Privacy Policy

Brikly (“we”, “our”, or “us”) is committed to protecting your privacy. This policy explains what personal and financial information we collect, how we use it, and the choices you have regarding that information.

By using Brikly you agree to the practices described in this policy. If you do not agree, please do not use the service.

We collect the following categories of information:

• Account information: email address and authentication credentials (via Google SSO or email/password).
• Property data: property addresses, purchase prices, current valuations, and property types that you enter.
• Financial data: loan balances, interest rates, repayment schedules, rental income, expense records, and depreciation entries that you enter.
• Usage data: pages visited, features used, and timestamps of activity, collected via server logs and Supabase Analytics.

• To provide, maintain, and improve the service.
• To calculate portfolio metrics, cashflow, and yield figures shown in the dashboard.
• To power the AI assistant features (portfolio context is sent to the AI model only when you use those features).
• To send service-related communications (account verification, security alerts).
• To comply with applicable Australian privacy laws.

We take security seriously and apply the following controls:

• Encryption at rest: sensitive financial fields are encrypted using AES-256 via pgcrypto before storage.
• Row-level security: Supabase row-level security policies ensure your data is only accessible to your authenticated account.
• Encryption in transit: all data is transmitted over HTTPS/TLS.
• Audit logs: all create, update, and delete operations are recorded with timestamps and user attribution.
• Security headers: HTTP security headers including Content-Security-Policy, HSTS, and X-Frame-Options are applied to every response.

We do not sell your personal data. We share data only in these circumstances:

• Supabase: database hosting and authentication. Supabase processes data under their own privacy policy and data processing agreement.
• Anthropic:when you use the AI assistant features, relevant portfolio context and your messages are sent to Anthropic's API. Anthropic processes this data under their usage policy.
• Legal requirements: we may disclose information if required to do so by law or in response to valid requests by public authorities.

We retain your data for as long as your account is active. When you delete your account, we delete your data and cryptographically destroy any encryption keys associated with your account within 30 days.

Under the Australian Privacy Act 1988, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your account and associated data.
• Withdraw consent for optional data processing.

To exercise these rights, use the account deletion feature in Settings → Privacy & Security, or contact us at the address below.

We use session cookies managed by Supabase for authentication. We do not use tracking cookies or third-party advertising cookies.

We may update this policy from time to time. We will notify you of material changes via email or a notice in the app. Continued use after changes constitutes acceptance.

When you connect your Gmail account we request read-only access to scan for property-related documents.

• What we access: Emails from property managers, councils, water authorities, and insurance providers related to your investment properties.
• What we extract: Financial figures — amounts, dates, document types, and property addresses only.
• What we store: Extracted financial data and Gmail message IDs to prevent duplicates. We never store email body content.
• Security: AES-256 encryption at rest. OAuth tokens encrypted using AES-256-GCM with unique IV per token. Row Level Security enforced at database level.
• Disconnect: Settings → Email Automation → removes all tokens immediately.
• Compliance:Our use of Gmail data complies with Google's API Services User Data Policy.

For privacy enquiries, please contact us at privacy@mida.com.au.