Last updated: June 6, 2026
TrackMyPlace ("we", "our", "us") operates the TrackMyPlace platform at trackmyplace.com. We are committed to protecting your privacy. This policy explains how we collect, use, store, and safeguard your information when you use our real estate campaign management platform.
We collect the following types of information:
We use your information to:
We do not sell, rent, or trade your personal information to third parties.
We process your personal data based on:
Your data is stored securely using industry-standard encryption. We use Supabase for authentication and data storage, which provides enterprise-grade security including encryption at rest and in transit (TLS 1.2+). Google OAuth tokens are encrypted using AES-256 before being stored in our database.
We retain your personal data for as long as your account is active or as needed to provide our services. If you delete your account, your account will enter a 14-day grace period during which you may restore it. If you do not restore your account during that period, we will delete or anonymise your personal data from active systems, except where we are required or permitted by law to retain limited records. Google OAuth tokens are deleted immediately when you disconnect your Google account.
We also keep an internal audit log of mutating actions (such as creating, updating, or deleting a listing, document, or conversation) so we can investigate security incidents and respond to data-access requests. Audit log entries are retained for 13 months from the date of the action and are then automatically purged by a nightly job. You can request a copy of the audit log entries associated with your account at any time via the Export My Data tool in Settings.
We use cookies and similar technologies in three categories: strictly necessary (to maintain your session and core platform functionality), analytics (aggregate usage and performance metrics — off by default), and marketing (currently inactive). Non-essential cookies are only set after you give consent via the cookie banner shown on your first visit. You can change your choice at any time from the banner or from Settings → Account. See our Cookies Policy for the full list of cookies, vendors, and retention periods.
To operate TrackMyPlace, we engage the sub-processors listed below. Some of these recipients are located outside Australia. Before disclosing your personal information overseas we take reasonable steps as required by Australian Privacy Principle 8 (cross-border disclosure of personal information), including reviewing each vendor's privacy and security terms, entering into appropriate contractual protections where available (such as data processing terms or equivalent privacy and security commitments), and choosing recipients with safeguards consistent with the Australian Privacy Principles. The list below sets out the recipients, the purpose of disclosure, and the country in which processing occurs.
| Vendor | Purpose | Data categories | Country of processing | DPA / SCC |
|---|---|---|---|---|
| Supabase | Authentication, primary database (Postgres), file storage. | Account, platform and usage data. | Singapore / US | DPA |
| Vercel | Application hosting, edge/serverless execution, web analytics. | Account, usage data, IP address. | US | DPA |
| Google (Workspace APIs) | Gmail, Calendar, Contacts and Drive integrations (opt-in per user). | Account email, OAuth tokens, Google data you choose to access through TrackMyPlace. | US | DPA |
| Google Maps Platform | Address geocoding and Places autocomplete used by the prospecting and address-search features. | Property and search address strings; no user identifiers. | US | DPA |
| Microsoft (Graph) | Outlook email integration (opt-in per user). | Account email, OAuth tokens, Microsoft 365 data you choose to access through TrackMyPlace. | US / EU | DPA |
| Stripe | Subscription billing and payment processing. | Account email, billing address, payment method metadata. | US / Ireland | DPA |
| Twilio | SMS delivery to clients you contact through TrackMyPlace. | Recipient phone number, message content, delivery metadata. | US | DPA |
| Resend | Transactional email delivery (password resets, notifications, client-facing email). | Recipient email address, message content, delivery metadata. | US / EU | DPA |
| Slack | Team messaging integration (opt-in per team). | Account email, message content you choose to send through the integration. | US | DPA |
| Sentry | Application error and performance monitoring. | Account ID, request metadata, IP address, error stack traces. | US / Germany | DPA |
| Upstash | Redis-backed rate limiting and short-lived caching. | Hashed account/IP identifiers, rate-limit counters. | US | DPA |
Each sub-processor has its own privacy policy. We encourage you to review them, and we will update this list when we add, remove, or replace a sub-processor.
You have the right to:
To exercise any of these rights, contact us at privacy@trackmyplace.com.
TrackMyPlace offers optional Google integrations that require access to your Google account data. This section describes what data we access, why, and how we handle it.
When you connect your Google account, we request access to the following scopes:
Google user data is used solely to provide the features described above within TrackMyPlace. Specifically:
You can disconnect your Google account at any time from the Settings page in TrackMyPlace. When you disconnect:
TrackMyPlace's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
TrackMyPlace is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.
We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on the platform or sending you an email. Your continued use of TrackMyPlace after changes are posted constitutes acceptance of the updated policy.
We maintain an internal Notifiable Data Breaches (NDB) response runbook and a breach register in line with Part IIIC of the Privacy Act 1988 (Cth). If we suspect an eligible data breach may have occurred, we will assess the incident as soon as practicable and, in any event, within 30 days. Where a breach is likely to result in serious harm we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable. Our designated Privacy Officer is the accountable person for this process; you can reach the Privacy Officer at privacy@trackmyplace.com. You can also lodge a complaint with the OAIC at oaic.gov.au or by calling 1300 363 992.
If you have questions about this privacy policy or how we handle your data, please contact our Privacy Officer at:
Strictly necessary cookies keep you signed in and the platform working. Optional analytics and marketing cookies help us improve TrackMyPlace. You can change your choice at any time. Learn more.