Privacy Policy

Last updated: April 2026

1. Introduction and Scope

This Privacy Policy describes how Cloudridge Technologies Pty Ltd (ACN 696 705 478), trading as Classifindr ("we", "us", "our"), collects, uses, and protects your personal information when you use our classified listing alert service ("Service"), including our website and all related applications.

This policy is written to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the European Union General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). Where any provision of this policy conflicts with mandatory privacy legislation in your jurisdiction, the mandatory legislation prevails.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please do not use the Service.

2. Information We Collect

We only collect information that is reasonably necessary to provide the Service. The categories of information we collect include:

Account Information

Your email address, optional display name, and the authentication factors you choose to register (such as a passkey credential or a linked third-party identity). If you choose to sign in via a third-party provider (such as Google or Apple), we receive basic profile information from that provider. Classifindr accounts are passwordless, so no passwords are collected or stored.

Billing Information

Subscription status, billing period, and purchase records. All payment card details are held and processed exclusively by our third-party payment processor. We do not store full payment card numbers or banking details on our servers.

Search and Alert Configuration

The search criteria, filters, rules, and notification channel settings you create within the Service. This includes any location information you provide for your searches.

Listing Data

Information about classified listings relevant to your searches, such as titles, descriptions, prices, and images.

Notification and Delivery Data

Records of which alerts were sent, their delivery status, and the notification channel configurations you have set up. Channel configurations are encrypted at rest.

Security and Audit Data

For security purposes, we log certain actions on your account (such as sign-ins and security setting changes) along with basic request information like your IP address and browser type. This data helps us detect unauthorised access and investigate incidents.

Fraud Prevention Data

We generate an irreversible, one-way hash of your email address to detect and prevent abuse. This hash cannot be used to recover your email address and persists after account deletion (see Section 9).

Support Data

If you contact support, we collect the information you provide in your request.

3. Information We Do NOT Collect

  • Third-party account credentials: we never ask for or store your login passwords for any external service.
  • Private messages or conversations from any external platform.
  • Your purchase or transaction history from external platforms.
  • Full payment card numbers or banking details.
  • Device sensor data, contacts, or mobile device identifiers.

4. How We Use Your Information

We use the information we collect for the following purposes. For users in the European Economic Area (EEA) and United Kingdom, the applicable GDPR legal basis is noted.

  • Providing the Service: operating your searches, identifying relevant results, and delivering notifications to your configured channels. (Legal basis: performance of contract.)
  • Account and subscription management: authenticating your identity, managing your account, and processing payments through our payment processor. (Legal basis: performance of contract.)
  • AI-powered filtering: search result content (not your personal information) is sent to third-party AI providers for automated matching against your filter criteria. See Section 5 for details. (Legal basis: performance of contract.)
  • Security and fraud prevention: detecting unauthorised access, preventing abuse, and maintaining audit logs. (Legal basis: legitimate interests.)
  • Service improvement: analysing aggregated usage patterns and troubleshooting errors to improve reliability. (Legal basis: legitimate interests.)
  • Communications: sending essential transactional emails such as account verification, sign-in magic links and one-time codes, and security alerts. We do not send marketing emails unless you opt in. (Legal basis: performance of contract / legitimate interests.)
  • Legal compliance: responding to lawful requests and enforcing our Terms of Service. (Legal basis: legal obligation.)

5. AI Processing

As part of AI-powered filtering, result content (such as titles, descriptions, and images) is sent to third-party AI providers for automated analysis against your filter criteria. No personal information or account data is included in these requests.

Under their current API terms, data submitted to these providers is not used to train their general-purpose models. AI filtering is part of the search matching workflow and is used to evaluate result relevance.

6. Notification Channels

When you configure a notification channel, you instruct Classifindr to deliver relevant results to a destination you specify. The data transmitted includes details such as title, price, location, and the reason the result matched your search.

You control where this data is sent. Your channel configurations are encrypted at rest. We are not responsible for how third-party services handle data after delivery to destinations you have configured.

7. Third-Party Service Providers

We do not sell your personal information. We share information with third parties only as needed to operate the Service:

  • Payment processor: receives your email, name, and subscription details to process payments. All payment card data is handled directly by our payment processor under their own privacy policy.
  • Authentication providers: if you use third-party sign-in (such as Google), the provider receives standard authentication flow data.
  • AI providers: receive search result content only (no personal information) as part of AI filtering.
  • Infrastructure and hosting providers: host our servers and data storage under data processing agreements.
  • Email delivery provider: receives your email address and message content for transactional emails.
  • Analytics provider (Google): receives anonymous product-interaction events (such as page views, screen views, and feature usage) from our website and our Android and iOS mobile applications, with personalised advertising features disabled and no advertising identifiers collected. See section 8 for details and opt-out instructions.

8. Cookies and Local Storage

We use essential cookies and browser storage for authentication and session management. We do not use third-party advertising cookies or tracking pixels.

