Privacy Policy

1. Who this policy applies to

This policy applies to all visitors and account holders of the Auction Intel website at auction-intel.com and any related APIs, applications and email services (collectively, the "Service"). It does not apply to third-party websites we link to (including the auction-source sites we index — Pickles, Manheim, IAAI, Grays, Slattery, Carsales — and any other external resource), each of which has its own privacy practices and is responsible for the personal information it collects directly from you.

2. What personal information we collect

We collect only the personal information we need to operate the Service for you. Specifically:

• ·Account information — your email address (required to sign in via magic link), and optionally your full name, phone number, residential address (street, suburb, state, postcode) and marketing-consent preference, all supplied voluntarily on the profile page.
• ·Usage information — the VINs you check, the auction URLs you submit, the listings you save to your watchlist, the search queries you run, your hourly-quota counters, the timestamps and outcomes of your interactions with the Service.
• ·Technical information — your IP address, browser user-agent, operating system, referring URL, request paths, response status codes and approximate geographic region. This is logged for security, abuse-detection, debugging and capacity-planning purposes.
• ·Communications — the content of any email, takedown request, support ticket or feedback you send to us.
• ·Cookies and similar technologies — a small number of strictly necessary, first-party cookies for sign-in session management and CSRF protection. We do not use third-party advertising cookies, behavioural tracking pixels, fingerprinting scripts, or cross-site analytics suites.

We do not knowingly collect, and you should not submit through the Service, any "sensitive information" as defined by the Privacy Act (including health, racial, political, religious, biometric or criminal-record information). If you submit sensitive information to us inadvertently, we will delete it promptly upon becoming aware.

3. How we collect personal information

Personal information is collected directly from you when you sign up, sign in, update your profile, run a search, save a listing, or contact us. Technical information is collected automatically by our servers and our content-delivery / edge security provider when you interact with the Service. We do not buy personal information from data brokers, do not enrich your record from third-party sources, and do not run lead-generation tracking on the Service.

4. Why we collect it (purpose)

We use your personal information for the following purposes only:

• ·To create, authenticate, secure and operate your account, including the delivery of single-use magic-link sign-in emails.
• ·To deliver the Service to you — running searches, computing deal scores, surfacing your saved listings, applying rate-limits, displaying your remaining hourly quota.
• ·To pre-fill your contact details into future auction-workflow features (such as a Buyer Number application form), should you elect to use them.
• ·To send you transactional emails essential to the Service (sign-in links, quota-reset notifications, security alerts about your account, material changes to these policies or to features you use).
• ·To send you product-update or deal-alert emails only if you have explicitly ticked the marketing-consent box on your profile. Every such email includes a one-click unsubscribe.
• ·To detect, investigate and prevent fraud, abuse, scraping, quota-circumvention, unauthorised access and other security events.
• ·To debug software issues, monitor system health, plan capacity, and improve the Service over time.
• ·To comply with our legal obligations, respond to lawful regulatory requests, defend our legal rights and the rights of our users, and enforce our Terms of Use.

We will not use your personal information for any other purpose unrelated to the operation of the Service without first obtaining your express consent, or unless we are required or authorised to do so by law.

5. Who we share it with (disclosure)

We do not sell, rent, trade or commercially share your personal information with anyone. We disclose personal information only in the following limited circumstances:

• ·Service providers (data processors) who help us run the platform under written contracts that restrict their use of your data to delivering the contracted service. Specifically:
  • · Content-delivery and edge-security provider — terminates TLS, applies DDoS / bot protection, and routes traffic to the application. Receives technical metadata for every request (IP, user-agent, request path). Operates globally.
  • · Application hosting provider — Australian-region virtual private server hosting where our application, database and indexing pipeline run.
  • · Transactional email provider — delivers magic-link sign-in emails and (where you have opted in) deal alerts. The recipient address, email content and delivery transcript pass through this provider's infrastructure.
  • · Address-autocomplete provider — if you choose to use the address-autocomplete feature on the profile page, your in-progress address query is sent to a third-party places API. Disabling autocomplete (entering the address manually) avoids this disclosure.
• ·Law enforcement, regulators or courts, where we are compelled by an enforceable Australian warrant, subpoena, court order, statutory disclosure notice, or in response to a credible report of unlawful activity, including (without limitation) requests received from the Australian Federal Police, state policing services, the Office of the Australian Information Commissioner (OAIC), the ATO, or a court of competent jurisdiction.
• ·Professional advisers, where their advice (legal, accounting, audit) is necessary in connection with the operation, sale, merger or restructure of the Service. Advisers are bound by their own professional confidentiality obligations.
• ·Successor entity, in the event the Service is sold, transferred or restructured. Your data would transfer subject to the same privacy commitments contained in this policy, and you would be notified by email of any material change before it took effect.

