Legal
Privacy Policy
SeriousTech Pty Ltd (ABN 00 000 000 000) is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Last updated: 17 May 2026
1. About us and this policy
SeriousTech Pty Ltd (ABN 00 000 000 000) ("we", "us", "our") operates ClearGain, an Australian property CGT intelligence platform. Our registered office is at Level 1, 123 Pitt Street, Sydney NSW 2000.
This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information. It also explains your rights under the Privacy Act 1988 (Cth) ("Privacy Act"), as amended by the Privacy and Other Legislation Amendment Act 2024, which received Royal Assent on 10 December 2024.
By using ClearGain, you consent to the collection and use of your personal information as described in this policy. If you do not agree, please do not use our services.
2. What personal information we collect
2.1 Information you provide directly
When you register for ClearGain or use our services, we may collect:
- Identity information: full name, email address, phone number
- Account information: password (stored as a cryptographic hash), state of residence, property count estimate
- Property information: property addresses, purchase prices, purchase dates, estimated values, cost base items
- Financial information: rental income, holding costs, expense records, marginal tax rate
- Document uploads: contracts of sale, stamp duty receipts, legal fee invoices, improvement invoices
- Adviser information (if you apply as an adviser): firm name, ABN, credential type, registration numbers, professional bio, fee structure
- Payment information: we do not store card numbers; payment processing is handled by Stripe, Inc. under their own privacy policy
2.2 Information collected automatically
When you use ClearGain, we automatically collect:
- Device and browser information: IP address, browser type and version, operating system, device identifiers
- Usage data: pages visited, features used, time spent, click patterns, error logs
- Authentication data: session tokens, login timestamps, authentication method (email or OAuth provider)
2.3 Information from third parties
We may receive personal information from:
- OAuth providers (Google): name, email address, and profile picture if you sign in with Google
- Stripe: subscription status, payment status, and Stripe customer ID
- ABS: we use publicly available ABS CPI data; this does not involve personal information
3. How we use your personal information
We use your personal information for the following purposes:
- Providing our services: calculating CGT exposure, generating scenario models, maintaining your cost base vault, and connecting you with advisers
- Account management: creating and managing your account, authenticating your identity, and processing subscription payments
- Communications: sending service notifications, CPI update alerts, booking confirmations, and (with your consent) marketing communications
- Platform improvement: analysing usage patterns to improve our features, fix bugs, and develop new functionality
- Legal compliance: complying with our legal obligations, including tax, corporate, and regulatory requirements
- Fraud prevention and security: detecting and preventing fraudulent activity, unauthorised access, and security incidents
- Adviser vetting: verifying the credentials of adviser applicants against public registers (TPB, ASIC)
We will not use your personal information for any purpose that is incompatible with the purpose for which it was collected without your consent, unless required by law.
4. Automated decision-making
ClearGain uses automated processes in the following ways:
4.1 CGT calculations
Our platform automatically calculates your estimated CGT liability based on the information you provide. These calculations use our proprietary CGT engine, which applies the rules set out in the Income Tax Assessment Act 1997 (Cth) and the 2026–27 Budget announcements. These calculations are estimates only and do not constitute tax advice. You should always verify calculations with a registered tax agent.
4.2 Grandfathering status detection
Our platform automatically determines whether your property is "grandfathered" (purchased before 7:30 PM AEST on 12 May 2026) based on the purchase date you provide. This determination affects which CGT rules are applied in our calculations. You can override this determination by contacting us if you believe it is incorrect.
4.3 Adviser vetting
Our admin team manually reviews all adviser applications. No automated decisions are made about adviser approval or rejection. All decisions are made by a human reviewer.
No automated decisions are made about your creditworthiness, eligibility for financial products, or any other matter that would have significant legal or financial consequences for you beyond the CGT estimates described above.
5. Disclosure of personal information
5.1 Service providers
We share personal information with third-party service providers who assist us in operating ClearGain, including:
- Supabase, Inc.: database and authentication services. Data is stored in Australian data centres (AWS ap-southeast-2, Sydney)
- Stripe, Inc.: payment processing. Stripe's privacy policy applies to payment data
- Amazon Web Services: cloud infrastructure and content delivery. Australian data centres
All service providers are required to handle personal information in accordance with the Australian Privacy Principles and are contractually bound to use personal information only for the purposes we specify.
5.2 Advisers (with your consent)
If you are an Elite plan subscriber and choose to share your portfolio summary with an adviser before a consultation, we will share the following information with the adviser you select: your first name, the properties in your portfolio (addresses, estimated values, cost bases, and CGT exposure), and your saved scenarios. This sharing is entirely voluntary and requires your explicit consent at the time of booking. You may withdraw consent at any time before the consultation.
