Privacy Policy.

1. About This Policy

This Privacy Policy explains how Homepedia Pty Ltd ("Homepedia", "we", "us", "our") collects, uses, stores, discloses and protects your personal information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs").

This policy applies to all services provided by Homepedia, including our website (homepedia.com.au), our AI-powered tax assistant ("the Assistant"), and our accounting, tax and advisory services.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Identity information: Full name, date of birth, residential address, email address, phone number.
• Tax-related information: Employment details, income sources and amounts, deduction categories, investment details, rental property information, residency status for tax purposes.
• Financial year and lodgement information: Applicable financial year, prior year lodgement history.
• Communication records: Conversations with our AI assistant, emails, and other correspondence.

2.2 Sensitive Information

We may collect the following sensitive information only where it is reasonably necessary for the provision of our tax services and with your consent:

• Tax File Number (TFN): Collected and handled in accordance with the Privacy (Tax File Number) Rule 2015 ("TFN Rule"). See Section 7 for details.

2.3 Information Collected Automatically

When you use our website or the Assistant, we may automatically collect:

• Browser type and device information
• IP address (used for session management only, not for identification)
• Pages visited and interactions with our website
• Language preference

2.4 How We Collect Information

We collect personal information:

• Directly from you, through conversations with our AI assistant, forms you complete, emails, phone calls, or in-person meetings.
• From third parties, such as the Australian Taxation Office (ATO), with your authorisation.
• Through automated means, such as cookies and analytics tools on our website.

We will only collect personal information that is reasonably necessary for our functions and activities, in accordance with APP 3.

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing tax services: Preparing and lodging tax returns, providing tax advice and guidance, conducting tax estimates.
• AI assistant interactions: Processing your questions and providing real-time tax guidance through our AI-powered assistant.
• Client management: Managing your account, communicating with you about our services, and following up on enquiries.
• Improving our services: Analysing how our services are used to improve quality and user experience.
• Legal and regulatory compliance: Meeting our obligations as a Registered Tax Agent under the Tax Agent Services Act 2009 (TASA), the Privacy Act, and other applicable laws.

We will not use your personal information for any purpose other than those described above, unless we have obtained your consent or are required or authorised by law to do so (APP 6).

4. AI-Powered Assistant — Data Handling

4.1 How the Assistant Works

Our AI assistant uses OpenAI's GPT technology to process your questions and provide tax guidance. When you interact with the Assistant:

• Your messages are sent to OpenAI's API for processing.
• The Assistant may store structured information (such as your name, contact details, income details, and tax situation) to provide continuity during your session and to prepare your case for our team.

4.2 Data Sent to OpenAI

We use OpenAI's API to power our AI assistant. The following information may be transmitted to OpenAI for processing:

• The text of your messages and questions.
• Contextual information from your session (such as prior messages in the same conversation).

Important: OpenAI's API data usage policy (as of our last review) states that data submitted through the API is not used to train OpenAI's models. We have configured our use of OpenAI's services in accordance with their data processing terms. However, we recommend that you do not share highly sensitive information (such as your TFN, passport numbers, or bank account details) through the AI chat. If such information is needed, our team will collect it through secure channels.

4.3 Data Storage

Session data and structured client information collected through the Assistant are stored on Google Drive via secure OAuth 2.0 authenticated access. This data:

• Is stored in JSON format within a secure, access-controlled Google Drive environment.
• Is accessible only by authorised Homepedia staff.
• Is isolated per client session to prevent data leakage between clients.

4.4 AI Limitations

The AI assistant provides general tax guidance only and does not constitute formal tax advice. All tax returns and formal advice are prepared and reviewed by our qualified human team. The AI assistant may occasionally produce inaccurate information; any guidance provided should be verified by our team before acting upon it.

5. Disclosure of Personal Information

We may disclose your personal information to:

• Our team members: Registered tax agents, accountants, and administrative staff involved in providing services to you.
• The Australian Taxation Office (ATO): For lodging tax returns and related communications, as authorised by you.
• Technology service providers: Including OpenAI (AI processing), Google (data storage), and Vercel (website hosting). These providers are based overseas — see Section 6.
• Professional advisors: Lawyers, auditors, or insurers, where reasonably necessary.
• As required by law: Where we are compelled to disclose information by law, regulation, or court order.

We will not sell, rent, or trade your personal information to any third party for marketing purposes.

