Privacy Policy
This Privacy Policy explains how SecondBrain Solutions Pty Ltd ("we", "us", "our") collects, uses, stores, and protects information when you use Bank Pricing Agent by Sharp AI (the "Service"), our Microsoft Teams app for parallel mortgage pricing comparison.
1. Scope
This Policy covers personal information processed in connection with the Service. It does not cover websites, products, or services operated by third parties (including the bank portals the Service interacts with on your behalf).
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
2. Information We Collect
We collect only what the Service needs to function. We do not use third-party analytics, advertising, or tracking SDKs.
2.1 Bank portal credentials
When you enter credentials for an Australian bank pricing portal via the Service, we collect:
- Bank portal username
- Bank portal password
- Associated bank identifier (e.g., "NAB", "Westpac")
These credentials are encrypted and stored in Azure Key Vault (Australia East region), with per-client isolation. Each client organisation has its own dedicated Key Vault.
2.2 Loan scenario details
When you submit a pricing request, we process:
- Loan amount and property value
- Loan purpose (purchase, refinance, etc.)
- Repayment type and term
- LVR (calculated)
- Property state and postcode
- Bank-specific fields (e.g., offset preferences, fixed rate term)
These details are used only to submit the pricing request and generate results for you. They are processed in-memory during the request and not persisted beyond the submission history record described below.
2.3 Submission history metadata
For 30 days, we retain a record of each submission containing:
- Timestamp
- Banks queried
- Loan scenario summary
- Pricing results returned
This is stored in Azure Blob Storage (Australia East) so you can view, clone, or re-generate reports from your last 30 days of activity. After 30 days, records auto-expire.
2.4 Microsoft Teams identity information
Microsoft Teams provides us with your tenant ID, user ID, display name, and email address as part of the bot conversation context. We use this to:
- Route requests to the correct client organisation
- Authorise which banks you can submit to
- Address you in responses
This information is provided by Microsoft and governed by your organisation's Microsoft 365 agreements.
3. How We Use Your Information
We use collected information only for:
- Submitting pricing requests to Australian bank pricing portals on your behalf
- Returning pricing results to you via Microsoft Teams
- Maintaining a 30-day history so you can review past submissions
- Operating and supporting the Service (debugging, security investigation, technical support)
We do not sell or rent personal information to third parties. We do not use your information for marketing or advertising.
4. How We Store and Protect Information
Encryption
- In transit: All connections use TLS 1.2 or higher, enforced by the Microsoft Azure platform.
- At rest (credentials): Stored in Azure Key Vault, encrypted with FIPS 140-2 Level 2 HSM-backed managed encryption.
- At rest (submission history): Azure Storage Service Encryption (AES-256).
Location
All data is stored in the Australia East Microsoft Azure region. Data does not leave Australia.
Access controls
- Per-client Azure Key Vault isolation. No cross-organisation access.
- Internal access to production systems is limited to authorised SecondBrain Solutions personnel and is logged.
- Bank portal credentials are never logged, never displayed in chat history, and never cached in plaintext.
5. Outbound Communication
To deliver the Service, we make outbound HTTPS requests to:
- Australian bank pricing portals (NAB, Westpac, St.George, ING, ANZ, CBA, Suncorp, BankWest, ME Bank) to submit pricing requests on your behalf
- Microsoft Azure services for storage, authentication, and Teams messaging
We do not send your information to any other third party.
6. Retention
| Data type | Retention period |
|---|---|
| Bank portal credentials | Until you rotate or delete them via the Service, or until your organisation terminates the Service |
| Submission history | 30 days, then auto-deleted |
| Loan scenario details (request-only) | Not persisted beyond the request |
| Microsoft Teams session data | Session duration only |
7. Your Rights Under Australian Privacy Law
You have the right to:
- Access the personal information we hold about you
- Correct information that is inaccurate or out-of-date
- Request deletion of your information (subject to legal retention requirements)
- Complain to us about how we handle your information
To exercise these rights, contact us at james@secondbrain.com.au.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au).
8. Data Breach Notification
In the event of an eligible data breach as defined under the Notifiable Data Breaches scheme, we will notify affected individuals and the OAIC in accordance with our Incident Response Plan, generally within 72 hours of becoming aware of the breach.
9. Children's Privacy
The Service is intended for use by mortgage brokers in a professional context. It is not directed to children under 18 and we do not knowingly collect information from children.
10. Changes to This Policy
We may update this Policy as the Service evolves. Material changes will be communicated via the Service or directly to client organisations. The "Last updated" date at the top of this Policy reflects the most recent change.
11. Contact
For privacy questions, requests, or complaints:
SecondBrain Solutions Pty Ltd
11 Cameron Avenue, Artarmon NSW 2064, Australia
Email: james@secondbrain.com.au
Phone: +61 481 761 659