Privacy Policy

Last updated: 27 May 2026

BondProof ("we", "us", "our") operates the BondProof mobile application and website at bondproof.app. This Privacy Policy explains what personal information we collect, how we use it, how we protect it, and your rights under applicable law including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using BondProof, you agree to the collection and use of information as described here. If you do not agree, please do not use the app or website.

ABN: 84 205 810 721 · BondProof is operated as a sole trader business in Australia.

Australian Privacy Act 1988 (Cth). BondProof handles personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles. This policy describes how we meet those obligations.

1. Information We Collect

We collect the following types of personal information:

Account information: your email address and password when you create an account.
Property information: the address and property type you enter during an inspection.
Inspection data: room names, photo files, written notes, and timestamps generated during inspections.
Payment information: processed securely by Stripe. We do not store card details on our servers. Stripe is a PCI-DSS compliant payment processor.
Device information: device type, operating system version, and app version, collected for technical support and error resolution purposes only.
Usage data: anonymous, aggregated analytics collected via Plausible Analytics. Plausible does not use cookies and does not collect personal data.

We collect this information only when you voluntarily provide it through your use of the app or website.

2. How We Use Your Information

We use your personal information for the following purposes:

To create and manage your BondProof account.
To generate and deliver your PDF inspection reports.
To process payments securely via Stripe.
To send transactional emails including report delivery and account confirmation.
To identify and resolve technical issues with the app or infrastructure.
To comply with legal obligations applicable to BondProof.

We do not sell, rent, or share your personal information with third parties for marketing purposes. Your inspection photos, property addresses, and reports are never shared with landlords, real estate agents, or any third party without your explicit action.

3. Data Storage, Location and Security

Your inspection photos and data are stored on Supabase infrastructure. Supabase may host data in the United States or Australia depending on the region configuration in use. By using BondProof, you acknowledge that your data may be stored outside Australia.

Where data is stored or processed outside Australia, we take reasonable steps to ensure it receives equivalent protection to that required under the Privacy Act 1988 (Cth). Supabase operates under standard contractual data protection obligations.

Security measures applied to your data include:

Row-level security in the database - only your account can access your inspections and photos.
Signed URLs for photo access - time-limited, expiring access links (7 days for PDF reports).
Encryption at rest and in transit using industry-standard TLS.
Passwords stored as salted hashes - never in plain text.

4. Third-Party Services

BondProof uses the following third-party services to operate:

Supabase: database and file storage. Data may be hosted in the US or Australia. Supabase Privacy Policy.
Stripe: payment processing. Stripe is PCI-DSS Level 1 certified. Stripe Privacy Policy.
Plausible Analytics: anonymous website analytics. No cookies, no personal data collected or stored by Plausible. Plausible Privacy Policy.
Google Places API: address autocomplete in the app. Subject to Google's Privacy Policy.
Zoho Mail: transactional email delivery. Subject to Zoho's Privacy Policy.

5. Data Retention and Deletion

We retain your account data and inspection reports for as long as your account remains active.

If you close your account or request deletion, we will delete your personal data - including all inspection photos, reports, and account information - within 30 days of receiving your request. Deletion is permanent and cannot be reversed.

Some data may be retained for a limited period where required by law or for legitimate business purposes such as fraud prevention or dispute resolution, after which it will be deleted.

To request deletion of your account and data, contact us at contact@bondproof.app.

6. Data Breach Notification

BondProof is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach - one that is likely to result in serious harm to affected individuals - we will:

Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and no later than 30 days after becoming aware of the breach.
Notify affected individuals directly where required.
Take immediate steps to contain and remediate the breach.

If you believe your BondProof account has been compromised, contact us immediately at contact@bondproof.app.

7. Your Rights Under the Australian Privacy Principles

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

Access the personal information we hold about you.
Correct inaccurate or incomplete personal information.
Request deletion of your personal data, subject to legal retention requirements.
Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your personal information. The OAIC can be contacted at oaic.gov.au.

For users in New Zealand, the Privacy Act 2020 (NZ) applies in addition to the above. For users in the United Kingdom, the UK GDPR and Data Protection Act 2018 apply where relevant.

To exercise any of these rights, contact us at contact@bondproof.app. We will respond within 30 days.

8. Children's Privacy

BondProof is not intended for use by persons under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us immediately at contact@bondproof.app and we will delete it promptly.

9. Cookies and Tracking

BondProof's website does not use cookies for tracking or advertising. We use Plausible Analytics, a privacy-first analytics tool that collects no personal data and sets no cookies. The BondProof app does not use advertising SDKs or third-party tracking libraries.

10. Service Coverage and Consumer Rights

BondProof is designed for renters and property managers in Australia, New Zealand and the United Kingdom. Rental and privacy laws vary by location. This Privacy Policy is written to meet Australian requirements as the primary jurisdiction.

Australian users also have rights under the Australian Consumer Law (ACL), Schedule 2 of the Competition and Consumer Act 2010 (Cth). Nothing in this Privacy Policy limits any right you have under the ACL. For refund and consumer guarantee rights, see our Terms of Service.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised date. For significant changes, we will also notify you by email where reasonably practicable. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact and Complaints

For any questions, access requests, correction requests, or complaints about this Privacy Policy or our handling of your personal information:

Email: contact@bondproof.app
Website: bondproof.app

If you are not satisfied with our response to a privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/privacy-complaints.