Privacy Policy
This policy explains how LORDLY Pty Ltd (ACN 697 848 132, ABN 19 697 848 132) collects, uses, stores, and shares your personal information. We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
1. What we collect
We collect the following categories of personal information from landlords, tenants, and tradies:
- Identifying information — name, email, phone, profile photo, role.
- Property information — addresses, lease terms, rent amounts, photos of the property.
- Identity verification data — last four digits of a government ID (driver's licence, passport, or Medicare). Full ID documents and selfie videos are processed by Stripe Identity (see "Third parties" below) — we never store the original document images.
- Tradie verification — ABN, trade licence number + state, public liability insurance certificate, Stripe Connect account ID.
- Payment metadata — Stripe customer ID, payment method ID, the last four digits of a card, BECS bank-account brand. We never store full card numbers or full bank account details.
- Reviews and ratings — content you write about other users (landlords reviewing tenants, landlords reviewing tradies) and content other users write about you.
- Maintenance + chat content — text, photos, and videos you send through in-app messaging or maintenance requests, including AI diagnoses.
- GPS coordinates — only on tradie job-proof photos, captured at the moment the tradie taps the camera button. Used as fraud evidence; never tracked passively.
- Device and usage information — IP address, device type, OS, app version, crash logs.
2. Sensitive information
Some review content can constitute "sensitive information" under the Privacy Act (e.g., references to evictions, criminal-adjacent flags). We collect this only with your knowledge — when you write a review, you're informed it will be visible to the subject and to other landlords screening the same person. Reviews are subject to dispute and removal under section 6.
3. How we use it
- Run the LORDLY platform — match landlords with tradies, manage leases, process rent, deliver maintenance, generate condition reports.
- Verify identity and reduce fraud — Stripe Identity (tenants), Stripe Connect KYC (tradies), state licence registries (tradies).
- Power the screening database — landlords looking up a prospective tenant or tradie see aggregated trust signals derived from reviews and platform behaviour.
- Send transactional notifications — rent due, maintenance updates, quote accepted, document signed. Push, email, and (rarely) SMS for urgent legal/safety notices.
- Improve the product — anonymous, aggregated metrics on feature usage. We do not sell your data and never run third-party advertising trackers in the app.
4. Where your data is stored
Your data is split between two regulated providers, deliberately:
- Operational data (your account, leases, properties, reviews, maintenance history, chat messages, photos uploaded inside LORDLY, condition-report PDFs) — stored on Supabase in the AWS Sydney region (ap-southeast-2). Encrypted at rest. Database access is gated by Postgres row-level security so users can only read rows they're authorised to see.
- High-sensitivity identity + payment data (full ID document images, selfies, liveness videos, full card numbers, full bank account details) — never touches our servers. These are processed and held by Stripe (United States and European Union). Stripe is PCI-DSS Level 1 certified and an APP-compliant cross-border discloser.
- AI-generated content (maintenance diagnoses, draft replies) — sent to Anthropic for processing under their enterprise terms (United States). Anthropic does not retain the prompt content for model training.
5. Third parties we share data with
We share only the minimum data needed for each provider's role:
- Stripe (Stripe Payments Australia Pty Ltd) — payments, BECS rent, Connect payouts, Identity verification.
- Supabase Inc. (US-incorporated, Sydney-region hosting) — database and storage infrastructure.
- Anthropic PBC (US) — AI inference for LORDLY AI features.
- Resend Inc. (US) — transactional email delivery.
- Twilio Inc. (US) — SMS delivery for emergency notifications only.
- Expo / Apple / Google — push notification delivery.
We never sell your data, and we never share data with advertisers.
6. Your rights (Australian Privacy Principles 12 + 13)
- Access — request a copy of all personal information we hold about you. Use the in-app "Export my data" button (More → Privacy → Export my data) or email privacy@lordly.app.
- Correction — fix any inaccurate data. Most fields are editable in the app; for everything else, email us.
- Deletion — close your account and delete personal data. Use More → Account → Delete account. We retain data necessary for legal compliance (financial records: 7 years; tribunal-relevant tenancy records: state-mandated retention) for the period required, then purge.
- Dispute a review about you — every review is disputable from the in-app notification or your profile. Disputes are reviewed by our team within 14 days.
- Withdraw consent — opt out of non-essential notifications via Settings. Some notifications (tribunal-relevant, legal-compliance) cannot be opted out of for the duration of an active tenancy.
7. Security
We take reasonable steps under APP 11 to protect your information: encryption at rest and in transit, row-level security on the database, signed time-limited URLs for private files, no public buckets, two-factor authentication on staff accounts, audited access logs.
No system is perfectly secure. If we discover a breach affecting your personal information, we will notify you and the Office of the Australian Information Commissioner (OAIC) within 30 days, as required by the Notifiable Data Breaches scheme.
8. Cross-border disclosure (APP 8)
Stripe, Anthropic, Resend, and Twilio process some data in the United States. By using LORDLY, you consent to this cross-border disclosure for the purposes set out above. We have taken reasonable steps to ensure these providers handle your data in line with the APPs.
9. Children
LORDLY is for users 18 and over. We do not knowingly collect data from anyone under 18.
10. Changes to this policy
We may update this policy. Material changes are notified via in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent change.
11. Contact
Privacy questions or requests:
If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au or 1300 363 992.