Vestly
Sign inGet started free

Privacy Policy

Last updated: 18 April 2026

This policy explains how Vestly handles your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). "Vestly", "we", "us", and "our" refer to the operators of vestly.au.

What we collect

  • Account information: your email address and (optional) full name.
  • Portfolio data: property addresses, purchase prices, loan details, rents, expenses and documents that you choose to enter.
  • Usage data: anonymised page views and feature usage via Vercel Analytics and Meta Pixel so we can improve the product.
  • Payment information: when paid plans launch, credit card details are handled by Stripe - we never see or store your card number.

How we use it

  • To provide the Vestly service (calculations, dashboards, reports).
  • To email you service updates and (only if you opt in) occasional product news.
  • To understand how the product is used and make it better.
  • To process payments (when paid plans launch) via Stripe.

We do not sell your personal information. We do not share it with advertisers or data brokers. We do not use your portfolio data to train AI models.

Where your data lives

Vestly is built on Supabase, hosted in AWS Sydney (ap-southeast-2). Every database table enforces row-level security so your records are isolated from every other user at the database level. Documents are stored in private Supabase Storage buckets behind short-lived signed URLs. The app is hosted on Vercel (Sydney region).

Security

  • All traffic is encrypted in transit (HTTPS / TLS 1.3).
  • Data is encrypted at rest by Supabase.
  • Passwords are hashed with industry-standard algorithms - we never see your password.
  • Two-factor authentication is available via your email provider (Google, Apple).

Your rights

Under the Australian Privacy Act you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of your account and all associated data.
  • Export your data in a portable format.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we've mishandled your data.

To exercise any of these rights, email vestlyaus@gmail.com. We will respond within 30 days.

Cookies and tracking

Vestly uses strictly-necessary cookies for authentication and session management. Anonymous analytics cookies are used to understand aggregate product usage. We use Meta Pixel on marketing pages for ad measurement; you can opt out via your browser settings.

Third parties

We rely on these sub-processors to deliver the service:

  • Supabase - database, auth, storage (AWS Sydney).
  • Vercel - hosting, edge functions (Sydney region).
  • Stripe - payment processing when paid plans launch.
  • Anthropic - AI Insights (your portfolio data is sent to Claude only when you ask it a question; no training on your data).
  • Meta - Pixel tracking on marketing pages only.

Children

Vestly is not intended for anyone under 18. If we learn that a minor has created an account, we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be emailed to registered users at least 14 days before they take effect.

Contact

Privacy-related questions or complaints: vestlyaus@gmail.com.

See also our terms of service.