Privacy Policy

Effective Date: 18 June 2026

1. Introduction

Welcome to PMHelp (“we”, “our”, or “us”). We are committed to protecting your privacy and ensuring that your personal information is handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our AI Receptionist platform, website, and associated services (collectively, the “Services”).

2. Information We Collect

Because our Services integrate directly with your email inbox and calendar to provide AI-assisted triage, response drafting, and scheduling, we collect two main categories of information:

2.1 Information about You (The User)

  • Account Details: Name, email address, phone number, and agency name.
  • Billing Information: We use Stripe to process payments securely. We do not store your raw credit card numbers on our servers; Stripe handles card data securely on our behalf. To support Australian tax invoicing and subscription management, we also share billing account details with Stripe, including your organisation name, billing email, billing address (where provided), and your Australian Business Number (ABN) or tax identifier.
  • Technical & Usage Data: IP address, browser type, device information, and logs of how you interact with our platform (e.g., approval of AI-generated actions).
  • Integration Data: OAuth tokens and connection metadata required to sync your inbox and calendar securely via our third-party integration partners (e.g., Aurinko, Google, Microsoft).
  • Address Lookups: When you add a property, we use the Google Maps Platform (Places) to provide address autocomplete. The address you search, the selected formatted address, the Google Place ID, and approximate coordinates may be processed and stored against the property record.

2.2 Information contained in your Communications, Calendars & Uploads (Third-Party Data)

To provide the Services, our AI models analyze the contents of the emails and calendar events you receive, and any documents you upload. This means we process personal information belonging to third parties (such as tenants, landlords, and tradespeople), which may include:

  • Names, email addresses, and phone numbers.
  • Residential addresses and property details.
  • Maintenance requests, financial context (e.g., rent arrears), meeting participants, schedules, and other information contained in the body or attachments of emails and calendar invites.
  • Uploaded documents: Where you upload documents for processing (for example, rent-roll PDFs or tradesperson invoices), we extract structured data from them. The document contents may be transiently transmitted to Google Gemini for extraction and are deleted from the extraction service immediately after processing; the extracted data (such as property, tenant, owner, and financial details) is then stored in your account.

Note on Sensitive Information: We do not intentionally seek to collect “sensitive information” (as defined in the Privacy Act, such as health information). However, if such information is included in an email or document sent to your connected inbox, it will be processed by our system.

3. How We Use the Information

We use the collected information strictly for the following purposes:

  • Providing the Services: To monitor your inbox and calendar, categorize emails by urgency, summarize content, and generate actionable drafted responses.
  • Improving our AI Models: To refine our retrieval-augmented generation (RAG) pipelines and improve the accuracy of our AI actions.
  • Account Management: To process subscriptions securely via Stripe, provide customer support, and communicate updates.
  • Security & Compliance: To monitor for fraudulent activity, unauthorized access, and ensure compliance with our Terms and Conditions.

4. Disclosure of Personal Information

We do not sell personal information to third parties. We only disclose personal information to trusted third-party service providers (sub-processors) who assist us in operating our Services:

  • Artificial Intelligence: Google (Gemini) – used to process, understand, and summarize email and document text and to draft responses.
  • Email & Calendar Sync: Aurinko – used to securely connect and synchronize your mailbox and calendar data.
  • Cloud Infrastructure & Databases: Supabase and Vercel – used to host our application and securely store user data.
  • Payment Processing: Stripe – used for secure subscription billing and tax invoicing.
  • Address Lookup: Google Maps Platform (Places) – used to provide property address autocomplete.
  • Error Monitoring & Diagnostics: Sentry – used to detect and diagnose technical errors and performance issues. We configure Sentry to scrub personal information (such as email addresses and phone numbers) before it is transmitted, and we do not enable session recording.
  • Transactional Communications: HostGator – used to send you system notifications and newsletters via our email server.

If required by law, subpoena, or court order, we may also disclose information to law enforcement or regulatory bodies.

5. Data Retention (APP 11)

We retain personal information only for as long as it is needed for the purposes described in this Policy, or as required by law. Because different types of data serve different purposes, we apply category-specific retention periods:

  • Your matters and correspondence — the emails we process on your behalf, the matters we create from them, and associated documents and attachments — are retained for the life of your account and for up to 7 years after your account is closed. We retain these as business records so that you can meet your own record-keeping obligations and so that records can be produced in tribunal or court proceedings if a dispute arises.
  • Account, billing, and audit records are retained for the same period (life of account, then up to 7 years), consistent with tax, financial, and security record-keeping obligations.
  • AI processing logs — the internal records of how our AI models read content and generated drafts — are retained for up to 2 years and then deleted.
  • Temporary AI performance cache is deleted within 30 days.
  • Integration credentials (OAuth tokens and connection metadata) are deleted within 30 days after you disconnect a mailbox.
  • Temporary upload files that you provide for one-off extraction (such as rent-roll PDFs) are deleted immediately after processing.

You may request earlier deletion of your data at any time (see Section 8). We may, however, retain information beyond the periods above where reasonably necessary to establish, exercise, or defend a legal claim, to comply with a legal or record-keeping obligation, or in connection with actual or anticipated tribunal or court proceedings.

6. Cross-Border Disclosures (APP 8)

Some of our service providers — including Google (Gemini and Maps), Stripe, Sentry, and our cloud infrastructure — may be located or process data outside of Australia, primarily in the United States. By connecting your inbox to PMHelp, you consent to the processing of data in these jurisdictions. We take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with the APPs.

7. Security of Personal Information

We implement strict, industry-standard security measures to protect personal information from unauthorized access, loss, misuse, or alteration:

  • AES-256 encryption of sensitive data at rest and TLS encryption in transit.
  • Secure, limited access to our Supabase databases.
  • We do not persistently store the passwords for your email accounts. Wherever possible we connect mailboxes using secure OAuth tokens. Where a mailbox is connected using a username and password (IMAP), those credentials are transmitted securely to our integration partner (Aurinko) to establish the connection and are not stored in PMHelp's own databases.

8. Access and Correction (APP 12 & 13)

You have the right to request access to the personal information we hold about you and to ask for corrections. Please contact us at admin@pmhelp.com.au and we will respond within a reasonable period.

(Note: If a tenant or landlord wishes to access or correct information contained within an email stored in your inbox, they must direct their request to you/your agency, as you remain the primary data controller of that correspondence).

9. Making a Privacy Complaint

If you believe we have breached the Australian Privacy Principles, please contact us in writing at admin@pmhelp.com.au. We will acknowledge your complaint within 7 days and respond within 30 days. You may also refer complaints to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

10. Contact Us

Email: admin@pmhelp.com.au
Website: www.pmhelp.com.au