Privacy Policy

Welcome to Presm, a property investment intelligence platform operated by Rising Returns ("we", "us", "our"). We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and all applicable Australian and New South Wales legislation.

This Privacy Policy applies to all personal information collected through the Presm platform (including the website at presm.com and app.presm.com), our mobile applications, email communications, and any other interactions you have with us.

By using Presm, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the platform.

2.1 Information You Provide Directly

• Account information: Name, email address, phone number, password, and role or position when you create an account or are invited to the platform.
• Property and investment data: Property addresses, purchase prices, rental income, loan details, property expenses, growth projections, and other property-related financial information you enter or upload.
• Communications: Messages, feedback, support requests, and any other content you send to us.
• Profile information: Any additional information you choose to add to your profile.

2.2 Information Collected Automatically

• Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage data: Pages visited, features used, time spent on pages, click patterns, and navigation paths.
• Cookies and similar technologies: See Section 9 (Cookies and Tracking Technologies) for details.
• Log data: Server logs including access times, error logs, and referral URLs.

2.3 Information from Third Parties

We may receive information from third-party sources such as property data providers, public records, and integration partners. This data is used solely to enhance the functionality and accuracy of the platform.

2.4 Sensitive Information

We do not intentionally collect sensitive information (as defined in the Privacy Act 1988) such as health information, racial or ethnic origin, political opinions, or religious beliefs. If we ever need to collect sensitive information, we will obtain your explicit consent first.

We collect and use your personal information only for purposes that are reasonably necessary for our functions and activities, in accordance with APP 6. These purposes include:

• Providing the Service: Operating and maintaining Presm, including account management, property tracking, portfolio analysis, suburb intelligence, and report generation.
• Authentication and security: Verifying your identity, managing access controls, and protecting against unauthorised access.
• Communication: Sending transactional emails (account confirmations, password resets, deal notifications), responding to support requests, and providing platform updates.
• Improvement and analytics: Analysing usage patterns to improve platform features, fix issues, and enhance user experience. We use aggregated and anonymised data where possible.
• Legal compliance: Meeting our obligations under Australian law, including record-keeping, tax obligations, and responding to lawful requests from regulatory authorities.
• Direct marketing: With your consent or where you would reasonably expect it, sending you information about Presm features and services. You can opt out at any time (see Section 10).

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.1 Service Providers (Sub-processors)

We share personal information with trusted third-party service providers who assist in operating the platform:

• Supabase: Database hosting, authentication, and backend infrastructure.
• Email service providers: Transactional and notification emails.
• Analytics providers: Anonymous usage analytics to improve the platform.
• Cloud infrastructure (AWS): Hosting and content delivery.

All service providers are contractually required to protect your personal information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose personal information where required or authorised by Australian law, including:

• In response to a court order, subpoena, or legal process.
• To comply with a request from a regulatory or law enforcement authority.
• To prevent or address fraud, security issues, or technical problems.
• To protect the rights, property, or safety of Rising Returns, our users, or the public.

4.3 Business Transfers

If Rising Returns is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.4 With Your Consent

We may share your information with other parties where you have given us explicit consent to do so.

4.5 Organisational Accounts

If you use Presm as part of a business account (e.g., as a staff member or client), the administrator of that account may have access to certain information associated with your use of the platform, in accordance with the permissions structure of the platform.

In accordance with APP 8, we disclose that your personal information may be transferred to and stored in countries outside Australia, including the United States, where some of our infrastructure providers (including cloud hosting services) maintain their servers.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient complies with the Australian Privacy Principles or is subject to a substantially similar privacy regime. We use contractual protections and security standards to safeguard your data during cross-border transfers.

If you are located in the European Economic Area (EEA), please note that Australia does not currently have an adequacy decision from the European Commission. We rely on appropriate safeguards, including Standard Contractual Clauses where applicable, for any transfer of data involving EEA residents.

We retain your personal information for as long as necessary to:

• Provide the Presm service to you while your account is active.
• Comply with our legal obligations (e.g., tax and financial record-keeping requirements under the Taxation Administration Act 1953 and Corporations Act 2001, which may require retention for up to 7 years).
• Resolve disputes and enforce our agreements.

When your account is closed or your personal information is no longer required, we will take reasonable steps to destroy or de-identify the information, in accordance with APP 11.2.

Upon account deletion, we provide a 30-day window during which you may export your data before it is permanently removed from our active systems. Backup copies may persist for a limited time as part of our standard backup procedures.

