Privacy Policy

This Privacy Policy explains how KEYHIVE.COM.AU PTY LTD (ACN: 677 972 922, ABN: 51 677 972 922) ("we," "us," or "our") collects, uses, and protects your personal information when you use our real estate platform and services ("Platform"). We are committed to protecting your privacy and being transparent about our data practices in accordance with Australian law.

Age Requirement: You must be 18 years or older to use KeyHive.

1. Information We Collect

Personal Information

When you register for an account or use our services, we may collect:

Contact information (name, email address, phone number, postal address)
Identity verification details (driver's license, passport, date of birth)
Property information (addresses, ownership details, listing descriptions)
Financial information related to transactions (deposit amounts, preferred settlement dates)
Communication records (messages, support requests, transaction correspondence)

Identity Verification Information

When you choose to verify your identity, you'll provide:

Your government-issued ID (driver's license or passport)
A quick selfie with liveness check to confirm it's really you
Your device details for security purposes
Your consent confirmation and when you gave it

You verify through our trusted partner RapidX—they handle your documents securely and we don't store them. We only keep your verification status to unlock platform features. Your verification stays active for 12 months, keeping things simple for future transactions.

Document Verification Service (DVS) Compliance

KeyHive uses the Australian Government's Document Verification Service (DVS) to verify identity documents. This means:

Your document details are checked with the issuing authority (e.g., state transport authority for driver's licenses)
We access the DVS through approved Gateway Service Providers to ensure secure verification
All DVS checks are logged for compliance and audit purposes
You must provide explicit consent before we perform any DVS checks
We comply with all DVS Participation Agreement requirements

The DVS helps us ensure the identity documents you provide are genuine, protecting you and other users from fraud. We maintain comprehensive audit logs of all verification attempts as required by law.

Social Login Information

When you choose to create an account using social login providers (Facebook, Google, Apple), we may collect:

Basic profile information (name, email address, profile picture)
Account identifier from the social platform (used to link your account)
Any additional information you authorize the social platform to share

We only request the minimum information necessary to create and verify your account. You can revoke access to your social media accounts at any time through your privacy settings on those platforms.

Technical Information

We automatically collect certain technical information when you use our Platform:

Device information (IP address, browser type, operating system)
Usage data (pages visited, time spent, features used)
Location data (if you enable location services)
Cookies and similar tracking technologies

2. How We Use Your Information

We use your personal information to:

Provide our services: Create accounts, facilitate property listings, enable communications between buyers and sellers
Process transactions: Handle offers, contracts, and settlement coordination
Verify identity: Comply with legal requirements and prevent fraud through automated and manual verification processes
Improve our Platform: Analyse usage patterns and enhance user experience
Communicate with you: Send updates, notifications, and support responses
Marketing: Send property alerts and KeyHive updates (only with your consent—you can unsubscribe anytime)
Legal compliance: Meet our obligations under Australian privacy and anti-money laundering laws

Direct Marketing: We only send marketing emails if you opt-in. You can unsubscribe instantly via the link in any email or in your account settings. We never sell or rent your email address to third parties.

Smart Verification That Works for You

Our intelligent verification system helps you:

Get instant verification results so you can list or make offers right away
Access all platform features once you're verified—no waiting around
Receive personal review if the system needs a second look

You're always in control—if you'd prefer human review of any automated decision, just let us know.

3. Information Sharing

Sharing Your Information—Always Your Choice

You control who sees your information. We only share it when you say so or when it's essential for your property journey:

With other users: Your property listings and messages when you're buying or selling
With your chosen professionals: The settlement agents, photographers, or inspectors you select
With essential service providers:
- RapidX - Identity verification partner (they process but don't store your documents)
- Gateway Service Providers - DVS access for document verification with government authorities
- Supabase - Secure database hosting
- SendGrid - Email delivery
- Google Maps - Property location services
With financial partners: Only when you're arranging deposits or loans

Legal Requirements

We may disclose your information when required by law or to:

Comply with legal processes or government requests
Protect our rights, property, or safety, and that of our users
Prevent fraud or illegal activities
Meet anti-money laundering and identity verification obligations

4. How We Protect Your Information

Your security is our priority. Here's exactly how we keep your data safe:

Technical Security Measures

Military-grade encryption: AES-256-GCM encryption for all sensitive data including personal details, offers, and messages
Field-level encryption: Your most sensitive information (tax numbers, bank details, identity documents) gets extra protection
Secure transmission: TLS 1.3 encryption for all data in transit
Database security: Row-level security (RLS) policies ensure you only access your own data
Infrastructure protection: Hosted on Supabase's SOC 2 Type II certified infrastructure

Access Controls

Multi-factor authentication: Available for all accounts, required for admin access
Role-based permissions: Strict access controls based on user roles
API rate limiting: Protection against automated attacks (1000 requests/hour for property operations)
Session management: Automatic timeout after 30 days of inactivity

Operational Security

24/7 monitoring: Real-time security alerts and anomaly detection
Regular audits: Monthly security reviews and penetration testing
Incident response: Dedicated security team with 4-hour response SLA
Data backups: Daily encrypted backups with point-in-time recovery
Audit logging: Comprehensive logs of all data access and modifications

While we use industry-best security practices, we're transparent that no online system is 100% secure. If we ever detect a breach that affects you, we'll notify you within 72 hours as required by law.

