Privacy Policy

Lettr Australia Pty Ltd · ABN 57 695 994 202 ("Lettr", "we", "us", or "our") operates the rental platform at lettr.com.au. We take your privacy seriously and handle personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

This policy explains what personal information we collect, why we collect it, how we store and protect it, who we share it with, and the rights you have over it. If anything is unclear, contact our Privacy Officer at privacy@lettr.com.au.

1. The personal information we collect

We collect different categories of information depending on your role on the platform:

• From all users: name, email address, phone number, date of birth, hashed password, and account-activity metadata (login times, IP address, device type).
• From tenants applying for properties: employment status, employer name, declared annual income, rental history, references, declared occupants and pets, identity documents (driver licence, passport, or other government-issued ID), and supporting documents you upload.
• From landlords: property address, listing photographs, screening criteria, banking details for rent disbursement (held by our payment processor — see §5), and ABN if you operate as a registered business.
• From all users automatically: pages visited, features used, error reports, and aggregated usage analytics (see §7 on cookies).

You may browse our public marketing pages anonymously without providing any personal information. Some features (search, applications, payments) require an account.

2. Why we collect it and how we use it

We use your information to:

• Create and operate your account and authenticate you securely
• Match tenants and landlords through our search and application workflows
• Generate AI-assisted tenant compatibility scores (see §4 — "Automated decision-making")
• Process bond and rent payments through our payment processor
• Send service-related notifications (application updates, payment receipts)
• Detect, investigate, and prevent fraud, abuse, and platform violations
• Improve the platform and respond to support requests
• Send you direct-marketing messages where you have opted in (see §8)
• Comply with our legal obligations (tax, anti-money-laundering, court orders)

3. Government identifiers (APP 9)

When you upload a driver licence, passport, or Medicare card to verify your identity, we treat the document number as a Commonwealth Government Identifier under APP 9. We do not adopt these numbers as our own identifier, do not use them as account IDs, and do not disclose them to third parties except where the law specifically authorises us to (e.g. anti-money-laundering reporting, valid court orders).

4. Automated decision-making — AI tenant screening

Lettr uses an AI screening system to generate a tenant compatibility score (0–100) for each rental application. The score is advisory only — landlords retain full discretion over tenant selection.

What the AI considers: declared annual income relative to rent, employment status and stability, rental history references, supporting documents uploaded, and the screening criteria the landlord has set for the property.

What the AI does not consider: race, ethnicity, religion, gender identity, sexual orientation, age (beyond the 18+ requirement), marital status, family composition, disability, or any other attribute protected under Commonwealth or state anti-discrimination law.

Your rights: you can see the factors that contributed to your score, request a written explanation, request that a human review the assessment, and submit corrections to any underlying information. Email privacy@lettr.com.au within 14 days of receiving an automated decision to invoke a human review.

5. Who we share your information with

We never sell your personal information. We share it only as necessary to provide our service or to comply with the law. Specifically:

• With landlords you apply to: your application data, including the AI screening score and supporting documents, is shared with the landlord (or authorised property manager) for the property you applied to. It is not shared with landlords of other properties.
• With tenants whose applications you receive: as a landlord, you see contact details and supporting documents only after the applicant submits.
• With service providers we engage to operate the platform — a limited list, each contractually bound to confidentiality and APP 8 obligations:

With law enforcement or regulators when we are legally compelled to do so (court order, valid subpoena, or in response to credible threats to life or safety). We will tell you about such requests where the law allows.

6. Cross-border disclosure (APP 8)

Some of the providers above are located outside Australia. By using Lettr, you acknowledge that your personal information may be transferred to and processed in the United States or the European Union for the limited purposes set out in §5. We take reasonable steps to ensure those providers handle your information consistently with the APPs, including through written processor agreements.

7. Cookies and similar technologies

We use cookies and similar storage technologies to authenticate you, remember your preferences, and measure aggregate usage. For the full list, categories, durations, and how to control them, see our Cookie Policy.

8. Direct marketing and how to opt out (APP 7)

From time to time we may send you promotional emails about new features, market insights, or partner offers. We will only do this if you have either explicitly opted in or are an existing customer in a context where the law allows.

Every direct-marketing email contains a one-click unsubscribe link, in line with the Spam Act 2003 (Cth). You can also turn off all marketing in your account settings, or email privacy@lettr.com.au with the subject line "Unsubscribe". Service-related notifications (application updates, payment receipts, security alerts) cannot be turned off while you have an active account.

9. How long we keep your information

We keep personal information only as long as we need it for the purposes set out above, or as required by law. Indicative retention windows:

• Account information: for the life of your account plus 30 days after closure (so you can recover an accidentally deleted account).
• Tenant applications and supporting documents: 90 days after the final outcome (approved, rejected, or withdrawn). You can request earlier deletion.
• Lease and payment records: 7 years from the end of the financial year in which they were created, to meet ATO record-keeping requirements.
• Diagnostic logs (Sentry): 30 days, then permanently deleted.
• Aggregate analytics (PostHog): personal identifiers are stripped or pseudonymised; aggregate trends may be retained indefinitely.

10. How we keep your information secure

We take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include TLS encryption in transit, encryption-at-rest for our database and uploaded documents, least-privilege access controls for staff, regular security reviews of our codebase and dependencies, and rate-limiting of sensitive endpoints.

No system is perfectly secure. If we ever suffer a data breach that is likely to result in serious harm to affected individuals, we will notify you and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in line with the Notifiable Data Breaches scheme.

11. Your rights — access, correction, deletion (APPs 12 & 13)

You can ask us to:

• Confirm what personal information we hold about you
• Provide you with a copy of that information in a portable format
• Correct anything that is inaccurate, incomplete, or out of date
• Delete your account and associated personal information (subject to records we are legally required to keep under §9)
• Withdraw consent for direct marketing or analytics tracking

You can update most profile information directly in your account settings. For everything else, email privacy@lettr.com.au. We will respond within 30 days. There is no charge unless your request is unusually complex; we will tell you in advance if a fee applies and you can withdraw the request at no cost.

12. Complaints

If you think we have mishandled your personal information, please contact us first at privacy@lettr.com.au with the subject line "Privacy Complaint". We will acknowledge your complaint within 7 days and provide a substantive response within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phoning 1300 363 992.

13. Children

Lettr is for users aged 18 and over. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at privacy@lettr.com.au and we will delete it promptly.

14. Changes to this policy

We may update this Privacy Policy from time to time. For material changes that affect how we use your information, we will notify you by email and post a notice on the platform at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

15. Contact us

For privacy questions, requests, or complaints, contact our Privacy Officer at privacy@lettr.com.au or via our Contact page.