Privacy Policy

1. Introduction

This Privacy Policy explains how HTAG ANALYTICS PTY LTD (ACN 622 716 492), trading as HtAG Analytics (“HtAG”, “we”, “us”, “our”), collects, holds, uses and discloses your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).

We are committed to protecting your privacy and ensuring the security of your personal information. If you have questions about this Policy or our data-handling practices, please contact us using the details in Section 17 below.

By accessing or using our Websites and Services (including https://www.htag.com.au, https://mastermind.htag.com.au, https://developer.htagai.com, and associated services, applications, APIs, and integrations), you acknowledge and consent to the practices described in this Policy. You can review our Terms and Conditions at https://www.htag.com.au/terms-and-conditions/.

This Policy also applies when our services are accessed through third-party platforms and integrations, including AI assistant platforms such as Anthropic’s Claude (see Section 9).

2. What Personal Information We Collect and Why

We only ask for personal information when we truly need it to provide a service to you, comply with law, secure our services, or improve our offerings. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.

Personal Information: may include your name, address, email address, mobile phone number, business contact details, user identification details and other information reasonably necessary for our functions or activities.

Account Information: If you register for our site or purchase products/services, we collect the information needed to create and operate your account, such as your name, email, username, billing address, payment information and login credentials.

Payment Information: For purchases of downloadable products or subscriptions, we collect necessary payment information (such as credit card details, billing address).

Comments and Community Contributions: If you leave comments or participate in the mastermind community, the data shown in the comment form as well as the visitor’s IP address and browser user agent string may be collected to assist with spam detection and moderation.

Technical and Usage Data: We collect data on how you use our websites and services, including your IP address, browser type, device type, access times, referring website addresses, and your activity across the site (see Cookies and Analytics below).

Marketing and Communication Preferences: If you subscribe to receive email or SMS marketing from us (see Direct Marketing section), we collect and maintain records of your communication preferences.

Developer Portal and API Data: If you register for the HtAG Developer Portal or use our API services, we collect additional information as described in Section 8.

Why we collect your information:

  • To provide, maintain and improve our products and services
  • To complete transactions and verify your identity (for your security and ours)
  • To communicate with you, including support enquiries and direct marketing (where you have given consent)
  • To manage your account and preferences
  • To provide and manage API access, enforce usage limits, and prevent abuse
  • To comply with legal obligations

You are free to refuse our request for personal information, with the understanding that we may be unable to provide you with some services or functionalities as a result.

3. Data Minimisation

We are committed to collecting only the minimum personal information necessary to perform the service or function you have requested. We do not collect extraneous data beyond what is required for the specific purpose for which it is collected.

When our services are accessed through third-party platform integrations (such as AI assistant connectors or API calls), we only collect the data elements explicitly submitted to our endpoints (such as location identifiers or search queries) and do not access, collect, or store any surrounding conversation data, chat history, user-uploaded files, or other context from the third-party platform.

4. How We Collect Your Information

We may collect information in various ways, including:

  • Directly from you when you register, purchase, subscribe, fill forms, comment, or communicate with us (including via email, phone, web chat or social media).
  • Automatically via cookies and tracking technologies as you use our website (see Cookies and Analytics).
  • Through API requests you submit to our Developer Portal endpoints.
  • Through third-party platform integrations when you interact with our services via connectors or tools on platforms such as Anthropic’s Claude (limited to the query data submitted to our API).
  • From third-party service providers (e.g. payment processors, anti-spam services) as necessary to operate the service.
  • From publicly available sources, where relevant and lawful.

5. How We Use and Disclose Your Information

We use your information for the purposes described in this Policy or that we otherwise explain to you at the point of collection.

Service Provision: To enable you to access and use our products, downloadable digital content, API services, and platform integrations.

Account Administration: To create, maintain, administer and secure your account, and to communicate with you about your account.

Support: To provide customer service (e.g. respond to your inquiries, process your requests, verify your identity).

API Service Management: To authenticate API requests, enforce rate limits, monitor usage patterns for abuse prevention, generate usage reports for billing, and improve the API service.

Marketing: To provide email and SMS updates, newsletters, and special offers (see Direct Marketing).

Legal Obligations: To comply with applicable laws, enforce our agreements, and prevent potentially prohibited, fraudulent, or illegal activities.

Improvement/Analytics: To improve our website, products, API services and user experience (using aggregated/de-identified data where practicable).

Third Parties: We may disclose your personal information to trusted service providers who assist us in providing our services (e.g. hosting providers, payment processors, IT support, anti-spam solutions, third-party AI platforms through which our services may be accessed). Service providers may only use your information to perform tasks on our behalf, in line with this Policy.

