Privacy Policy
Last updated: March 2026
1. Who We Are
DesignSure is operated by Deemed to Perform Consulting Pty Ltd (ABN 53 659 644 229), a Victorian building surveying consultancy. In this policy, “we,” “us,” and “our” refer to Deemed to Perform Consulting Pty Ltd.
Contact: hello@designsure.com.au
2. Information We Collect
We collect the following personal information:
- Account information: Email address, display name, role (designer, builder, etc.), and referral source
- Building plans: PDF, JPG, and PNG files you upload for compliance checking
- Supplementary form data: Project address, lot dimensions, setbacks, and other building details you enter
- Payment information: Processed securely by Stripe. We do not store your credit card details.
- Usage data: Page views and interactions (collected via Vercel Analytics — no cookies, GDPR-compliant)
3. How We Use Your Information
- To generate your compliance report
- To process payments and deliver transactional emails (report notifications, account management)
- To maintain an audit trail for professional indemnity and dispute resolution purposes
- To improve the accuracy and reliability of the service
4. AI Processing Disclosure
DesignSure uses Claude (by Anthropic) to extract dimensions from your uploaded building plans. When you upload plans:
- Your plans are sent to Anthropic's Claude API for processing
- Anthropic retains your uploaded data for 7 days for trust and safety monitoring, then permanently deletes it
- Anthropic does not use your data to train AI models — this is contractually guaranteed under their API terms
- Processing occurs on Anthropic's servers in the United States
You are asked to consent to this processing before your first upload. You will not be asked again unless our data handling terms change materially.
5. Data Storage & Retention
| Data | Storage | Retention |
|---|---|---|
| Uploaded plans | Supabase (Sydney, Australia) | 30 days, then permanently deleted |
| Generated reports | Supabase (Sydney, Australia) | 12 months, then permanently deleted |
| Audit trail | Supabase (Sydney, Australia) | 10 years (de-identified after 12 months) |
| Plans sent to Claude API | Anthropic (United States) | 7 days, then permanently deleted |
6. Data Security
We use industry-standard security measures including:
- AES-256 encryption at rest (via Supabase/AWS)
- TLS 1.2+ encryption in transit
- Row Level Security (RLS) on all database tables — you can only access your own data
- Security headers (HSTS, CSP, X-Content-Type-Options, X-Frame-Options)
- PII redaction in application logs (emails, names, auth tokens are never logged)
7. Your Rights
Under the Australian Privacy Act 1988, you have the right to:
- Access your personal data — export all your data from Account Settings
- Correct inaccurate data — contact us at hello@designsure.com.au
- Delete your account and data — use the “Delete Account” option in Account Settings (7-day cooling-off period)
- Complain — you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
8. Third-Party Services
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database, auth, file storage | Sydney, Australia |
| Anthropic (Claude API) | AI dimension extraction | United States |
| Stripe | Payment processing | Global (PCI-DSS compliant) |
| Vercel | Web hosting, analytics | Global CDN |
| Resend | Transactional email | United States |
9. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email. Continued use of the service after notification constitutes acceptance of the updated policy.
10. Contact Us
For privacy-related inquiries, contact us at hello@designsure.com.au.
Deemed to Perform Consulting Pty Ltd
ABN 53 659 644 229
Victoria, Australia