5. Your Privacy Rights

You're in charge of your information. Under Australian privacy law, you can:

See what we have: Get a copy of all your personal information
Fix mistakes: Tell us to correct anything that's wrong or incomplete
Delete your data: Ask us to remove your information (where legally possible)
Pause processing: Limit what we do with your data in certain situations
Take it with you: Download your data in a format you can use elsewhere
Say no: Object to specific ways we use your information

Data Deletion Rights

If you signed up using Facebook, Google, or Apple login, you have additional rights regarding your data:

Social platform data deletion: You can request deletion of data we received from social login providers
Account deletion: You can permanently delete your KeyHive account and associated data
Selective data removal: You can request removal of specific types of information where legally permitted

Facebook users: In compliance with Facebook's platform policies, you can request deletion of your data by emailing us from your account's registered email address. We will confirm your identity and process deletion requests within 30 days.

How to make a request: Email privacy@keyhive.com.au from your registered email address with your request. We'll verify your identity for security, then respond within 30 days. Your first request each year is free.

6. Cookies and Tracking

We use cookies and similar technologies to enhance your experience on our Platform. These help us:

Remember your preferences and settings
Analyse Platform usage and performance
Provide personalised content and recommendations
Ensure security and prevent fraud

You can control cookie settings through your browser, though disabling certain cookies may affect Platform functionality. For more details, see our Cookie Policy.

7. How Long We Keep Your Information

We keep your data for specific periods based on legal requirements:

Active account data: As long as your account is active
Closed account data: 7 years after closure (tax law requirement)
Property transaction records: 7 years (real estate regulations)
Identity verification: 12 months from verification date
DVS audit logs: 7 years (compliance requirement)
Marketing preferences: Until you unsubscribe
Support communications: 2 years

After these periods, we securely delete your information unless we're legally required to keep it longer.

8. Third-Party Services

Our Platform integrates with various third-party services (photographers, settlement agents, financial institutions, etc.). These providers have their own privacy policies governing how they handle your information. We encourage you to review their privacy practices when using their services through our Platform.

9. When Your Data Travels

Sometimes your information needs to cross borders to give you the best service. For example, when you verify your identity, RapidX might process it in their secure international facilities. Don't worry—wherever your data goes, we make sure it's protected to Australian privacy standards. Your security travels with you.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a prominent notice on our Platform. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, please contact us:

Privacy Officer: privacy@keyhive.com.au
General Enquiries: support@keyhive.com.au
Phone: 0410 631 732
Mail: Privacy Officer, KEYHIVE.COM.AU PTY LTD, Suite 3344, Shop 22, 816 Beeliar Drive Success WA 6164, Australia

12. Not Happy? Let's Fix It

If something's not right with how we've handled your information, tell us first—we'll do our best to sort it out. Still not satisfied? You can take it further with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or call them on 1300 363 992. Your privacy matters to us.

13. Legal Compliance Framework

KeyHive is committed to meeting all Australian privacy and data protection requirements:

Privacy Act 1988 (Cth) Compliance

Australian Privacy Principles (APPs): We comply with all 13 APPs, including:
- APP 1: Open and transparent management of personal information
- APP 3: Collection of solicited personal information only when necessary
- APP 6: Use and disclosure for primary purposes only
- APP 8: Cross-border disclosure protections
- APP 11: Security of personal information
- APP 12: Access to personal information
Notifiable Data Breach Scheme: 72-hour notification commitment for eligible breaches
Credit Reporting: We don't engage in credit reporting activities

Other Regulatory Compliance

Anti-Money Laundering and Counter-Terrorism Financing Act 2006: Identity verification for property transactions over $10,000
Electronic Transactions Act 1999 (WA): Valid electronic signatures and consent processes
Spam Act 2003: Consent-based marketing communications with unsubscribe options
Competition and Consumer Act 2010: Transparent pricing and no misleading conduct
Real Estate and Business Agents Act 1978 (WA): Compliance with WA property transaction requirements

Industry Standards

ISO 27001 alignment: Information security management practices
OWASP compliance: Web application security standards
PCI DSS ready: Payment card data protection (when implemented)

This Privacy Policy is governed by Australian law. Last reviewed by our legal team: July 2025. Privacy Officer: privacy@keyhive.com.au

Age Requirement: You must be 18 years or older to use KeyHive.