We will not sell or rent your personal data to third parties for their marketing purposes without your explicit consent. We may combine your information with information we collect from other companies and use it to improve and personalize our services and functionalities.

6. Cookies and Analytics

Cookies: If you have an account and log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login persists for two weeks. If you log out, login cookies are removed.

If you comment, you may opt-in to saving your name, email address, and website in cookies (for convenience for one year).

Analytical Tools:

Google Analytics: Our website uses Google Analytics to help us understand website traffic and usage. Google may collect and process your data in the United States. Google Analytics does not identify individual users or associate your IP with other Google data. Google’s privacy policy: www.google.com/policies/privacy/partners.

Microsoft Clarity: We use Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website for site optimization and marketing. This may include behavioral metrics, heatmaps, and session replay. Microsoft may process your data outside Australia, including the USA and other countries. See the Microsoft Privacy Statement for more details.

Akismet Anti-Spam Service: Information submitted via comments (such as your IP address, user agent, referrer, site URL, and comment details) may be used for spam protection, per the Akismet and Automattic privacy policies.

Third-party Advertising: Some third-party advertisers (e.g., Google AdSense) may also use cookies and web beacons when they advertise on our site; this can transmit information including your IP address, ISP, and browser. We do not control these cookies; please refer directly to third-party privacy policies.

You may disable cookies in your browser, but the site’s functionality may be affected.

7. Data Storage, Security and Retention

We only retain collected information for as long as necessary to provide you with your requested service, or as required by law. Specific retention periods are as follows:

  • Account information: Retained for the duration of your account and for a reasonable period thereafter as required for legal and administrative purposes.
  • API request logs (Developer Portal): Retained for up to 90 days for operational monitoring, abuse prevention, and debugging, then deleted or aggregated.
  • API authentication credentials: Retained for the duration of your developer account.
  • Third-party platform integration data (MCP connectors): Query data is processed in real time and not retained beyond the duration of the request, except in aggregated, de-identified form for service improvement.
  • Payment records: Retained as required by Australian tax and financial regulations.
  • Comments and community contributions: Retained indefinitely to support ongoing moderation of follow-up comments.
  • Marketing preferences: Retained until you withdraw consent or request deletion.

What data we store, we protect within commercially acceptable standards, including:

  • Secure transmission (TLS/SSL) of sensitive data
  • Encryption of stored passwords and payment details by our payment processors
  • User access controls and authentication for site administrators
  • API key hashing and secure token storage
  • Regular technical and procedural reviews to enhance security

We take reasonable steps to protect your information from unauthorised access, misuse, alteration, or loss. However, no service can guarantee absolute security.

If a data breach likely to result in serious harm occurs, we will notify you in accordance with our obligations under Australian law.

8. Developer Portal and API Services

When you register for the HtAG Developer Portal (https://developer.htagai.com) or use our API services, we collect and process the following additional information:

Developer Account Information: Your name, email address, organisation name, and billing details required to create and manage your developer account and API access.

API Credentials: API keys and authentication tokens issued to you for accessing our API endpoints. API keys are stored using industry-standard hashing and security practices.

API Usage Data: We log API requests for the purposes of rate limiting, abuse prevention, billing, and service improvement. Logged data includes the endpoint called, request timestamp, response status, IP address, and query parameters (such as location identifiers like loc_pid and lga_pid). API request logs are retained for up to 90 days, after which they are deleted or aggregated into de-identified usage statistics.

Nature of API Data Returned: The property and market data returned by our API consists of aggregated statistical and analytical information (such as market scores, growth rates, supply/demand metrics, and risk indices). This data does not contain personal information about individual property owners, residents, or tenants.

Acceptable Use: Developer accounts and API keys are for the registered developer’s use in accordance with our API Terms of Use. Sharing, redistribution, or resale of API access or data is subject to our licensing terms.

9. Third-Party Platform Integrations and MCP Connectors

Our services may be accessed through third-party platforms, including AI assistant platforms such as Anthropic’s Claude, via integrations such as Model Context Protocol (MCP) connectors or similar tools.

What data we receive: When you interact with HtAG services through a third-party platform connector, we receive only the specific query data submitted to our API endpoints (for example, suburb names, location identifiers, or property search parameters). We do not receive, access, collect, or store any surrounding conversation content, chat history, memory data, user-uploaded files, or other contextual information from the third-party platform.

Data minimisation: Our connectors and integrations are designed to collect only the data strictly necessary to perform the requested function. We do not collect extraneous data from the user’s context, including for logging purposes.

Authentication: Where authentication is required for third-party platform integrations, we use industry-standard OAuth 2.0 protocols with certificates from recognised authorities. Authentication tokens are stored securely and are revocable by the user at any time.

