Privacy Policy — BuildMate
Last updated: 1 April 2026
Effective date: 1 April 2026
BuildMate ("we", "us", or "our") operates the website at buildmate.lighttune.com.au (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Who We Are
- Entity: Light Tune Pty Ltd (ABN 20 684 152 618)
- Contact: info@lighttune.com.au
- Website: https://buildmate.lighttune.com.au
2. Information We Collect
2.1 Information You Provide
| Data Type | When Collected | Purpose |
|---|---|---|
| Email address | Account registration | Account management, communication |
| Password | Account registration | Authentication (stored encrypted) |
| Search queries | When you use the search feature | Providing building code search results |
| Conversation history | During AI interactions | Saving your search history for reference |
| Feedback | When you submit feedback | Improving our service |
2.2 Information Collected Automatically
| Data Type | Method | Purpose |
|---|---|---|
| IP address | Server logs | Security, regional optimisation |
| Browser type & version | Analytics | Service compatibility |
| Operating system | Analytics | Service compatibility |
| Pages visited & features used | Analytics | Usage patterns, service improvement |
| Session duration | Analytics | Service improvement |
| Cookies | Browser storage | Authentication, preferences, analytics |
2.3 Sensitive Information
We do not intentionally collect sensitive information (as defined in the Privacy Act), such as health information, racial or ethnic origin, or political opinions.
3. How We Use Your Information
We use your personal information for the following primary purposes:
- Providing the Service: Processing your building code queries and returning AI-generated results
- Account management: Authentication, security, and account maintenance
- Service improvement: Analysing usage patterns to improve search accuracy and user experience
- Communication: Sending service updates, security alerts, and support responses
- Legal compliance: Meeting our obligations under applicable laws
3.1 AI Processing Disclosure
Important — How your queries are processed:
When you submit a search query, the following occurs:
- Your query is transmitted to Google AI (Gemini API) for processing
- Google AI processes your query and returns a response to us
- We display the AI-generated response to you
Data handling by Google AI:
We currently use Google AI's free tier service. Under Google's terms for free tier services:
- Your search queries and the AI-generated responses may be used by Google to improve their products and AI models
- Google human reviewers may read and annotate your queries and responses as part of their improvement process
- Google takes steps to disconnect this data from your account before using it for improvements
- Your queries are processed on servers located outside Australia, primarily in the United States
We plan to transition to Google AI's paid tier as the Service grows. On the paid tier, your queries and responses will not be used by Google to train their models and will be processed under Google's Data Processing Addendum.
If you are not comfortable with your queries being processed under these conditions, please do not use the Service.
4. Disclosure of Your Information
We may disclose your personal information to the following parties:
4.1 Service Providers
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting, authentication | Account info, conversation history | Asia Pacific (may include Singapore, Japan, or other AWS regions) |
| Google AI (Gemini API) | AI query processing | Search queries | United States and other regions |
4.2 Other Disclosures
We may also disclose your information:
- Legal requirements: When required by law, regulation, or legal process
- Protection of rights: To protect our rights, privacy, safety, or property
- Business transfers: In connection with a merger, acquisition, or sale of assets
- With your consent: When you direct us to share your information
We do not sell your personal information to third parties.
5. Overseas Disclosure (APP 8)
Some of our service providers are located outside Australia. When we disclose your personal information overseas, we take reasonable steps to ensure that the overseas recipient handles your information in accordance with the Australian Privacy Principles.
Current overseas disclosures:
| Recipient | Country | Data Types | Protection Measures |
|---|---|---|---|
| Supabase | Asia Pacific (may include Singapore, Japan, or other AWS regions) | Account information, conversation history | Encryption in transit (TLS/SSL), encryption at rest, access controls |
| Google AI (Gemini API) | United States (and other regions where Google operates) | Search queries | Google's terms of service, encryption in transit (TLS/SSL) |
By using the Service, you acknowledge that your personal information may be disclosed overseas as described above.
6. Data Security (APP 11)
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:
- Encryption in transit: All data transmitted using TLS/SSL encryption
- Encryption at rest: Stored data encrypted using industry-standard algorithms
- Authentication: Secure authentication protocols via Supabase Auth
- Access controls: Strict access controls limiting who can view your data
- Regular security assessments: Periodic review of our security practices
However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. Data Retention
We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion request |
| Conversation history | Duration of account, or until you delete individual conversations |
| Usage analytics | 12 months |
| Server logs | 90 days |
When your personal information is no longer needed, we will take reasonable steps to destroy or de-identify it.
8. Your Rights
Under the Privacy Act, you have the right to:
8.1 Access (APP 12)
Request access to the personal information we hold about you. We will respond within 30 days.
8.2 Correction (APP 13)
Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
8.3 Deletion
Request deletion of your account and associated personal information.
8.4 Data Export
Export your conversation history in a machine-readable format.
8.5 Opt-Out
Unsubscribe from marketing communications at any time.
To exercise any of these rights, contact us at info@lighttune.com.au. We may need to verify your identity before processing your request.
We will not charge you for making a request and will respond within 30 days. If we refuse your request, we will provide reasons and inform you of your right to complain.
9. Cookies and Tracking Technologies
We use cookies and similar technologies for:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Authentication cookies | Keep you signed in | Session / 30 days |
| Preference cookies | Remember your settings | 1 year |
| Analytics cookies | Understand how you use the Service | 12 months |
You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality.
10. Children's Privacy
BuildMate is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.
11. Complaints
If you believe we have breached the Australian Privacy Principles, you may:
- Contact us first: Email info@lighttune.com.au with details of your complaint
- Our response: We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days
- External review: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
- Post: GPO Box 5218, Sydney NSW 2001
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on this page with a new "Last updated" date
- Sending an email notification for significant changes
Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related enquiries, requests, or complaints:
- Email: info@lighttune.com.au
- Post: Wolli Creek NSW 2205
This policy was last updated on 1 April 2026.