OurCommonsOurCommons
ProductGetting startedFor managersFor committeesFor ownersLog inSign up

Legal

Privacy Policy

How we collect, use, and protect information about you, your building, and the people you work with.

Last updated: 27 April 2026

Draft

This policy is in draft form. The final version is being reviewed by our legal team and will replace this text before launch.

1. What we collect

We collect information you provide when you create an account, onboard a building, or use the platform — including names, email addresses, lot ownership details, meeting records, financial transactions, and documents you upload. We also collect usage data (pages visited, features used) and device information (browser type, IP address) to improve the service.

2. How we use it

Your data is used to operate the platform: managing meetings, generating minutes, processing levies, maintaining compliance records, and powering the CoMo AI assistant. We also use aggregated, de-identified data to improve the product. We do not sell your data.

3. Data storage & security

All data is stored in Australian-hosted infrastructure. Our database enforces row-level security (RLS) per building — users in one building cannot access another building's data, even at the database level. Data is encrypted in transit (TLS) and at rest.

4. Building-level isolation

Every query is scoped to the buildings you have access to. Strata managers see only the buildings in their portfolio. Committee members and owners see only their own building. This isolation is enforced at the database layer, not just the application layer.

5. State-specific data retention

We retain records in accordance with the record-keeping requirements of the relevant state strata legislation — including the Strata Schemes Management Act 2015 (NSW), the Owners Corporations Act 2006 (VIC), and the Body Corporate and Community Management Act 1997 (QLD). When a building is removed from the platform, records are retained for the statutory minimum period before deletion.

6. Third parties

We share data only with service providers necessary to operate the platform: hosting (Vercel), database (Supabase), email (Resend), AI processing (Anthropic — for meeting transcription and CoMo). Each provider is bound by data processing agreements. We do not share data with advertisers or data brokers.

7. Your rights

You can request access to, correction of, or deletion of your personal information at any time. Strata managers can export all building data. If you believe your data has been handled incorrectly, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

8. Contact

For privacy questions, email hello@ourcommons.co and we'll respond within one business day.