In accordance with APP 11, we take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Access controls: Role-based access controls (RBAC) ensure that users can only access data appropriate to their role. Row Level Security (RLS) is enforced at the database level.
• Authentication: Secure password hashing, rate limiting on login attempts, and support for strong password requirements.
• Monitoring: Audit logging of significant actions and regular monitoring for security anomalies.
• Infrastructure: Our hosting providers maintain industry-standard physical and network security certifications.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining appropriate safeguards.

You are responsible for keeping your account credentials secure. Please notify us immediately at support@presm.com if you become aware of any unauthorised access to your account.

Under the Australian Privacy Principles, you have the following rights:

8.1 Access (APP 12)

You may request access to the personal information we hold about you. We will respond to your request within 30 days. In certain circumstances permitted by law, we may refuse access, but we will provide written reasons for any refusal.

8.2 Correction (APP 13)

You may request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within 30 days. You can also update most of your personal information directly through your Presm account settings.

8.3 Anonymity and Pseudonymity (APP 2)

Where practicable, you have the option of not identifying yourself or using a pseudonym when dealing with us. However, for the purposes of creating an account and using certain features of Presm, we require your real identity.

8.4 Data Portability

You may request a copy of your personal data in a structured, commonly used format (CSV or JSON). You can also export your property data and reports directly from the platform.

8.5 Deletion

You may request that we delete your personal information. We will comply where it is reasonable and practicable to do so, except where we are required by law to retain certain records.

8.6 Additional Rights for EEA Residents

If you are located in the European Economic Area, you also have the right to:

• Restrict the processing of your personal data.
• Object to the processing of your personal data.
• Withdraw your consent at any time (where processing is based on consent).
• Lodge a complaint with your local data protection authority.

8.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@presm.com. We may need to verify your identity before processing your request. There is no fee for making a request, though we may charge a reasonable fee for access requests that are manifestly unfounded or excessive.

Presm uses cookies and similar technologies for the following purposes:

9.1 Essential Cookies

These are necessary for the platform to function and cannot be disabled. They include authentication tokens, session cookies, and security-related cookies.

9.2 Analytics Cookies

We use analytics tools to understand how users interact with the platform. These cookies collect aggregated, anonymous data about page views, feature usage, and navigation patterns.

9.3 Managing Cookies

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may impair the functionality of the platform. Most web browsers allow you to control cookies through their settings. For more information, visit your browser's help documentation.

9.4 Do Not Track

We respect "Do Not Track" browser signals. When a Do Not Track signal is detected, we limit data collection to essential cookies only.

In accordance with APP 7 and the Spam Act 2003 (Cth), we will only send you marketing communications where:

• You have given us your express consent; or
• You would reasonably expect to receive such communications based on your relationship with us.

All marketing emails will:

• Clearly identify Rising Returns as the sender.
• Include a functional unsubscribe mechanism.
• Be processed within 5 business days of an unsubscribe request.

Transactional communications (such as account notifications, security alerts, deal updates, and billing information) are not considered marketing and may be sent regardless of your marketing preferences.

Presm is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information as soon as practicable. If you believe we may have collected information from a child, please contact us at support@presm.com.

In accordance with Part IIIC of the Privacy Act 1988 (Cth) — the Notifiable Data Breaches (NDB) scheme — if we become aware of an eligible data breach that is likely to result in serious harm to any affected individuals, we will:

• Conduct an assessment within 30 days of becoming aware of the breach.
• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
• Notify affected individuals, including a description of the breach, the kinds of information involved, and recommended steps to mitigate potential harm.

We maintain an incident response plan to ensure prompt and effective handling of any data breach. If you suspect a data breach or unauthorised access to your account, please contact us immediately at support@presm.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Notify you via email or an in-app notification for significant changes.
• Where required, seek your consent before implementing changes that materially affect how your personal information is handled.

We encourage you to review this Privacy Policy periodically. Your continued use of Presm after any changes constitutes your acceptance of the updated policy.

If you believe that we have breached the Australian Privacy Principles or have a complaint about how we handle your personal information, please contact us using the details in Section 15.

We will:

• Acknowledge your complaint within 5 business days.
• Investigate and respond within 30 days.
• Work with you to resolve the matter in good faith.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Online: www.oaic.gov.au
• Phone: 1300 363 992
• Mail: GPO Box 5218, Sydney NSW 2001

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to report a privacy concern, please contact us:

• Platform: Presm by Rising Returns
• Email: support@presm.com
• Website: presm.com
• Location: New South Wales, Australia

For privacy-specific enquiries, please include "Privacy" in the subject line of your email so we can direct your request appropriately.