Privacy Policy
Last updated: 7 July 2026
1. Who we are
[ENTITY] (ABN [ABN]) (“Kaasa”, “we”, “us”, “our”) operates the Kaasa web application (the “Service”), a savings tracker that helps couples plan and track their progress toward a house deposit.
We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy explains what personal information we collect, how we collect and use it, who we share it with, and your rights in relation to it. By using the Service, you consent to the collection and use of your information as described in this policy.
2. What is “personal information”?
“Personal information” has the meaning given in the Privacy Act 1988 (Cth): information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether it is recorded in a material form or not.
3. What information do we collect?
We collect only the information needed to provide the Service:
Account information
- Email address
- Password (stored only as a cryptographic hash — we never see or store your plain-text password)
Savings and goal information you enter
- Your target property price, deposit percentage, and savings targets
- Your current total savings and baseline amounts
- Individual savings entries (amounts, dates, and any notes you add)
- Milestone progress and notes
- Notification preferences
Partner sharing information
- The email address of a partner you invite to share your tracker
Payment information (paid plan only)
If you purchase the paid plan, payment is processed by our payment provider, Stripe. We do not collect or store your card details — Stripe handles these directly. We receive confirmation of payment and your plan status.
Technical information
- Session cookies required to keep you signed in (see section 6)
- Standard server logs (IP address, browser type, pages requested) generated by our hosting providers for security and reliability purposes
We do not connect to your bank accounts, collect financial account credentials, or import transaction data. All savings information in the Service is entered manually by you.
4. How we collect your personal information
We collect personal information:
- Directly from you — when you create an account, complete onboarding, enter savings data, update settings, or contact us.
- From your partner — if your partner adds savings entries or updates shared tracker data on a tracker you share.
- Automatically — session cookies and server logs generated in the ordinary operation of the Service.
5. Why we collect your information (purposes)
We collect, hold, and use your personal information to:
- Create and administer your account and authenticate you
- Provide the core Service — calculating your deposit progress, gap to target, monthly targets, and milestone status
- Enable partner sharing where you choose to invite a partner
- Process your payment and manage your plan status (via Stripe)
- Send you service communications (e.g. password resets, invite links, important account or policy changes)
- Send you optional notifications in line with your notification preferences
- Maintain the security, integrity, and performance of the Service
- Comply with our legal obligations
We do not sell your personal information. We do not use your savings data for advertising.
6. Cookies
The Service uses only essential cookies — session cookies set by our authentication provider (Supabase) to keep you securely signed in. These are required for the Service to function. We do not currently use advertising or cross-site tracking cookies. If we introduce analytics cookies in the future, we will update this policy.
7. Security and data storage
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure:
- Authentication and database are provided by Supabase. Passwords are hashed using industry-standard algorithms and are never stored in plain text.
- Row-level security is enforced at the database layer, so your data can only be read or modified by you (and a partner you have expressly invited).
- Encryption — data is encrypted in transit (TLS) and at rest.
- Access controls — production data access is restricted; we do not use production data in development.
- Your data is hosted by Supabase in [REGION] and the application is served by [HOST].
No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately at the address in section 15.
8. Partner sharing
If you invite a partner:
- Your invite is sent to the email address you provide, and that address is stored with the invitation.
- Once accepted, your partner can view and contribute to your shared tracker data (savings entries, milestones, targets) as permitted by the Service.
- You remain the account owner. You can revoke your partner's access at any time in Settings, which takes effect immediately.
- Your partner's own account information remains their own; revoking access does not delete data they contributed to your tracker while sharing was active.
Before inviting a partner, make sure they are comfortable with their email address being provided to us and with sharing tracker data with you.
9. Disclosure to third parties and overseas recipients
We share personal information only with service providers necessary to run the Service:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Authentication, database hosting | [REGION] |
| Stripe | Payment processing (paid plan) | United States / global |
| [HOST] | Application hosting and delivery | [Region] |
Where a provider stores data outside Australia, that data will be subject to the laws of that jurisdiction. We take reasonable steps to ensure overseas recipients handle your personal information in a manner consistent with the APPs, but by using the Service you acknowledge that overseas recipients may not be bound by the APPs and we may not be able to enforce APP compliance against them.
We may also disclose personal information where required or authorised by law (for example, to law enforcement under a lawful request).
10. Access and correction
Under APP 12 and APP 13, you have the right to request access to the personal information we hold about you and to request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information.
Most of your information is directly visible and editable within the Service (Settings, Savings, Milestones). For anything else, contact us using the details in section 15. We will respond within a reasonable period. If we refuse a request, we will give you written reasons and information about how to complain.
11. Data retention and account deletion
- We retain your personal information for as long as your account is active.
- You may request deletion of your account and associated data at any time by contacting us at the address in section 15. Deleting your account also terminates any partner sharing immediately.
- After deletion, your data is removed from our production systems; residual copies in encrypted backups are purged in the ordinary backup rotation cycle (approximately 30–90 days).
- We may retain limited information where required by law (for example, payment records required for tax purposes) or where reasonably necessary in connection with legal proceedings.
12. Marketing communications
We may occasionally send you emails about new features or improvements to the Service. You can opt out at any time via the unsubscribe link in any such email or by adjusting your notification preferences in Settings. Service-critical emails (password resets, security notices, changes to these terms) are not marketing and cannot be opted out of while you hold an account.
13. Children
The Service is intended for adults saving for a home and is not directed at children. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will delete it.
14. Data breaches
We are subject to the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth). If a data breach occurs that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) as required by law.
15. How to contact us / complaints
For privacy questions, access or correction requests, deletion requests, or complaints:
Email: hello@getkaasa.com
If you make a complaint, we will acknowledge it promptly and aim to respond within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au · 1300 363 992
16. Users outside Australia
The Service is operated from Australia and is not specifically directed at residents of the European Union or other jurisdictions. If you access the Service from outside Australia, you do so on the understanding that your information will be handled in accordance with Australian privacy law as described in this policy.
17. Changes to this policy
We may update this policy from time to time. The current version will always be available on the Service, with the “Last updated” date shown at the top. Material changes will be notified by email or an in-app notice. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
See also our Terms of Use.
