Privacy Policy
Last updated: March 2026
EstiFlow Pty Ltd ("EstiFlow", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
1. Information We Collect
1.1 Personal Information
- Name and email address (at registration)
- Company name (optional)
- Phone number (optional)
- Payment information (processed by Stripe — we do not store card details)
1.2 Construction Plans
- Uploaded architectural plans, energy compliance certificates, structural plans, and related construction documents
- These may contain property addresses and other project-specific information
1.3 Usage Data
- Browser type, IP address, pages visited, and interaction data collected via analytics tools
2. How We Use Your Information
- Processing your plans: Uploaded plans are processed by our extraction engine to produce Bills of Quantities.
- Account management: Your name and email are used for authentication, job notifications, and support communications.
- Payment processing: Payment information is handled by Stripe. We only store transaction references, not card details.
- Service improvement: Aggregated, de-identified usage data helps us improve our extraction accuracy.
3. Data Processing
Uploaded plans are processed by secure third-party data processing services for document classification and data extraction. Document pages are sent to secure third-party services for processing. No personally identifiable information from plans is retained by processing providers beyond the processing session.
4. Data Storage and Security
- All data is stored in GCP Cloud Storage and Supabase hosted in the Australian region.
- Data is encrypted at rest and in transit using industry-standard encryption.
- Access to production systems is restricted to authorised personnel with multi-factor authentication.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Uploaded plans | 12 months after job completion |
| Generated reports | 12 months after job completion |
| Account data | Until deletion requested |
| Payment records | 7 years (Stripe retention) |
6. Third-Party Sharing
We do not sell, trade, or otherwise share your personal information or construction plans with third parties, except:
- Payment processor (Stripe): For payment processing only.
- Processing providers: Document pages are sent to secure third-party services for extraction (no data retained by providers).
- Legal requirements: If required by Australian law or court order.
7. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your data
- Withdraw consent for marketing communications
8. Data Deletion
Users may request deletion of their data at any time by contacting support at hello@estiflow.com.au. Plans and outputs will be permanently deleted within 30 days of the request.
9. Cookies
We use essential cookies for authentication and session management. Analytics cookies (PostHog) are used to understand how visitors use our website. You can disable non-essential cookies in your browser settings.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The latest version will always be available on this page.
Contact
For privacy-related enquiries or data access/deletion requests, contact us at hello@estiflow.com.au.