1. Information We Collect

Personal Information

When you register for an account or use our services, we may collect:

Contact information (name, email address, phone number, postal address)
Identity verification details (driver's license, passport, date of birth)
Property information (addresses, ownership details, listing descriptions)
Financial information related to transactions (deposit amounts, preferred settlement dates)
Communication records (messages, support requests, transaction correspondence)

Identity Verification Information

When you choose to verify your identity, you'll provide:

Your government-issued ID (driver's license or passport)
A quick selfie with liveness check to confirm it's really you
Your device details for security purposes
Your consent confirmation and when you gave it

Document Verification Service (DVS) Compliance

KeyHive uses the Australian Government's Document Verification Service (DVS) to verify identity documents. This means:

Your document details are checked with the issuing authority (e.g., state transport authority for driver's licenses)
We access the DVS through approved Gateway Service Providers to ensure secure verification
All DVS checks are logged for compliance and audit purposes
You must provide explicit consent before we perform any DVS checks
We comply with all DVS Participation Agreement requirements

Social Login Information

When you choose to create an account using social login providers (Facebook, Google, Apple), we may collect:

Basic profile information (name, email address, profile picture)
Account identifier from the social platform (used to link your account)
Any additional information you authorize the social platform to share

We only request the minimum information necessary to create and verify your account. You can revoke access to your social media accounts at any time through your privacy settings on those platforms.

Technical Information

We automatically collect certain technical information when you use our Platform:

Device information (IP address, browser type, operating system)
Usage data (pages visited, time spent, features used)
Location data (if you enable location services)
Cookies and similar tracking technologies

2. How We Use Your Information

We use your personal information to:

Provide our services: Create accounts, facilitate property listings, enable communications between buyers and sellers
Process transactions: Handle offers, contracts, and settlement coordination
Verify identity: Comply with legal requirements and prevent fraud through automated and manual verification processes
Improve our Platform: Analyse usage patterns and enhance user experience
Communicate with you: Send updates, notifications, and support responses
Marketing: Send property alerts and KeyHive updates (only with your consent—you can unsubscribe anytime)
Legal compliance: Meet our obligations under Australian privacy and anti-money laundering laws

Smart Verification That Works for You

Our intelligent verification system helps you:

Get instant verification results so you can list or make offers right away
Access all platform features once you're verified—no waiting around
Receive personal review if the system needs a second look

You're always in control—if you'd prefer human review of any automated decision, just let us know.

3. Information Sharing

Sharing Your Information—Always Your Choice

You control who sees your information. We only share it when you say so or when it's essential for your property journey:

With other users: Your property listings and messages when you're buying or selling
With your chosen professionals: The settlement agents, photographers, or inspectors you select
With essential service providers:
- RapidX - Identity verification partner (they process but don't store your documents)
- Gateway Service Providers - DVS access for document verification with government authorities
- Supabase - Secure database hosting
- SendGrid - Email delivery
- Google Maps - Property location services
With financial partners: Only when you're arranging deposits or loans

Legal Requirements

We may disclose your information when required by law or to:

Comply with legal processes or government requests
Protect our rights, property, or safety, and that of our users
Prevent fraud or illegal activities
Meet anti-money laundering and identity verification obligations

4. How We Protect Your Information

Your security is our priority. Here's exactly how we keep your data safe:

Technical Security Measures

Military-grade encryption: AES-256-GCM encryption for all sensitive data including personal details, offers, and messages
Field-level encryption: Your most sensitive information (tax numbers, bank details, identity documents) gets extra protection
Secure transmission: TLS 1.3 encryption for all data in transit
Database security: Row-level security (RLS) policies ensure you only access your own data
Infrastructure protection: Hosted on Supabase's SOC 2 Type II certified infrastructure

Access Controls

Multi-factor authentication: Available for all accounts, required for admin access
Role-based permissions: Strict access controls based on user roles
API rate limiting: Protection against automated attacks (1000 requests/hour for property operations)
Session management: Automatic timeout after 30 days of inactivity

Operational Security

24/7 monitoring: Real-time security alerts and anomaly detection
Regular audits: Monthly security reviews and penetration testing
Incident response: Dedicated security team with 4-hour response SLA
Data backups: Daily encrypted backups with point-in-time recovery
Audit logging: Comprehensive logs of all data access and modifications

5. Your Privacy Rights

You're in charge of your information. Under Australian privacy law, you can:

