Privacy Policy

Senly Rent is a product of Uinspo Pty Ltd (ABN 47 664 833 872), trading as SenlyAI. References in this policy to “we”, “us”, or “our” mean Uinspo Pty Ltd in its capacity as the operator of Senly Rent.

Our Privacy Officer can be reached at privacy@senly.ai. We aim to respond to privacy requests within 30 days.

We collect the following categories of Personal Information:

• Identity: full name, date of birth, email address, mobile number.
• Verification documents: drivers licences, passports, Medicare cards, visas, and similar identity records that you upload to verify your identity to your property manager.
• Tenancy records: signed lease agreements, condition reports, bond forms and receipts, rental application supporting documents (payslips, bank statements, employment letters, rental references) that you upload, plus the tenancy metadata (property address, start and end dates, agency assignment).
• Account preferences: notification preferences, policy acceptances, and consents (e.g. marketing opt-in, agency read-history consent).
• Operational data: sign-in events, IP address, browser user-agent, and audit log entries (which actions occurred against your record and by whom). These are used for security forensics and to support your rights under APP 12 (right to access your information).

We collect this information directly from you when you sign up, when your property manager invites you to a tenancy, and when you upload documents or use the service.

• Tenants and applicants — the primary users of Senly Rent.
• Property manager staff at agencies that subscribe to Senly Rent.
• Landlords linked to properties managed through Senly Rent (where an agency grants them access).

We use your Personal Information to:

• provide the service: link you to your tenancy, store your documents, and route messages between you and your property manager;
• verify your identity and prevent fraud;
• send service emails (sign-in magic links, tenancy notifications, security alerts);
• maintain the audit log required to evidence compliance with the Australian Privacy Principles and to investigate any security incident;
• comply with our legal obligations under residential tenancy and tax law.

We do not sell Personal Information. We do not share it with third-party marketers. We do not use your data to train AI models.

We rely on the following lawful grounds:

• Performance of the service you signed up for — most use of your data is to deliver Senly Rent itself.
• Consent — for marketing emails, optional notification channels, and any sharing with parties beyond your active agency.
• Legal obligation — for retention of records required by residential tenancy and tax legislation, and notifiable data breach reporting under Part IIIC of the Privacy Act 1988.
• Legitimate interests — for security forensics, fraud prevention, and platform operation. We balance these against your rights.

Your property management agency. When you accept a tenancy invitation, the agency receives a scoped, revocable read grant for the documents you choose to share. The grant ends when the tenancy ends, after which the agency loses access.

Sub-processors who help us run the platform. Each is bound by contractual confidentiality and security obligations:

• Supabase (Australia, Sydney ap-southeast-2) — database, authentication, and document storage.
• Fly.io (Australia, Sydney syd) — application hosting for our API.
• Vercel (global content delivery, with Sydney function region) — web hosting.
• Resend — transactional email delivery. Where Resend processes your data outside Australia, it is limited to email envelope and routing information.
• Sentry (EU, Frankfurt) — error monitoring. Before any error event is transmitted, Personal Information (emails, phone numbers, identifiers, names, addresses, dates of birth, financial details) is automatically redacted at our application boundary. Sentry receives only redacted operational telemetry. This treatment is documented in our Architecture Decision Record ADR-007.

We do not share your Personal Information with any third party for marketing, advertising, or AI training.

Tier A data — drivers licences, signed leases, bank statements, and any other document containing sensitive Personal Information — is stored in Supabase Australia (Sydney, ap-southeast-2). It does not leave Australia.

Our application code runs on Fly.io machines in Sydney. Our web front-end is served via Vercel's global CDN; Vercel functions for Senly Rent are pinned to the Sydney region.

Where Personal Information is held by a sub-processor outside Australia, we take the steps required by APP 8 to ensure the recipient does not breach the Australian Privacy Principles. For Sentry specifically, the data sent does not constitute Personal Information after our application-side redaction; see clause 6 above.

• Active tenancy records — for the duration of the tenancy plus the period required by applicable residential tenancy law (commonly seven years in Australia).
• Verification documents — until you request deletion or the tenancy they relate to has ended for the period above. After that, they are removed from storage.
• Audit log (access events) — seven years, for security forensics and to evidence compliance under the Australian Privacy Principles.
• Authentication events — twelve months.
• Early-access signups — two years after our last interaction with you, or upon your deletion request, whichever comes first.

We use encryption in transit and at rest with at least industry-standard protocols. Access to our administrative consoles is restricted and protected by multi-factor authentication. Production secrets are stored in encrypted secret stores (Fly.io Secrets, Supabase Vault, Vercel encrypted environment variables) and are never committed to source code.

On every uploaded document we run server-side magic-bytes verification to confirm the file type and store a SHA-256 content hash to support chain-of-custody integrity. All document downloads use time-limited signed URLs. Row-level security (RLS) policies are enforced at the database level so a user can only ever read or modify rows they own or have explicit access to.

No. Senly Rent does not make automated decisions about your tenancy, your application, or your eligibility for housing. We do not use AI models to score, rank, or evaluate tenants. Decisions remain with you, your property manager, and your landlord.

Under the Australian Privacy Principles you have the following rights:

• Access (APP 12). You can download a complete export of every piece of Personal Information we hold about you, at any time, from your account page.
• Correction (APP 13). You can update most of your information directly. For verification documents, contact your property manager.
• Right to erasure. You can request account deletion from your account page. We hold the request for a 30-day cooling-off period (in case you change your mind), then permanently remove your identifying information. Some records (lease history, security audit log) are retained for the period required by Australian residential tenancy and security-evidence law.
• Revoke agency access. When your tenancy with an agency ends, that agency's read access ends with it. You do not need to ask us to do this; the system handles it.
• Complaints. See clause 13.

We operate under the Notifiable Data Breaches scheme (Privacy Act 1988, Part IIIC). If we become aware of an eligible data breach involving your Personal Information, we will:

• contain and investigate the breach within 24 hours;
• assess whether the breach meets the “serious harm” threshold within 30 days;
• notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable after a notifiable assessment, and in any case within 30 days of becoming aware.

If you believe we have mishandled your Personal Information, please email privacy@senly.ai. We will respond and work with you to resolve the issue.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at oaic.gov.au or 1300 363 992.

We may update this policy from time to time. For any material change we will notify existing users by email before the change takes effect. The “last updated” date at the top of this page reflects the date of the most recent revision.

Privacy enquiries: privacy@senly.ai

General enquiries: hello@senly.ai

Operator: Uinspo Pty Ltd, ABN 47 664 833 872, trading as SenlyAI.