Logo

PropOrdo

Privacy Policy

Last updated on May 2026

Introduction

This Privacy Policy explains how PropOrdo Pty Ltd ('PropOrdo', 'we', 'us', or 'our') collects, uses, stores, and protects personal information when you use our Services.

This Policy applies to all users of PropOrdo.com, app.propordo.com, and related services (collectively, the 'Services').

We comply with applicable privacy laws, including the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and where applicable, the EU General Data Protection Regulation (GDPR) and UK GDPR.

Depending on context, PropOrdo may act as either a Data Controller or Data Processor.

Roles and Responsibilities

Where PropOrdo provides Services directly to individual users or subscribers, we act as the Data Controller.

Where PropOrdo processes data on behalf of an organisation (such as property managers, agencies, or enterprises), that organisation is the Data Controller and PropOrdo acts as a Data Processor.

In processor scenarios, we process personal data strictly under documented instructions and applicable Data Processing Agreements (DPAs).

Information We Collect

We collect only information necessary to deliver and improve the Services.

  • Account data: name, email address, login credentials (via Auth0 or equivalent identity provider).
  • Organisation data: company details, team structures, and role-based access information.
  • Property and operational data: listings, maintenance records, workflows, documents, and communications.
  • Usage data: interactions, logs, feature usage, and system performance metrics.
  • Technical data: IP address, device identifiers, browser type, and operating system.
  • Support data: communications with support teams and diagnostic information.
  • Security data: authentication logs, audit trails, and access records.

Legal Basis for Processing

Where GDPR applies, we process personal data under the following legal bases:

  • Contract: to provide and maintain the Services you have requested.
  • Legitimate Interests: to improve, secure, and optimise the platform.
  • Legal Obligation: to comply with applicable laws and regulatory requirements.
  • Consent: where required for optional features such as analytics or marketing.

How We Use Information

We use personal information to:

  • Provide and operate the PropOrdo platform.
  • Authenticate users and manage secure access.
  • Enable role-based access control (RBAC) and organisational workflows.
  • Store and manage property and operational data.
  • Monitor system performance, reliability, and security.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Improve features and user experience through aggregated analytics.
  • Comply with legal and regulatory obligations.

Data Storage and Security

We implement administrative, technical, and physical safeguards designed to protect personal information.

  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest.
  • Access Controls: Strict role-based access control (RBAC) and least-privilege principles.
  • Audit Logging: Security and administrative actions are logged and monitored.
  • Infrastructure Security: Hosted on AWS with industry-standard certifications and controls.
  • Identity Management: Authentication is managed via secure identity providers such as Auth0.
  • Monitoring: Continuous monitoring using tools such as Sentry and cloud-native observability tools.
  • Security Reviews: Regular internal and vendor security assessments are conducted.

Data Sharing and Disclosure

We do not sell personal information.

We share data only where necessary to operate the Services or comply with legal obligations.

  • Cloud infrastructure providers (e.g. AWS).
  • Identity providers (e.g. Auth0).
  • Analytics providers (e.g. Mixpanel, Google Tag Manager).
  • Monitoring and error tracking providers (e.g. Sentry).
  • Organisation administrators within your account.
  • Regulators, courts, or law enforcement where legally required.

International Data Transfers

Your data may be transferred and processed outside your country of residence, including Australia and other jurisdictions where our service providers operate.

Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy.

  • Active account data is retained for the duration of your subscription.
  • Deleted data may remain in backups for a limited retention window.
  • Audit logs and security records may be retained longer for compliance and security purposes.
  • Retention periods may be extended where required by law or legitimate business needs.

Data Subject Rights

Depending on your jurisdiction, you may have the following rights:

  • Right to access your personal data.
  • Right to correct inaccurate data.
  • Right to request deletion ('right to be forgotten').
  • Right to restrict or object to processing.
  • Right to data portability.
  • Right to withdraw consent (where applicable).

Cookies and Tracking Technologies

We use cookies and similar technologies for authentication, security, and analytics.

Analytics cookies are optional and can be managed through consent settings.

Subprocessors

We engage trusted subprocessors to provide infrastructure and services.

  • AWS – cloud hosting and infrastructure
  • Auth0 – authentication and identity management
  • Google Tag Manager – tag and analytics management
  • Mixpanel – product analytics
  • Sentry – error tracking and performance monitoring

Security Incident Management

We maintain procedures for detecting, responding to, and notifying relevant parties of security incidents.

In the event of a data breach, we will act in accordance with applicable laws, including notification obligations under the Australian Privacy Act and GDPR where applicable.

Children’s Privacy

Our Services are not intended for individuals under the age of 16.

We do not knowingly collect personal data from children.

Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for their privacy practices.

Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated through the Services or via email where appropriate.

Contact Information

If you have questions about this Privacy Policy or your data, you may contact us at:

admin@propordo.com