Third Party Data Policy

Our Commitment to You

At QualifyMate, we understand that mortgage brokers entrust us with their most valuable asset: their client relationships. We recognise that your clients are your business, and we are committed to protecting that relationship with the highest standards of data security, privacy, and ethical business practices.

This Third Party Data Policy outlines our firm commitment to never use your clients' data for unauthorised purposes, including lead generation, marketing, or any activity that could compromise your business relationships.

Data Usage Restrictions

We strictly limit the use of your clients' data to the purposes explicitly stated in our Privacy Policy. Specifically:

• Client data is used exclusively to provide mortgage assessment and document processing services to you
• We may contact your clients for service delivery purposes only (such as requesting documents via our portal for document assessments), but we will never contact them for marketing, lead generation, or business development purposes
• We will never sell, rent, or share client data with third parties for marketing purposes
• We will never use client information to compete with your business or solicit your clients
• All data processing is performed solely to deliver the services you have requested

Strict Data Isolation

Your clients' data is protected through comprehensive isolation controls:

• Logical separation: Each broker's data is logically isolated within our database systems, ensuring complete separation between client portfolios
• Access controls: Role-based access controls ensure that only authorised users within your organisation can access your clients' data
• Secure processing: All document processing and assessments are performed in isolated environments
• Audit trails: Comprehensive logging tracks all data access and ensures accountability

Security and Technical Controls

We implement enterprise-grade security controls including encryption, passwordless authentication, access monitoring, and comprehensive audit logging to prevent unauthorised access to your clients' data. For comprehensive details about our security infrastructure and technical controls, please review our Information Security page.

Third Party Service Providers

While we use trusted third-party services to deliver our platform, we maintain strict controls over data sharing:

• Google Cloud Platform: Infrastructure hosting in Australian data centres with data residency guarantees
• Google Gemini AI: Document processing services that do not train models on your data and do not retain processed information
• Stripe: Payment processing that handles only transaction data, not client mortgage information
• Contractual safeguards: All third-party processors are bound by strict data protection agreements
• Limited data sharing: We only share the minimum necessary data required for each service to function

Importantly, we do not share client contact information or mortgage application details with any third party for marketing or lead generation purposes.

Employee Access Controls

We maintain strict internal policies governing employee access to client data:

• Access to production data is restricted to essential personnel only
• All access requires documented business justification and approval
• Technical support access is limited to troubleshooting specific issues with your explicit permission
• Employees are bound by confidentiality agreements and data protection policies
• Regular access reviews ensure permissions remain appropriate
• All access is logged and audited for compliance

Data Ownership and Control

You maintain complete ownership and control over your clients' data:

• Your data, your control: You own all client data uploaded to our platform
• Deletion rights: You can request deletion of any or all client data at any time
• Data portability: You can export your data in standard formats for migration or backup purposes
• No lock-in: We do not claim any rights to your client data or business relationships
• Transparent processing: You can request information about how your data is being processed at any time

Compliance and Accountability

We are committed to maintaining the highest standards of data protection and compliance with the Privacy Act 1988 (Cth) and Australian Privacy Principles. For detailed information about our compliance practices, data handling procedures, and accountability measures, please refer to our Privacy Policy and Information Security pages.

Our Business Model

QualifyMate operates as a software-as-a-service platform serving mortgage brokers. Our revenue comes exclusively from subscription fees paid by brokers for access to our assessment tools and services. We have no incentive or business model that involves using your client data for any purpose other than delivering the service you pay for.

We are not a lead generation company, we do not operate referral networks, and we have no interest in competing with our customers. Our success depends entirely on your trust and the value we provide to your business.

Product Improvement

We may analyse anonymised usage patterns and document processing data to improve our AI assistant and service quality. This analysis helps us enhance accuracy, optimise performance, and develop better features for all users. However, we will never use this data to identify individual clients, generate leads, or compete with your business.

Questions and Concerns

We understand that trust is earned through transparency and accountability. If you have any questions or concerns about how we handle your clients' data, please don't hesitate to contact us:

Related Policies

For more information about how we protect and handle data, please review:

• Privacy Policy — Comprehensive data collection and usage practices
• Information Security — Technical security controls and infrastructure
• Terms of Service — Service agreement and user responsibilities