6. Overseas Disclosure

In accordance with APP 8, we inform you that your personal information may be disclosed to overseas recipients:

Service Provider	Location	Purpose
OpenAI	United States	AI processing of assistant conversations
Google (Google Drive)	United States / Global	Secure storage of client session data
Vercel	United States	Website and application hosting

Before disclosing personal information overseas, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your information, or we obtain your informed consent. By using our services, you consent to the overseas disclosure described above.

7. Tax File Number (TFN) Handling

We handle TFN information in strict compliance with the Privacy (Tax File Number) Rule 2015 and the Privacy Act 1988.

7.1 Collection

• We only collect your TFN when it is reasonably necessary for a purpose authorised by taxation law (e.g., preparing and lodging your tax return).
• We will inform you of the law that authorises the collection, the purpose of collection, and that it is not an offence to refuse to provide your TFN (though there may be financial consequences).

7.2 Use and Disclosure

• Your TFN is used only for purposes authorised by taxation law.
• We do not use your TFN as a general identifier.
• We do not disclose your TFN except as authorised by law or with your specific written consent.

7.3 Storage and Security

• TFN information is stored securely with access restricted to authorised staff only.
• We take reasonable steps to protect TFN information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
• We do not collect or store TFN information through the AI assistant chat. If your TFN is needed, it will be collected through a secure, separate process managed by our team.

7.4 Destruction

We will securely destroy or permanently de-identify your TFN information when it is no longer required by law to retain or no longer necessary for a purpose under taxation law.

8. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure (APP 11). Our security measures include:

• Access controls: Client data is accessible only by authorised Homepedia staff.
• Session isolation: Each client's data in our AI assistant is isolated from other clients' data using unique session identifiers.
• Secure transmission: Data is transmitted using encrypted connections (HTTPS/TLS).
• Secure authentication: Google Drive access is managed through OAuth 2.0 authentication.
• Staff obligations: All staff are bound by confidentiality obligations under the Tax Agent Services Act 2009 (Code of Professional Conduct, Item 6) and our internal policies.

We regularly review our security practices and update them as necessary to address new risks.

9. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

• Tax records: We retain tax-related records for a minimum of 5 years after the completion of the relevant transaction or act, as required by taxation law.
• Session data from the AI assistant: Retained for the duration of the client engagement. Data from users who do not become clients is retained for up to 12 months and then securely deleted.
• Communication records: Retained in accordance with our professional obligations and applicable law.

When personal information is no longer needed, we will take reasonable steps to securely destroy or de-identify it.

10. Notifiable Data Breaches

In accordance with Part IIIC of the Privacy Act (Notifiable Data Breaches scheme), if we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

• Take immediate steps to contain the breach and mitigate any harm.
• Conduct an assessment within 30 days to determine whether the breach is likely to result in serious harm.
• If serious harm is likely, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

11. Your Rights

Under the APPs, you have the right to:

• Access your personal information: You may request access to the personal information we hold about you (APP 12). We will respond to your request within a reasonable period (generally 30 days).
• Correct your personal information: You may request correction of any inaccurate, out-of-date, incomplete, irrelevant, or misleading information (APP 13).
• Withdraw consent: Where we rely on your consent to process personal information, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.
• Make a complaint: If you believe we have breached the APPs, you may make a complaint. See Section 13 below.

You are not required to provide us with your personal information. However, if you choose not to, we may not be able to provide you with some or all of our services.

12. Cookies and Analytics

Our website uses cookies and analytics tools (such as Google Analytics) to understand how visitors interact with our site. These tools collect anonymised data including pages visited, time spent on pages, and referral sources.

You can control cookie settings through your browser. Disabling cookies may affect some features of our website.

We do not use cookies to track you across other websites or to serve targeted advertising.

13. Complaints

If you believe that we have breached the APPs or mishandled your personal information, you may lodge a complaint with us:

• Email: info@homepedia.com.au
• Address: Suite 201, 276 Pitt Street, Sydney NSW 2000

We will acknowledge your complaint within 7 days and investigate it promptly. We aim to resolve complaints within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with a revised "Last Updated" date.

We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:

Homepedia Pty Ltd
Email: info@homepedia.com.au
Address: Suite 201, 276 Pitt Street, Sydney NSW 2000

This Privacy Policy was last updated on 18 February 2026.