Processing and retention: Query data received through third-party platform integrations is processed in real time to return the requested information. We do not retain individual query data from third-party platform interactions beyond the duration of the request, except in aggregated, de-identified form for service improvement and usage analytics.

Responsibility boundaries: When you access HtAG services through a third-party platform, both this Privacy Policy and the third-party platform’s own privacy policy apply to your interaction. HtAG is responsible for the data we receive and process through our API endpoints. The third-party platform operator is responsible for data within its own environment, including your conversation history, account information, and any data that is not transmitted to our services.

No advertising or promotional use: Our third-party platform integrations do not serve advertisements, sponsored content, or paid product placements.

10. Downloadable Digital Products

When you purchase a downloadable digital product (such as Excel, CSV or PDF files), we collect the necessary personal and payment information to complete your transaction and provide access to your purchase.

11. Your Rights Over Your Data

We are committed to ensuring you have full control over your personal information.

You have the right to request access to, correction of, or deletion of your personal information. To protect your privacy, we will verify your identity before responding to these requests.

If you request deletion of personal data, this may result in the termination of services that require your personal information, including developer accounts and API access.

To make a request:

Contact us at the details provided in Section 17 with the subject “Request for Data Access/Correction/Deletion” and provide sufficient identification details.

We will take prompt steps to respond and confirm the completion of your request.

Please note: We may retain some information as required by law, for administrative, legal, or security purposes, or as necessary for legitimate business purposes.

MCP connector and third-party platform users: If you access our services through a third-party platform integration and wish to exercise your data rights, you may contact us directly. For data held by the third-party platform itself (such as your conversation history or platform account), you should contact the platform operator directly.

12. SMS and Email Direct Marketing

Email: By providing your contact details, you may receive updates on services, special offers, and market insights from us. Every marketing email includes an “unsubscribe” link, allowing you to opt out at any time.

SMS Marketing: If you provide your mobile number and expressly consent, we may send you SMS marketing messages (including updates and offers). You can opt out at any time by following unsubscribe instructions in the SMS or contacting us directly to update preferences.

Third-Party Providers: We use reputable third-party providers (such as Mailchimp) for email and SMS campaigns. These providers maintain high security and privacy standards.

We will not share your email address or mobile number with unrelated third parties for their own marketing.

13. Accessing, Correcting, or Deleting Information

You may log in to your account at any time to see, update, or delete information in your profile, except your username and email (which may have administrative controls). Website administrators may also access and edit your information.

If you leave comments, the comment and its metadata are retained indefinitely to better moderate follow-up comments.

Developer Portal users may manage their account information and API keys through the Developer Portal dashboard. Deletion of a developer account will revoke all associated API keys and access.

14. International Disclosure

Some of your personal information may be disclosed, processed, or stored by our service providers (for example, Google, Microsoft, Mailchimp) in countries outside Australia, including but not limited to the United States and countries in the European Union. By using our service, you consent to such international transfers. We ensure that such service providers are required to comply with standards at least equivalent to those set out in the APPs.

When our services are accessed through third-party platform integrations (such as MCP connectors on AI platforms), the third-party platform’s own data processing may occur in jurisdictions outside Australia. Please refer to the relevant platform’s privacy policy for details of their international data handling.

15. Third-Party Websites

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the privacy practices or content of these websites, and cannot accept responsibility for them. Please review the privacy policies of those external sites.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are significant, we will notify you on our website or by direct communication (email/SMS). By continuing to use our services after notice, you accept the revised policy. We encourage you to review this Policy regularly.

17. Contact Us

If you have any questions about this Privacy Policy, wish to make a data access, correction, or deletion request, or have a privacy concern, please contact us:

General Support: [email protected]

Postal Address: HTAG ANALYTICS PTY LTD ACN 622 716 492 Australia

Developer Portal Support: For technical queries related to the Developer Portal or API services, please contact [email protected]

We aim to respond to all privacy-related enquiries within 30 days.

18. Data Processing for API and Integration Partners

Where HtAG processes personal data on behalf of API consumers or integration partners (for example, when a third-party application submits end-user queries to our API), we act as a data processor for the limited purpose of returning the requested analytical data.

In such cases:

  • We process data only in accordance with the instructions inherent in the API request.
  • We do not use data received from API consumers for our own independent purposes beyond providing the requested service and maintaining service security.
  • We do not retain personally identifiable query data beyond the duration of the request, except in aggregated, de-identified form.
  • API consumers and integration partners are responsible for ensuring they have the appropriate legal basis and user consent to submit data to our API.

For partners requiring a formal Data Processing Agreement (DPA), please contact us at [email protected] to request our standard DPA.


This Privacy Policy is effective as of the date stated above and applies to all HtAG Analytics services, including the main website, mastermind community, developer portal, API services, and third-party platform integrations.