We use Google Analytics 4, a web analytics service provided by Google LLC, to help us understand how visitors use our website and application. Google Analytics uses cookies to collect anonymous, aggregated usage data such as pages visited, session duration, and general geographic region. IP addresses are anonymized before processing. We do not enable advertising features, cross-site tracking, or user-level profiling. Website and portal users in the EEA, United Kingdom, and Switzerland are asked before optional analytics cookies are used. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We also store limited first-party campaign attribution when someone creates an account, completes onboarding, starts checkout, begins a trial, becomes a paid subscriber, or cancels. This helps us understand which aggregate sources, campaigns, and landing pages are useful for business reporting. We store source, medium, campaign labels, referrer host, landing path, and booleans indicating whether a paid click identifier was present. We do not store raw click identifiers, full URLs, query strings, IP addresses, user agents, email addresses, tokens, credentials, or session identifiers in attribution fields.

Our Android and iOS mobile applications use Firebase Analytics, which forwards aggregated product-usage events (such as screen views and feature interactions) to the same Google Analytics 4 property described above. The mobile applications are configured to not collect advertising identifiers: on Android, AAID and SSAID collection is explicitly disabled; on iOS, the IDFA is not linked into the binary, IDFV collection is disabled, SKAdNetwork registration is disabled, and the default consent posture denies all advertising-related signals (ad_storage, ad_user_data, ad_personalization). Events are attributed only to a per-install random identifier with no cross-app linkability. Google Signals (cross-property advertising features) is also disabled at the property level. In the mobile applications, users in the EEA, United Kingdom, and Switzerland are asked before optional analytics starts. You can manage mobile analytics at any time in the app under More > Privacy. For both platforms, requesting account deletion at classifindr.com/account/delete detaches future events from your account. The Google Analytics Opt-out Browser Add-on does not apply to mobile applications.

You can manage cookies through your browser settings, but disabling essential cookies will prevent you from using the authenticated portions of the Service.

9. Data Retention

We retain your personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected:

  • Account data is retained for as long as your account is active, and deleted when you request account deletion or after an extended period of inactivity.
  • Search result data is retained for a limited period and then automatically purged.
  • Security and diagnostic logs are retained for a limited period necessary for security monitoring and incident investigation, then automatically purged.

What Happens When Your Account Is Deleted

When your account is deleted (whether by your request or due to inactivity), your personal data is permanently deleted. Security logs are anonymised so they can no longer be linked to you.

10. Data Security

We implement industry-standard technical and organisational measures to protect your personal information, including encryption of data in transit and at rest, strict access controls, passwordless and passkey authentication, and regular security monitoring. Sensitive data such as notification channel configurations is encrypted at rest.

No method of electronic storage or transmission is completely secure. In the event of a data breach, we will promptly notify affected individuals and relevant authorities in accordance with applicable law (see Section 14).

11. Cross-Border Data Transfers

Classifindr is operated from Australia. Your personal information may be processed in Australia and in other countries where our service providers operate.

  • For transfers outside Australia, we take reasonable steps to ensure overseas recipients handle your personal information consistently with the Australian Privacy Principles, as required by APP 8.
  • For transfers from the EEA/UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) or adequacy decisions to ensure an adequate level of protection.

12. Your Rights Under Australian Privacy Law

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

  • Access (APP 12): request a copy of the personal information we hold about you.
  • Correction (APP 13): request correction of inaccurate, out-of-date, or incomplete information.
  • Complaint: lodge a complaint about a breach of the Australian Privacy Principles.

To exercise any of these rights, please contact us. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

13. Your Rights Under the GDPR (EEA and UK Users)

If you are located in the European Economic Area or the United Kingdom, you have additional rights under the GDPR, including:

  • Right of access, rectification, and erasure.
  • Right to restrict or object to processing based on legitimate interests.
  • Right to data portability (receive your data in a structured, machine-readable format).
  • Right to withdraw consent at any time, where processing is based on consent.

Our AI-powered filters assist in matching results to your search criteria but do not produce legal effects or similarly significant effects on you. You retain full control over enabling and disabling these filters.

The data controller is Cloudridge Technologies Pty Ltd, contactable via our contact page. We will respond to GDPR requests within one month, extendable by two further months for complex requests. You also have the right to lodge a complaint with your local data protection supervisory authority.

14. Your Rights Under the CCPA (California Residents)

If you are a California resident, the CCPA provides you with the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information.

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, please contact us. We will verify your identity before processing your request.

15. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us.

16. Data Breach Notification

In the event of a data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme. For EEA/UK users, we will notify the relevant supervisory authority within 72 hours and affected individuals where required under GDPR Articles 33 and 34.

17. Do Not Track

Our Service does not respond to "Do Not Track" browser signals, as there is no universally accepted standard for compliance. However, we do not engage in cross-site tracking or behavioural advertising.

18. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you at least 30 days in advance via the email address associated with your account. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

19. How to Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your privacy rights, or have a complaint, please reach out via our contact page.

Legal entity: Cloudridge Technologies Pty Ltd, ACN 696 705 478, trading as Classifindr.

For privacy complaints that we cannot resolve to your satisfaction:

  • Australia: Office of the Australian Information Commissioner (OAIC), www.oaic.gov.au, phone 1300 363 992.
  • EEA/UK: your local data protection supervisory authority.
  • India: under the Digital Personal Data Protection Act 2023, you may contact our Grievance Officer via our contact page. We aim to respond within 30 days.