Privacy Policy

Last updated: 24 June 2026
Operator: SecondBrain Sharp AI Pty Ltd (ACN 698 698 029 · ABN 52 698 698 029)
Registered office: 11 Cameron Avenue, Artarmon NSW 2064, Australia

This Privacy Policy explains how SecondBrain Sharp AI Pty Ltd ("we", "us", "our") collects, uses, stores, and protects information when you use Sharp (also referred to as the Bank Pricing Agent or Sharp AI) (the "Service"), our Microsoft Teams app for mortgage pricing comparison.


1. Scope

This Policy covers personal information processed in connection with the Service. It does not cover websites, products, or services operated by third parties (including the bank portals the Service interacts with).

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).


2. Information We Collect

We collect only what the Service needs to function. We do not use third-party analytics, advertising, or tracking SDKs.

2.1 Bank portal credentials

When you enter credentials for an Australian bank pricing portal via the Service, we collect:

These credentials are encrypted and held securely within the Microsoft 365 environment, with per-client isolation, so that no organisation can access another's.

2.2 Loan scenario details

When you submit a pricing request, we process:

These details are used only to submit the pricing request and generate results for you. They are processed in-memory during the request and not persisted beyond the submission history record described below.

2.3 Submission history metadata

For 30 days, we retain a record of each submission containing:

This is stored securely within the Microsoft 365 environment (in Australia) so you can view, clone, or re-generate reports from your last 30 days of activity. After 30 days, records auto-expire.

2.4 Microsoft Teams identity information

Microsoft Teams provides us with your tenant ID, user ID, display name, and email address as part of the bot conversation context. We use this to:

This information is provided by Microsoft and governed by your organisation's Microsoft 365 agreements.


3. How We Use Your Information

We use collected information only for:

  1. Submitting pricing requests to the Australian bank portals you select
  2. Returning pricing results to you via Microsoft Teams
  3. Maintaining a 30-day history so you can review past submissions
  4. Operating and supporting the Service (debugging, security investigation, technical support)
  5. Creating de-identified, aggregated data (which does not identify you or any borrower) to operate, improve, and develop our services, as described in our Terms of Service

We do not sell or rent personal information to third parties. We do not use your information for marketing or advertising.


4. How We Store and Protect Information

Encryption

Personal information is encrypted in transit and at rest.

Location

All data is stored within the Microsoft 365 environment, in Australia, and does not leave Australia.

Access controls


5. Outbound Communication

To deliver the Service, we make outbound HTTPS requests to:

We do not send your information to any other third party.


6. Retention

Data typeRetention period
Bank portal credentialsUntil you rotate or delete them via the Service, or until your organisation terminates the Service
Submission history30 days, then auto-deleted
Loan scenario details (request-only)Not persisted beyond the request
Credential audit log
(metadata only: timestamp, broker identity, action — never the credential itself)
7 years, for security, audit, and dispute-resolution purposes
Microsoft Teams session dataSession duration only

7. Your Rights Under Australian Privacy Law

You have the right to:

To exercise these rights, contact us at james@secondbrain.com.au.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au).


8. Data Breach Notification

In the event of an eligible data breach under the Notifiable Data Breaches scheme, we will assess the breach and notify affected individuals and the OAIC as soon as practicable, in accordance with our Incident Response Plan and the Privacy Act 1988 (Cth).


9. Children's Privacy

The Service is intended for use by mortgage brokers in a professional context. It is not directed to children under 18 and we do not knowingly collect information from children.


10. Changes to This Policy

We may update this Policy as the Service evolves. Material changes will be communicated via the Service or directly to client organisations. The "Last updated" date at the top of this Policy reflects the most recent change.


11. Contact

For privacy questions, requests, or complaints:

SecondBrain Sharp AI Pty Ltd
11 Cameron Avenue, Artarmon NSW 2064, Australia
Email: james@secondbrain.com.au
Phone: +61 481 761 659

This Privacy Policy is provided in good faith and aims to be a complete description of our practices. If you spot anything inconsistent with the Service's actual behaviour, please contact us so we can investigate.