Privacy & data residency
The short version:
- All your data lives in Sydney, in
ap-southeast-2AWS. - Data never leaves Australia. Not for backups, not for analytics, not for support tickets.
- AI processing uses providers with AU/Asia-Pacific endpoints where available, so even AI requests stay close to home.
- AI providers don't train on your data. Contractually excluded.
- You own your data. Cancel any time, we export everything to CSV.
What "data" means here
Three categories:
- Agency operational data — properties, owners, tenants, contractors, maintenance, inspections, compliance, notices, case packs.
- Identifying data — names, emails, phone numbers, addresses.
- AI request logs — what we sent to the AI provider on your behalf, kept for 30 days for debugging then deleted.
All three live in the same Sydney region. None leaves.
Who can see your data
Within PMFriend:
- Your team — anyone you've invited as Agency Admin or PM. Read-only members can see but not edit.
- PMFriend's support team — only when you ask us to look at something specific (e.g. "this report is missing rooms"). Every such access is logged in our audit log and we can show you what was viewed.
- Nobody else. Not other agencies, not analytics platforms, not marketing partners.
We do not:
- Sell or share your data with anyone
- Use your data for marketing analysis
- Pool your data with other agencies' data for cross-tenant features
- Train any AI model on your data
Australian Privacy Principles compliance
PMFriend handles personal information in line with the Australian Privacy Principles (APPs). Specifically:
- APP 5 (notification of collection) — when a tenant submits a report through our form, the form tells them their data is shared with their property manager and is held by PMFriend in Sydney.
- APP 8 (cross-border disclosure) — your data is processed only in Australia. AI requests use providers with AU/APAC endpoints. Where a request must go to a non-AU endpoint, we tell you which endpoint and contractually limit processing terms.
- APP 11 (security) — encrypted in transit (HTTPS) and at rest (AWS managed keys). 14-day point-in-time recovery for backups.
- APP 12 (access on request) — anyone whose data we hold can email
support@pmfriend.com; we extract their data within 30 days.
We are not a Privacy Act exempt small business — we treat APP compliance as a baseline regardless.
Tenant data specifically
Tenants are the most-protected class of person in the system because they have the least leverage. Specifically:
- Tenants don't see other tenants' data. Each property's submission flow is fully isolated.
- Tenants can request deletion at lease end. Subject to BSA retention requirements (typically 5–7 years per state) — anything required by statute stays, the rest is deleted.
- AI requests for triage see only the report text + property context. They don't see the tenant's name, contact, or other history.
Owner data
- Your owners' contact details are held to facilitate communications you initiate.
- We don't email owners unless your PM has approved + sent the email.
- Owners can request a data export the same way tenants can.
Contractor data
- Contractor details (business name, ABN, insurance dates, ratings) are stored at the agency level. Other agencies cannot see them.
- Magic-link tokens are scoped to a single work order and expire after 14 days.
- Contractor accounts have no persistent login — they identify via the one-time URL.
Backup + recovery
- AWS RDS automated backups are kept 14 days, with point-in-time recovery to any second within that window.
- Manual snapshots are kept indefinitely (we use these before risky operations like DB schema migrations).
- Backups are stored in the same Sydney region as the live database. No cross-region replication today.
Cancellation + data return
When you cancel:
- We export your full agency data to CSV within 7 business days.
- We email you the export as encrypted ZIP files.
- We retain your data for 30 days in case you change your mind.
- After 30 days, your operational data is permanently deleted.
- Trust ledger items required for BSA compliance — none of which PMFriend holds anyway, since they live in your PMS — are excluded from the 30-day clock.
Data breach response
If we ever have a data breach affecting your data, we will:
- Tell you within 72 hours of confirming the breach.
- Tell affected individuals if the breach meets the Notifiable Data Breaches scheme threshold.
- Tell the OAIC if applicable.
- Publish a public timeline of what happened, what was affected, and what we changed.
We've never had one. Watching to make sure that stays true.