Byrz Pty Ltd (ABN 82 691 684 778) (“Byrz”, “we”, “us”) operates this site at tax.byrz.com.au. This policy explains how we collect, store, use and protect personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. What we collect
We collect the minimum information required to deliver the Byrz tax-reform impact report:
- Email address - for magic-link authentication and to associate your purchased report credits with you. We do not require a password.
- Property inputs you enter into the wizard - address, purchase price, loan amount, rent, expenses, structure type and assumptions. Stored against your account in our database so you can return to your draft.
- Calculation results - the report generated against your inputs. Stored against your account.
- Payment metadata - transaction id, amount, status. We do not collect or store card numbers; payment is handled directly by Stripe.
- Server logs - IP address, browser user-agent, request paths, response codes, response times. Used for security and performance monitoring; retained for up to 90 days.
- Cookies - one essential session cookie (
byrz_session) to keep you signed in. No third-party analytics cookies are set by default.
2. What we do with it
- Run the calculation engine against your inputs.
- Generate, display and let you download the report.
- Authenticate you when you sign in via the magic-link email.
- Process payments via Stripe and reconcile credits.
- Send transactional emails (sign-in links, receipts, report-ready notifications).
- Diagnose errors and improve the product (aggregated and de-identified usage patterns only).
We do not sell your information. We do not share your property inputs with third parties for marketing.
3. Who else sees your data
We use the following third-party processors:
- AWS (ap-southeast-2 Sydney region) for hosting and storage. Data does not leave Australia for normal operation.
- Stripe for payment processing. Stripe is the data controller for your card information.
- Amazon SES for transactional email delivery.
4. How long we keep it
- Account email and report drafts: until you ask us to delete them, or 24 months of account inactivity.
- Generated reports: while your account is active so you can re-download. Deleted with the account.
- Payment records: 7 years for Australian tax compliance.
- Server logs: 90 days.
5. Your rights under the APPs
Under the Privacy Act 1988 you have the right to:
- Ask what personal information we hold about you.
- Ask us to correct inaccurate information.
- Ask us to delete your information (subject to legal retention obligations).
- Withdraw consent for marketing email (you can unsubscribe at any time).
- Make a privacy complaint - first to us, and if unresolved within 30 days, to the Office of the Australian Information Commissioner (OAIC).
For any of the above, email privacy@byrz.com.au. We aim to respond within 30 days.
6. Security
We use TLS in transit, AWS-managed encryption at rest, and role-based access control internally. We require multi-factor authentication on all administrative accounts. No system is perfectly secure; we will notify affected users within the 72-hour OAIC eligible-data-breach window if a breach occurs.
7. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email to active account holders. The “last updated” date at the top of this page reflects the current version.
8. Contact
Byrz Pty Ltd
ABN 82 691 684 778
Email: privacy@byrz.com.au