Australian Privacy Principles
Privacy Policy &
Data Stewardship.
This policy is structured in accordance with the Australian Privacy Principles (APPs 1–13) under the Privacy Act 1988 (Cth). StrataOwn is designed to support transparent strata operations while keeping account, building, and activity data secure.
APP 1
Open and transparent management
StrataOwn maintains this publicly accessible Privacy Policy explaining what personal information is collected, how it is used, and the rights available to individuals. We review and update this policy when our practices change. Contact us at privacy@stratabuddy.com.au with any privacy enquiry.
APP 5
Notification of collection
At the point of account creation, users are notified of the types of personal information StrataOwn collects, the purposes for which it is collected, and whether it will be disclosed to third parties. This notification is provided at registration via our Terms of Service.
Identity
Display name, email address, phone number
Building records
Lot information, role assignments, meeting attendance
Activity
Levy records, maintenance requests, communications
APP 6
Use or disclosure of personal information
Personal information is used only for the primary purpose for which it was collected — operating the strata management platform. It is not disclosed to unrelated third parties or used for direct marketing without consent.
- Authenticate users and protect building workspace access
- Deliver notices, levy demands, and operational communications
- Maintain audit trails for meetings, maintenance, and finance workflows
- Support compliance with strata legislation obligations
We do not sell personal information to advertising or marketing networks.
APP 11
Security of personal information
StrataOwn uses authenticated access, role-based permissions, and application-level security controls to reduce the risk of unauthorised access to building data. Records are retained for a minimum of seven (7) years in accordance with NSW SSMA 2015 s180, QLD BCCM Act 1997 s204, and VIC OCA 2006 s146.
- Granular role-based permissions for owners, committee, and admins
- Authenticated sessions protected by HTTP-only access cookies
- Audit history for all key operational actions
- 7-year records-retention floor — records cannot be purged before the statutory period expires
APP 12
Access to personal information
You have the right to request access to your personal information held by StrataBuddy.
You can export a full JSON record of your PII at any time via the API endpoint
GET /me/personal-data.
This export includes your profile, building memberships, and role information.
To request a full data export, visit your Account Profile page or contact privacy@stratabuddy.com.au.
APP 13
Correction of personal information
You may request a correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading
personal information. Self-correctable profile fields are updated immediately. All other
corrections are queued for Admin review via
POST /me/correction-requests.
Auto-applied immediately
- Display name
- Phone number
- Emergency contact details
Admin review required
- Lot ownership records
- Financial history
- Other building-scoped records
Records Retention
7-year retention floor
StrataOwn retains strata records for a minimum of seven (7) years in accordance with NSW SSMA 2015 s180, QLD BCCM Act 1997 s204, VIC OCA 2006 s146, and Privacy Act 1988 (Cth) APP 11. This floor applies to audit logs, meeting minutes, financial accounts (levy records, budgets, expenses), and owner/lot records.
Records within the 7-year window cannot be permanently deleted. After the statutory period expires, soft-deleted records become eligible for physical removal.
We do not sell personal information to advertising or marketing networks.
Third Parties
Sharing limited to service delivery
Information may be accessible to authorised building members, committee representatives, administrators, and technical providers who help deliver the platform. We do not publish or commercialise personal data beyond what is necessary to operate the service.
- Access is role-based and scoped to building participation.
- Providers only receive the minimum information needed for service operation.
- Data is not sold to unrelated third-party marketers.
Your Rights
You can request access, correction, or removal.
Under APP 12 you may request access to your data, and under APP 13 you may request corrections. In some cases, records must be retained for the 7-year statutory period to protect the integrity of the building's official history. Contact privacy@stratabuddy.com.au with any privacy enquiry.