Privacy Policy
Last updated: 16 March 2026 · Version 1.0
1. About this policy
This Privacy Policy explains how Internest (ABN: 36 637 557 067), operated as a sole-founder technology business (“Internest,” “we,” “us,” “our”), collects, holds, uses, and discloses your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Internest operates internest.com.au, an AI-powered recurring spend optimisation platform providing comparison tools and calculators across energy, insurance, banking, medicine, superannuation, telecommunications, and subscriptions (“the Service”).
By using our Service, you acknowledge that you have read and understood this Privacy Policy. We may update this policy from time to time and will post the updated version on our website with a revised date.
Contact our Privacy Officer at: info@internest.com.au
2. Information we collect
Account & contact information
Email address (for account creation and notifications) and Telegram user ID (for notification delivery, if you opt in).
Household information
Postcode, state/territory, household size, property type. This information is not personally identifying on its own but may become identifying in combination with other data.
Financial information
Income range or estimated taxable income (for Medicare Levy Surcharge and insurance calculations), current bill amounts and plan details (extracted from uploaded bills). Income information is personal information under the Privacy Act but is not classified as “sensitive information.”
Health information (sensitive information)
Prescription medication lists (for medicine·saver) and health insurance coverage preferences. This constitutes “health information” under s 6FA of the Privacy Act and is classified as “sensitive information” requiring your express consent before collection (APP 3.3).
Bill & document data
You may upload PDF or image files of household bills for AI-assisted data extraction. Original uploaded files are not permanently retained — they are processed in real time and deleted after extraction. Only extracted structured data is stored.
Technical & usage data
IP address, browser type, device information, pages visited, features used, timestamps, cookie identifiers, and analytics data.
3. Per-vertical data handling
Each vertical collects only the minimum data necessary. Here is what each vertical processes and how it is stored:
| Vertical | Data collected | Storage |
|---|---|---|
| Energy / Gas | Postcode, estimated usage (kWh/MJ) | Not stored — used for real-time comparison only |
| Insurance | Age, state, family size, coverage preferences | Session only — cleared when you leave |
| Banking | Account balance, behavioural conditions | Session only — cleared when you leave |
| Medicine | PBS code or medicine name queries | Not stored — used for real-time lookup only |
| Super | Age, salary, super balance | Session only — projections not stored |
| Telecom | Usage requirements (data, speed) | Session only — cleared when you leave |
| Subscription | Subscription list, spending | Session only — will change with CDR Phase C |
4. How we collect information
Directly from you when you create an account, upload bills, enter comparison parameters, subscribe to notifications, or contact us.
From third parties: energy plan data from the Australian Energy Regulator CDR APIs; banking product data from publicly available sources; health insurance data from privatehealth.gov.au; PBS schedule data from the Australian Government.
Automatically through Google Analytics 4 cookies and server logs.
5. Why we collect information
We use your information to provide comparison tools and calculators, process uploaded bills, generate savings estimates, send notifications you have subscribed to, improve our Service, and comply with legal obligations.
We do not sell your personal information to third parties.
6. Sensitive information: health data & consent
Our medicine·saver tool collects health information (prescription medication lists) classified as “sensitive information” under the Privacy Act. In accordance with APP 3.3, we only collect this with your express consent. You may withdraw consent at any time.
Your medication data is used solely for price comparison, not disclosed to third parties without further consent, not used for direct marketing, and deletable at your request.
7. Disclosure of personal information
| Recipient | Country | Purpose |
|---|---|---|
| Anthropic (Claude API) | United States | AI processing of user queries and bill data. Data retained max 7 days, not used for model training. |
| Google (Analytics) | United States | Website analytics and usage tracking. IP anonymisation enabled. |
| Hetzner Online GmbH | Germany | Server hosting and data storage. Subject to EU GDPR. |
Encrypted backups are maintained on Google Drive and local QNAP NAS storage, both controlled by Internest.
8. Security of personal information (APP 11)
We protect your information through TLS/HTTPS encryption, access controls, regular security updates, secure deletion of uploaded files after extraction, and encrypted backup storage.
Data retention: uploaded bill files are deleted immediately after extraction; account data is retained while active and destroyed within 30 days of account deletion; AI processing logs are retained by Anthropic for a maximum of 7 days.
9. Notifiable data breaches
In accordance with Part IIIC of the Privacy Act, if we become aware of a data breach likely to result in serious harm, we will notify the OAIC and affected individuals as soon as practicable. Breaches involving health information are treated with highest priority.
10. Cookies & analytics
We use essential cookies (session management) and Google Analytics 4 cookies (usage statistics). We do not use advertising or retargeting cookies. See our Cookie Notice for full details.
11. Your rights
Access (APP 12): You can request access to your personal information. We will respond within 30 days.
Correction (APP 13): You can request correction of inaccurate, incomplete, or misleading information at any time.
Anonymity (APP 2): You can use our public comparison tools without creating an account or providing your name.
12. Direct marketing (APP 7)
We only use your information for direct marketing with your consent or where you would reasonably expect it, with a simple opt-out mechanism. We will never use health information for direct marketing.
13. Automated decision-making
Our Service uses AI to process information and generate comparison results. These processes are transparent — see our AI Transparency Statement. From 10 December 2026, new APPs 1.7–1.9 will require additional disclosures which we will implement before commencement.
14. Complaints
Step 1: Contact our Privacy Officer at info@internest.com.au. We will acknowledge within 5 business days and aim to resolve within 30 days.
Step 2: If unsatisfied, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, phone 1300 363 992.
15. Future CDR data handling
When Internest obtains CDR accreditation, we will publish a separate CDR Policy compliant with CDR Privacy Safeguards. CDR data will be stored in Australia and will not be sent overseas.
16. Contact us
Privacy Officer, Internest
Email: info@internest.com.au
Website: internest.com.au