Privacy Policy

Last updated: 21 May 2026

This Privacy Policy explains how Bidside (ABN 25 623 741 334) collects, uses, and protects your information when you use the Bidside Chrome extension and related services ("Bidside"). We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

What we collect

• Account information. Your email address and an encrypted password hash (managed by our auth provider, Supabase).
• Listing data you choose to analyse. When you click "Generate brief" on a property listing on realestate.com.au or domain.com.au, the extension reads the publicly displayed information on that page (address, price guide, bed/bath/car/land size, agent name, listing description, and the listing's own photos and floor plan). This data is sent to our backend and to our AI provider (Anthropic) to generate the brief.
• Generated briefs. The buyer's briefs Bidside produces are stored against your account so you can revisit them and share them.
• Billing information. When you purchase a brief pack or subscription, payment details are collected by Stripe directly. We never see your card details — we only receive a confirmation of payment and a customer ID.
• Technical data. Standard server logs (IP address, request timestamps, user agent) for security and abuse prevention.

What we don't collect

• We do not request, store, or transmit your realestate.com.au or domain.com.au login credentials.
• We do not sell or share your data with advertisers or data brokers.
• We do not track your browsing history outside of listing pages. The extension's content scripts only run on realestate.com.au and domain.com.au property pages.

Third-party services we use

To deliver the service we send specific data to the following processors:

• Anthropic (Claude API) — receives the listing data and images so it can produce the brief.
• PropRadar — receives the suburb and address to return comparable sales and suburb statistics.
• Google (Maps Places + Distance Matrix APIs) — receives the suburb and address to return nearby schools, transit, and CBD commute data.
• Supabase — handles email + password authentication.
• Stripe — processes payments and stores billing details.
• Railway — hosts our backend infrastructure.

Each of these providers operates under their own privacy policies and security standards.

How long we keep your data

• Account data and generated briefs are retained for as long as your account is active.
• Server logs are retained for 90 days.
• Billing records are retained for 7 years as required by Australian tax law.

Your rights

You may at any time:

• Request a copy of the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your account and associated data.
• Lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au) if you believe we have mishandled your data.

To make any of these requests, email markleadercramer@gmail.com.

Security

We use HTTPS for all communication, store passwords as hashes managed by Supabase, and follow industry best practices for credential rotation and access control. No system is perfectly secure; we will notify affected users promptly in the event of a data breach as required by the Notifiable Data Breaches scheme.

Children

Bidside is not directed at children under 16 and we do not knowingly collect data from them.

Changes to this policy

We may update this policy from time to time. Material changes will be notified by email or in-product notice at least 14 days before they take effect.

Contact

Bidside · ABN 25 623 741 334
Email: markleadercramer@gmail.com