CarSage
List My Car

Privacy Policy

Last updated: 2026-04-28

Draft — pending legal review. This page is a placeholder. Final wording must be reviewed by a licensed Australian solicitor before it serves as binding terms. Questions: privacy@carsage.com.au.

1. About this policy

CarSage Pty Ltd ("CarSage", "we", "us") operates carsage.com.au, an AI-powered marketplace for used vehicles in Australia. This policy explains how we handle personal information under the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APP).

2. What we collect

  • Contact details: name (optional), mobile number, email address.
  • Eligibility data (optional): annual income range, visa type. Used solely to estimate loan eligibility.
  • Conversation data: the messages you send to our AI advisor, used to improve recommendations.
  • Technical data: hashed IP, user-agent, session cookie (carsage_lang for language preference).

3. How we use it

We use your information to (a) match you with vehicles in our inventory, (b) forward your enquiry to the relevant licensed dealer, (c) estimate indicative monthly repayments and forward eligibility to our partner credit broker if you request it, and (d) comply with legal and audit obligations.

We do not sell your personal information. We do not perform automated decision-making with legal effect — every loan application is reviewed by a human credit broker and a credit provider.

4. Encryption and storage

All personal information that identifies you (phone, email, income, visa) is encrypted at rest using AWS KMS envelope encryption. Plaintext is never written to disk. Data is stored in the AWS ap-southeast-2 (Sydney) region. Each decryption is recorded in an immutable audit log.

5. Retention

  • Lead data: retained 24 months from collection, then PII fields are nulled.
  • Conversation messages: anonymised after 90 days.
  • Soft-deleted records: physically purged 12 months after deletion.
  • Audit logs: retained 7 years (financial services obligation).

6. Disclosure to third parties

We share your information only with:

  • The dealer you specifically enquired about (name, phone, email, the vehicle ID).
  • Our partner credit broker (only if you opt in to a loan enquiry).
  • AWS SNS (SMS delivery) and AWS SES (email delivery) — strictly as data processors, hosted in ap-southeast-2 (Sydney).

7. Your rights (APP 12 & 13)

You may at any time:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request erasure (subject to record-keeping obligations under the NCCP Act).
  • Withdraw consent for marketing or dealer contact.

Email privacy@carsage.com.au. We respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8. Cookies

We use a single functional cookie, carsage_lang, to remember your language preference. It expires in 12 months. We do not use third-party advertising cookies. Details: /cookies.

9. Children

CarSage is intended for users 18 years and older (vehicle finance is restricted to adults). We do not knowingly collect data from minors.

10. Changes

We will update this policy as our services evolve. Material changes will be flagged on the homepage for at least 30 days. The current version is dated at the top.

11. Contact

CarSage Pty Ltd
Privacy Officer: privacy@carsage.com.au
ABN: 12 345 678 901 (placeholder, pending registration)