Privacy Policy for HoldKey

Last updated: 17 April 2026  ·  ABN: 92 105 730 094

Contents

  1. What We Collect
  2. How We Use Your Data
  3. Storage & Security
  4. Third-Party Services
  5. Australian Privacy Principles
  6. Data Retention
  7. Your Rights
  8. Contact Us

1. What We Collect

HoldKey collects information to provide AI-powered property management services. The types of data we collect include:

Landlord & Account Information

  • Name, email address, phone number, and business address
  • Payment information (processed securely via Stripe — we do not store card details)
  • ABN and business registration details where applicable
  • Account preferences and communication settings

Tenant Information

  • Full name, email address, and phone number
  • Rental application details (references, employment history, ID verification)
  • Lease terms, bond amount, and rental payment history
  • Maintenance requests, communications, and incident records
  • Property access details (where required for emergency coordination)

Property Information

  • Property address, type, and description
  • Rental amount, lease start and end dates
  • Tradesperson contacts, compliance certificates, and maintenance history

2. How We Use Your Data

We use your data to operate and improve the HoldKey platform. Specifically:

  • Tenant communications: Sending rent reminders, maintenance updates, and lease-related notices on your behalf
  • Maintenance coordination: Matching maintenance requests with your preferred tradespeople
  • Rent collection: Tracking payments, sending reminders, and maintaining payment records
  • Lease management: Tracking lease renewals, compliance deadlines, and bond obligations
  • Owner reporting: Generating weekly summaries and incident reports for property owners
  • Account management: Processing subscriptions, billing, and customer support requests
  • Service improvement: Analysing usage patterns to improve AI response quality and platform reliability

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. Storage & Security

Your data is stored on servers located in Australia, using cloud infrastructure operated by our trusted providers. We implement the following security measures:

  • AES-256-GCM encryption for all stored personal data
  • TLS 1.2+ encryption for all data in transit
  • Access controls restricting data to authorised personnel only
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication for administrative access

While we take reasonable steps to protect your data, no internet transmission is completely secure. If you believe your account has been compromised, contact us immediately at holdkey@polsia.app.

4. Third-Party Services

We use trusted third-party providers to deliver HoldKey's functionality:

Stripe

All payment processing is handled by Stripe. Stripe collects and processes card details independently. HoldKey does not store your payment card information — only your Stripe Customer ID for subscription management.

OpenAI / Anthropic

AI message drafting and analysis uses Large Language Model APIs. Tenant messages may be processed by these services to generate responses. We use data processing agreements with AI providers that prohibit retention of data for model training.

Email Services

Transactional emails (rent reminders, maintenance updates, owner reports) are sent via our email infrastructure. Recipients can unsubscribe from non-essential communications at any time.

Data Hosting

Our primary database is hosted on Neon (PostgreSQL), with our application deployed on Render. Both services operate under Australian and US data hosting agreements.

5. Australian Privacy Principles (APP) Compliance

HoldKey is committed to compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Our practices align with each principle as follows:

APP 1 — Transparency

This Privacy Policy discloses our information practices. If we propose to use your data in a way not described here, we will notify you and obtain your consent.

APP 3 — Collection of Solicited Information

We collect only information reasonably necessary for our services. We do not collect sensitive information (e.g., health, ethnicity) unless voluntarily provided and directly relevant.

APP 5 — Notification of Collection

You are notified at the point of data collection (via this policy and in-app notices) about how and why we collect your data.

APP 6 & 7 — Use and Disclosure

Your data is used only for the purposes described above. We will not use your data for direct marketing without your explicit consent. Information is disclosed only as described in this policy or where required by law.

APP 11 — Security of Personal Information

See Section 3 — Storage & Security. We take reasonable steps to protect personal information from misuse, loss, and unauthorised access.

APP 13 — Correction

You may request correction of your personal information at any time. Contact us and we will update records within 30 days.

6. Data Retention

We retain personal data only for as long as necessary to deliver our services and comply with legal obligations:

  • Active accounts: Data retained while your account is active
  • After account closure: Most personal data deleted within 90 days of account closure
  • Financial records: Tax and payment records retained for 7 years per Australian Tax Office requirements
  • Compliance records: Bond lodgements, compliance certificates, and legal notices retained as required by law
  • AI communications: Message logs retained for 2 years to support dispute resolution and service improvement

7. Your Rights

Under Australian privacy law, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Request correction of inaccurate or out-of-date information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner if you believe we have acted contrary to this policy
  • Unsubscribe: Opt out of non-essential marketing communications at any time

To exercise any of these rights, email holdkey@polsia.app. We will respond within 30 days.

Data Deletion

Upon account deletion, we will:

  • Remove your account and profile data within 90 days
  • Anonymise aggregate data that cannot be linked back to you
  • Retain financial records as required by law
  • Delete all AI message logs associated with your account

8. Contact Us

For privacy-related questions, data access requests, or complaints, contact us via:

Email: holdkey@polsia.app

Company: Polsia Inc.

ABN: 92 105 730 094

Response time: We aim to respond within 2 business days