See what we have: Get a copy of all your personal information
Fix mistakes: Tell us to correct anything that's wrong or incomplete
Delete your data: Ask us to remove your information (where legally possible)
Pause processing: Limit what we do with your data in certain situations
Take it with you: Download your data in a format you can use elsewhere
Say no: Object to specific ways we use your information

Data Deletion Rights

If you signed up using Facebook, Google, or Apple login, you have additional rights regarding your data:

Social platform data deletion: You can request deletion of data we received from social login providers
Account deletion: You can permanently delete your KeyHive account and associated data
Selective data removal: You can request removal of specific types of information where legally permitted

6. Cookies and Tracking

We use cookies and similar technologies to enhance your experience on our Platform. These help us:

Remember your preferences and settings
Analyse Platform usage and performance
Provide personalised content and recommendations
Ensure security and prevent fraud

You can control cookie settings through your browser, though disabling certain cookies may affect Platform functionality. For more details, see our Cookie Policy.

7. How Long We Keep Your Information

We keep your data for specific periods based on legal requirements:

Active account data: As long as your account is active
Closed account data: 7 years after closure (tax law requirement)
Property transaction records: 7 years (real estate regulations)
Identity verification: 12 months from verification date
DVS audit logs: 7 years (compliance requirement)
Marketing preferences: Until you unsubscribe
Support communications: 2 years

After these periods, we securely delete your information unless we're legally required to keep it longer.

8. Third-Party Services

9. When Your Data Travels

10. Changes to This Policy

11. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, please contact us:

Privacy Officer: privacy@keyhive.com.au
General Enquiries: support@keyhive.com.au
Phone: 0410 631 732
Mail: Privacy Officer, KEYHIVE.COM.AU PTY LTD, Suite 3344, Shop 22, 816 Beeliar Drive Success WA 6164, Australia

12. Not Happy? Let's Fix It

13. Legal Compliance Framework

KeyHive is committed to meeting all Australian privacy and data protection requirements:

Privacy Act 1988 (Cth) Compliance

Australian Privacy Principles (APPs): We comply with all 13 APPs, including:
- APP 1: Open and transparent management of personal information
- APP 3: Collection of solicited personal information only when necessary
- APP 6: Use and disclosure for primary purposes only
- APP 8: Cross-border disclosure protections
- APP 11: Security of personal information
- APP 12: Access to personal information
Notifiable Data Breach Scheme: 72-hour notification commitment for eligible breaches
Credit Reporting: We don't engage in credit reporting activities

Other Regulatory Compliance

Anti-Money Laundering and Counter-Terrorism Financing Act 2006: Identity verification for property transactions over $10,000
Electronic Transactions Act 1999 (WA): Valid electronic signatures and consent processes
Spam Act 2003: Consent-based marketing communications with unsubscribe options
Competition and Consumer Act 2010: Transparent pricing and no misleading conduct
Real Estate and Business Agents Act 1978 (WA): Compliance with WA property transaction requirements

Industry Standards

ISO 27001 alignment: Information security management practices
OWASP compliance: Web application security standards
PCI DSS ready: Payment card data protection (when implemented)

This Privacy Policy is governed by Australian law. Last reviewed by our legal team: July 2025. Privacy Officer: privacy@keyhive.com.au

The Essentials

1. Information We Collect

Personal Information

Identity Verification Information

Document Verification Service (DVS) Compliance

Social Login Information

Technical Information

2. How We Use Your Information

Smart Verification That Works for You

3. Information Sharing

Sharing Your Information—Always Your Choice

Legal Requirements

4. How We Protect Your Information

Technical Security Measures

Access Controls

Operational Security

5. Your Privacy Rights

Data Deletion Rights

6. Cookies and Tracking

7. How Long We Keep Your Information

8. Third-Party Services

9. When Your Data Travels

10. Changes to This Policy

11. Contact Us

12. Not Happy? Let's Fix It

13. Legal Compliance Framework

Privacy Act 1988 (Cth) Compliance

Other Regulatory Compliance

Industry Standards

Loading...

Privacy Policy

The Essentials

1. Information We Collect

Personal Information

Identity Verification Information

Document Verification Service (DVS) Compliance

Social Login Information

Technical Information

2. How We Use Your Information

Smart Verification That Works for You

3. Information Sharing

Sharing Your Information—Always Your Choice

Legal Requirements

4. How We Protect Your Information

Technical Security Measures

Access Controls

Operational Security

5. Your Privacy Rights

Data Deletion Rights

6. Cookies and Tracking

7. How Long We Keep Your Information

8. Third-Party Services

9. When Your Data Travels

10. Changes to This Policy

11. Contact Us

12. Not Happy? Let's Fix It

13. Legal Compliance Framework

Privacy Act 1988 (Cth) Compliance

Other Regulatory Compliance

Industry Standards