5.3 Legal requirements
We may disclose personal information if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
5.4 Business transfers
If SeriousTech Pty Ltd is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify you by email and/or prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy.
5.5 No overseas disclosure
We do not routinely disclose personal information to overseas recipients. All data is stored and processed in Australia. Where a service provider is based overseas (e.g. Stripe, Inc. is a US company), we ensure that appropriate contractual protections are in place and that the recipient is bound to handle the information in a manner consistent with the Australian Privacy Principles.
6. Data storage and security
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:
- All data stored in Australian data centres (AWS ap-southeast-2, Sydney)
- Encryption at rest and in transit (TLS 1.3)
- Row-level security (RLS) policies ensuring users can only access their own data
- Multi-factor authentication available for all accounts
- Regular security assessments and penetration testing
- Access controls limiting staff access to personal information on a need-to-know basis
- Audit logging of all administrative actions
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
7. Data breach notification
In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act), we will:
- Assess the breach within 30 days of becoming aware of it
- Notify the Office of the Australian Information Commissioner (OAIC) if the breach is likely to result in serious harm to affected individuals
- Notify affected individuals as soon as practicable
- Take immediate steps to contain the breach and prevent further harm
If you suspect a data breach involving your personal information, please contact us immediately at [email protected].
8. Retention of personal information
We retain your personal information for as long as your account is active or as needed to provide our services. We may also retain information for longer periods where required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).
When you delete your account, we will delete or de-identify your personal information within 30 days, except where we are required by law to retain it (for example, financial records may be retained for 7 years as required by the Corporations Act 2001 (Cth)).
Anonymised, aggregated data that cannot be used to identify you may be retained indefinitely for analytical purposes.
9. Your rights
Under the Privacy Act 1988 (Cth) and the Privacy and Other Legislation Amendment Act 2024, you have the following rights:
9.1 Access
You have the right to request access to the personal information we hold about you. We will respond to access requests within 30 days. We may charge a reasonable fee for providing access where permitted by law.
9.2 Correction
You have the right to request that we correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. You can update most of your personal information directly through your account settings. For other corrections, please contact us.
9.3 Deletion
You may request deletion of your account and associated personal information at any time through Settings → Data & Privacy → Delete account. We will process deletion requests within 30 days, subject to any legal retention obligations.
9.4 Complaints
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
9.5 Statutory tort of serious invasion of privacy
The Privacy and Other Legislation Amendment Act 2024 introduced a new statutory tort of serious invasion of privacy. If you believe we have seriously invaded your privacy, you may have the right to bring a civil claim in addition to lodging a complaint with the OAIC. We encourage you to contact us first to resolve any concerns.
10. Children's privacy
ClearGain is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you are under 18, please do not use ClearGain or provide us with any personal information. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.
In accordance with the Online Safety (Social Media Minimum Age) Act 2024 and related privacy obligations, we take additional care to ensure our platform is not accessible to minors.
11. Cookies and tracking
ClearGain uses cookies and similar tracking technologies to operate and improve our services. We use:
- Essential cookies: required for authentication and session management. Cannot be disabled.
- Analytics cookies: used to understand how users interact with ClearGain. You may opt out through your browser settings.
- Preference cookies: used to remember your settings (e.g. theme preference). You may clear these through your browser.
We do not use advertising or tracking cookies. We do not share cookie data with third-party advertisers.
12. Marketing communications
With your consent, we may send you marketing communications about ClearGain features, updates, and related financial information. You may opt out of marketing communications at any time by:
- Clicking the "Unsubscribe" link in any marketing email
- Updating your notification preferences in Settings → Notifications
- Contacting us at [email protected]
Opting out of marketing communications will not affect service-related communications (such as booking confirmations, payment receipts, and security alerts).
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:
- Posting the updated policy on this page with a new "Last updated" date
- Sending an email notification to registered users
- Displaying a prominent notice on the ClearGain platform
Your continued use of ClearGain after the effective date of any changes constitutes your acceptance of the updated policy.
14. Contact us
For privacy-related enquiries, access or correction requests, or complaints, please contact our Privacy Officer:
Privacy Officer
SeriousTech Pty Ltd
ABN 00 000 000 000
Level 1, 123 Pitt Street, Sydney NSW 2000
Email: [email protected]
We will acknowledge your enquiry within 5 business days and provide a substantive response within 30 days.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001