LeaseAudit

Privacy Policy

Last updated: May 2026

Who we are

LeaseAudit is operated by Vexanode Pty Ltd, an Australian company.

We are an independent consumer tool and are not affiliated with, endorsed by, or paid by any novated lease provider, financier, or dealership.

This Privacy Policy is governed by the Privacy Act 1988 (Cth) and aligns with the Australian Privacy Principles.

For privacy, data access, correction, or deletion requests, please email privacy@leaseaudit.au.

What information we collect

We collect only the minimum information needed to provide the service:

  • Quote data you enter manually or upload via PDF (vehicle details, pricing, fees, running costs, etc.) — saved to our database as part of your audit record
  • Email address (optional) — only if you choose to provide it when emailing yourself a report
  • Aggregate usage statistics — total number of audits and anonymised cost metrics (no personal identifiers)
  • Standard web server logs — IP address, browser type, and pages visited (for security and diagnostics only)

We do not use tracking cookies. We use Vercel Analytics for privacy-friendly, cookie-free aggregate traffic metrics — no personal data or cross-site tracking is involved. Browser storage (localStorage and sessionStorage) is used to maintain your session and remember your preferences.

How we use your information

  • When you run an audit, your anonymised quote data and audit result are saved to our secure database (Supabase) so your report can be accessed via a unique link. No name or contact details are attached unless you choose to email yourself the report.
  • Uploaded PDFs are sent directly to Google's Gemini API solely for text extraction. The file is not stored by LeaseAudit and is discarded after processing.
  • Email addresses are used only to deliver the audit report you requested (if you choose this option) and are stored against your report record.
  • We do not sell, rent, or share your personal information with third parties for marketing purposes.

Third-party services

We use the following services, each with their own privacy protections:

  • Google Gemini API — for PDF text extraction. Data sent to Gemini is subject to Google's Gemini API terms and privacy policy. Google temporarily processes the data but does not retain it for training purposes when used via this API.
  • Supabase — used for audit report storage (each completed audit is saved by default to generate your unique report link), anonymous usage counters, and email delivery. Supabase stores data with strong encryption and Row Level Security on servers in Australia or selected regions.
  • Resend — for delivering email reports (when requested).
  • Australian Business Register (ABR) — public ABN lookups only (no personal data is sent).
  • Vercel — hosting and standard server logs for security and diagnostics.
  • Vercel Analytics — privacy-friendly, cookie-free aggregate page view metrics. No personal data is collected, no cross-site tracking, and no fingerprinting. See Vercel Analytics privacy.

We do not use advertising or tracking tools (Google Analytics, Meta Pixel, etc.).

Data storage and retention

  • Each completed audit is saved to our secure Supabase database and accessible via a unique report link. The record contains your anonymised quote data and audit result. No personal identifiers are attached unless you request email delivery.
  • If you provide your email address to receive a report link, it is stored against your audit record and used solely for that delivery. We do not add it to any marketing list.
  • Audit records are retained for up to 24 months. After this period, detailed financial data (quote inputs and audit calculations) is removed while a minimal anonymised record may be kept for aggregate analytics. Your unique report link will no longer be accessible after 24 months. You can request earlier deletion at any time by emailing privacy@leaseaudit.au with your report URL.
  • Server logs are retained for a short period (typically 30–90 days) for security and troubleshooting only.

Your rights under the Australian Privacy Principles

Under the Australian Privacy Principles, you have the right to:

  • Access any personal information we hold about you
  • Correct or update that information
  • Request deletion of your information
  • Lodge a complaint if you believe we have mishandled your data

To exercise any of these rights, contact us at privacy@leaseaudit.au. We will respond within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC).

Security

We take reasonable steps to protect your information, including HTTPS encryption, client-side processing where possible, Supabase Row Level Security, and limited server-side data handling. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Changes to this policy

If we make material changes to this Privacy Policy, we will update the “Last updated” date at the top of this page and notify users via the website where appropriate.

Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@leaseaudit.au.