilities. This includes document classification, data extraction, summarisation of mortgage-related information, and AI-powered document renaming. When processing documents through Google Gemini:

  • Document data may be temporarily processed by Google Gemini servers located in the United States
  • Google Gemini processes data in accordance with Google's privacy and security standards
  • Google Gemini does not train its model on any Service data
  • All processed results are immediately returned to our Australian-based infrastructure

When you upload documents for processing, including through our Document Renamer feature, the content of those documents is transmitted to Google Gemini as described above. Extracted metadata and processing results are stored in our database until you delete the associated session. We ensure that our use of AI services complies with Australian privacy laws and implement appropriate safeguards for international data processing.

7. Data Storage and Security

All data collected and stored by QualifyMate is maintained exclusively in Australia using Google Cloud Platform (GCP) infrastructure located within Australian data centres, primarily in Sydney with backup in Melbourne. We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

8. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymise it. Documents uploaded via the Document Renamer feature are retained in cloud storage until you explicitly delete the renaming session; no automatic deletion period applies. Classification results and extracted document metadata are retained in our database for the same period as the associated renaming session.

9. Your Rights and Choices

Under Australian privacy law, you have certain rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your information in a structured format
  • Objection: Object to certain processing of your information
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided below.

10. International Data Transfers

While we store all data within Australia, we utilise third-party services that may process information through servers located internationally, including the United States and European Union. These services include Google Gemini AI for document processing, Google Analytics for usage analytics, PostHog for product analytics and error tracking, and Stripe for payment processing. We ensure appropriate safeguards are in place for any such processing in accordance with Australian privacy laws.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

12. Australian Privacy Principles

This Privacy Policy is designed to comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). We are committed to handling your personal information in accordance with these principles and all applicable Australian privacy laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

QUALIFYMATE PTY LTD
Email: [email protected]

15. Privacy Commissioner

If you are not satisfied with our response to your privacy concern, you may contact the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner
Phone: 1300 363 992
Website: www.oaic.gov.au

16. Governing Law

This Privacy Policy is governed by the laws of Australia. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Australia.