Privacy Policy

Last updated: 15 March 2026

1. Introduction

Domato AI Pty Ltd ("we", "us", "our") operates the BrokerIQ platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

We collect information you provide directly:

  • Account information: Name, email address, and authentication credentials when you sign up.
  • Usage data: Queries you submit, features you use, and interaction patterns to improve our service.
  • Gmail & Outlook data: If you connect your email account via our broker integrations, we access email metadata (subject lines, senders, dates, snippets) for sending client communications. Gmail connections use read-only metadata access; Outlook connections use OAuth 2.0 send permissions. We do not read or store full email bodies. OAuth tokens are encrypted at rest using AES-256-GCM.
  • Financial data: Broker scenario data (income, expenses, loan details) you enter for servicing calculations. We do not store bank account numbers or credit card details.
  • AI chat history: Messages you send to and receive from our AI copilot are stored to maintain conversation context and improve service quality.
  • CDR product queries: When you search or match lender products using Consumer Data Right data, we log the query parameters to improve matching relevance.
  • Lead & calculator data: Information submitted through branded lead generation calculators (borrowing capacity, equity, refinance) including contact details and financial inputs.
  • Consent & signature records: Digital consent requests and signature records you create or collect through the platform.
  • Client intake data: Information submitted by your clients through shareable intake forms, including personal details, financial information, and uploaded documents.

3. How We Use Your Information

  • To provide and maintain our platform and services.
  • To personalise your experience and deliver relevant insights.
  • To process transactions and manage your subscription.
  • To communicate with you about updates, security alerts, and support.
  • AI/LLM processing: Chat messages and scenario data may be sent to our AI providers (currently OpenAI) to generate insights, structuring recommendations, and risk flags. We do not use your data to train third-party AI models.
  • CDR data matching: Your scenario inputs are used to match against CDR lender product data to surface relevant products.
  • Lead generation analytics: We provide aggregated lead and calculator usage analytics to help you understand lead conversion and engagement.
  • To improve our platform and service quality.

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: Cloud hosting (Microsoft Azure), payment processing (Stripe), authentication providers (Google), email integration (Microsoft for Outlook), and AI providers (OpenAI for chat and insights) that help us operate the platform.
  • CDR API providers: We query CDR endpoints to retrieve lender product data. No personal information is shared with CDR data holders in this process.
  • Legal requirements: When required by law, court order, or governmental authority.

5. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), encrypted storage for sensitive tokens (AES-256-GCM), and secure authentication via OAuth 2.0. Passwords are hashed using bcrypt. Our infrastructure is hosted on Microsoft Azure in the Australia East region. For more details, see our Security page.

6. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, your data is preserved so that it is available if you resubscribe. You can request deletion of your account and all associated data at any time by contacting us. Gmail and Outlook connection data (including OAuth tokens) is removed immediately when you disconnect your email account.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you (APP 12).
  • Request correction of inaccurate information (APP 13).
  • Request deletion of your personal information.
  • Disconnect third-party integrations (Gmail, Outlook) at any time.
  • Revoke Google OAuth access via your Google Account settings.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

8. Google API Services

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

9. Cookies

We use essential cookies to maintain your session and protect against CSRF attacks. For full details, see our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at support@domato.ai or visit our contact page.