Privacy Policy
This Privacy Policy explains how SecondBrain Sharp AI Pty Ltd ("we", "us", "our") collects, uses, stores, and protects information when you use Sharp (also referred to as the Bank Pricing Agent or Sharp AI) (the "Service"), our Microsoft Teams app for mortgage pricing comparison.
1. Scope
This Policy covers personal information processed in connection with the Service. It does not cover websites, products, or services operated by third parties (including the bank portals the Service interacts with).
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
2. Information We Collect
We collect only what the Service needs to function. We do not use third-party analytics, advertising, or tracking SDKs.
2.1 Bank portal credentials
When you enter credentials for an Australian bank pricing portal via the Service, we collect:
- Bank portal username
- Bank portal password
- Associated bank identifier (e.g., "NAB", "Westpac")
These credentials are encrypted and held securely within the Microsoft 365 environment, with per-client isolation, so that no organisation can access another's.
2.2 Loan scenario details
When you submit a pricing request, we process:
- Loan amount and property value
- Loan purpose (purchase, refinance, etc.)
- Repayment type and term
- LVR (calculated)
- Property state and postcode
- Bank-specific fields (e.g., offset preferences, fixed rate term)
These details are used only to submit the pricing request and generate results for you. They are processed in-memory during the request and not persisted beyond the submission history record described below.
2.3 Submission history metadata
For 30 days, we retain a record of each submission containing:
- Timestamp
- Banks queried
- Loan scenario summary
- Pricing results returned
This is stored securely within the Microsoft 365 environment (in Australia) so you can view, clone, or re-generate reports from your last 30 days of activity. After 30 days, records auto-expire.
2.4 Microsoft Teams identity information
Microsoft Teams provides us with your tenant ID, user ID, display name, and email address as part of the bot conversation context. We use this to:
- Route requests to the correct client organisation
- Authorise which banks you can submit to
- Address you in responses
This information is provided by Microsoft and governed by your organisation's Microsoft 365 agreements.
3. How We Use Your Information
We use collected information only for:
- Submitting pricing requests to the Australian bank portals you select
- Returning pricing results to you via Microsoft Teams
- Maintaining a 30-day history so you can review past submissions
- Operating and supporting the Service (debugging, security investigation, technical support)
- Creating de-identified, aggregated data (which does not identify you or any borrower) to operate, improve, and develop our services, as described in our Terms of Service
We do not sell or rent personal information to third parties. We do not use your information for marketing or advertising.
4. How We Store and Protect Information
Encryption
Personal information is encrypted in transit and at rest.
Location
All data is stored within the Microsoft 365 environment, in Australia, and does not leave Australia.
Access controls
- Per-client isolation. No cross-organisation access.
- Internal access to production systems is limited to authorised SecondBrain Sharp AI personnel and is logged.
- Bank portal credentials are never logged, never displayed in chat history, and never cached in plaintext.
5. Outbound Communication
To deliver the Service, we make outbound HTTPS requests to:
- Australian bank pricing portals (NAB, Westpac, St.George, ING, ANZ, CBA, Suncorp, BankWest, ME Bank) to submit the pricing requests you make
- Cloud hosting services for storage, authentication, and Teams messaging
We do not send your information to any other third party.
6. Retention
| Data type | Retention period |
|---|---|
| Bank portal credentials | Until you rotate or delete them via the Service, or until your organisation terminates the Service |
| Submission history | 30 days, then auto-deleted |
| Loan scenario details (request-only) | Not persisted beyond the request |
| Credential audit log (metadata only: timestamp, broker identity, action — never the credential itself) | 7 years, for security, audit, and dispute-resolution purposes |
| Microsoft Teams session data | Session duration only |
7. Your Rights Under Australian Privacy Law
You have the right to:
- Access the personal information we hold about you
- Correct information that is inaccurate or out-of-date
- Request deletion of your information (subject to legal retention requirements)
- Complain to us about how we handle your information
To exercise these rights, contact us at james@secondbrain.com.au.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au).
8. Data Breach Notification
In the event of an eligible data breach under the Notifiable Data Breaches scheme, we will assess the breach and notify affected individuals and the OAIC as soon as practicable, in accordance with our Incident Response Plan and the Privacy Act 1988 (Cth).
9. Children's Privacy
The Service is intended for use by mortgage brokers in a professional context. It is not directed to children under 18 and we do not knowingly collect information from children.
10. Changes to This Policy
We may update this Policy as the Service evolves. Material changes will be communicated via the Service or directly to client organisations. The "Last updated" date at the top of this Policy reflects the most recent change.
11. Contact
For privacy questions, requests, or complaints:
SecondBrain Sharp AI Pty Ltd
11 Cameron Avenue, Artarmon NSW 2064, Australia
Email: james@secondbrain.com.au
Phone: +61 481 761 659