We do not disclose your personal information to auction operators (Pickles, Manheim, IAAI, Grays, Slattery), vehicle vendors, dealers, advertisers, data brokers, marketing networks or social-media platforms.

6. Cross-border disclosure

Our primary database and application servers are located in Australia. Some of our infrastructure providers (content delivery, transactional email, address-autocomplete) operate globally and may process technical metadata or message content through servers located in the United States, the European Union or other jurisdictions. By using the Service you consent to such cross-border disclosure as a necessary incident of delivery. Where we engage an overseas processor we take reasonable steps to ensure they handle your data consistently with the APPs.

7. How we hold and secure your information

Personal information is stored in an encrypted database on Australian-region servers, behind a globally distributed edge with TLS 1.3 enforced end-to-end. Access to the underlying database is restricted to authorised platform staff under access controls. We use single-use magic links rather than stored passwords, eliminating an entire class of credential-leak risk. Server logs are rotated, structured backups are encrypted at rest, and abuse-detection systems monitor for unusual access patterns. While we take these measures, no system is perfectly secure — you should also keep your sign-in email account secure and not forward your magic link to anyone.

8. How long we keep it (retention)

• ·Account profile data — kept for as long as your account is active. If you delete your account or request closure, profile data (name, phone, address, marketing-consent flag) is removed within thirty (30) days. Your account email may be retained in a hashed-only form to enforce sign-up cooldowns and abuse prevention.
• ·Usage history (which VINs you checked, which listings you saved) — kept for as long as your account is active so the dashboard can show recent activity. Removed within thirty (30) days of account closure.
• ·Server logs (IP, user-agent, request path) — rotated every fourteen (14) days, after which they are archived in anonymised form for capacity planning or discarded entirely.
• ·Email transcripts (correspondence with us) — retained for as long as needed to resolve the matter you raised, plus a further twelve (12) months for audit trail.
• ·Anonymised auction data — VIN-history records, hammer prices and listing snapshots indexed from public third-party auction sites are not personal information of yours, and we retain them indefinitely as part of the Service's value-add.

9. Your rights — access, correction and complaints

Under the Privacy Act and the APPs you have a right to:

• ·Access the personal information we hold about you. Most fields are visible directly on your profile page and dashboard; for anything beyond that, email us and we'll respond within thirty (30) days at no charge.
• ·Correct any inaccurate personal information. You can edit your name, phone and address directly on the profile page (via the Edit button). Email-address changes require contacting us so we can re-verify.
• ·Delete your account and the personal information attached to it. Email us at hello@auction-intel.com with the subject "Account deletion request" from the email address on the account. Completed within thirty (30) days.
• ·Withdraw consent to marketing emails at any time via the one-click unsubscribe link in any such email, or by ticking the consent box off on your profile.
• ·Complain about how we have handled your personal information. Complaints should be sent to privacy@auction-intel.com. We will acknowledge within seven (7) days and respond substantively within thirty (30) days. If you are not satisfied with our response, you may escalate the complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

10. Children

The Service is intended for users aged 18 years and over. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete the information promptly.

11. Data breach response

In the event of an eligible data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act — notifying affected users and the OAIC as soon as practicable, in the form and with the content required by that scheme.

12. Updates to this policy

We may update this policy from time to time. The "Version" line at the top of this page identifies the current version. Material changes will be notified by email and/or by a site banner before they take effect. Your continued use of the Service after the effective date of an update constitutes your acceptance of the revised policy.