How we collect, use, store and protect personal information — written in plain English under the Australian Privacy Principles.
Last updated · 10 May 2026
TrailScope is operated by Aartan Group Pty Ltd ("TrailScope", "we", "us", "our"), an Australian company. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
We use your information to provide the TrailScope service, authenticate you, run retention scoring and AI Insights against your portfolio, send transactional email (receipts, security alerts), and improve the product. We do not sell or rent your data.
When you use AI Insights, an aggregate-only summary of your portfolio (KPIs, lender concentration, risk distribution) is sent to the configured AI provider (Anthropic, OpenAI or Google Gemini). We deliberately exclude names, email addresses, phone numbers, dates of birth and free-form notes from this context. If you bring your own API key, prompts go to your provider under your account; otherwise they go through our shared platform key with a 10-request-per-minute rate limit.
All portfolio data is stored in AWS Sydney (ap-southeast-2) via Supabase. Backups remain in the same region. Stripe, Anthropic, OpenAI and Google may process limited data outside Australia under their own contracts and certifications.
TLS 1.2+ in transit, AES-256 at rest, Row-Level Security on every multi-tenant table. See the full architecture on our Security page.
Under the APPs you can request access to, correction of, or deletion of your personal information at any time. Account holders can delete their workspace and `auth.users` record from Settings → Organisation → Delete account. For everything else, email privacy@trailscope.com.au.
We use essential cookies and `localStorage` to keep you signed in and remember UI preferences (selected period, table column visibility). We do not use third-party advertising or cross-site tracking cookies.
Active workspace data is retained for the life of your subscription. After cancellation, encrypted backups roll off within 30 days. Audit-log entries required by the NCCP Act are retained for 7 years.
We'll notify account admins by email at least 14 days before any material change to this policy.
Email privacy@trailscope.com.au. If you're not satisfied, you can refer the matter to the Office of the Australian Information Commissioner.