Urban Pulse Privacy Policy

Last updated: 8 July 2026 Version: 1.8 Effective from: 8 July 2026


1. Who we are and how to contact us

This policy is issued by:

Privacy enquiries, access requests, corrections and complaints:


2. The Urban Pulse business

Urban Pulse is a software-as-a-service platform for the Australian construction industry. The platform includes document transmittal and e-signature workflows, site and planning intelligence, project-management tools, marketplace features, payments, referrals, support, and related business services.


3. What personal information we collect

We collect the categories of personal information below where they are relevant to how you use Urban Pulse. Personal information embedded in a document you upload is collected as document content, not as a separate structured profile field.

3.1 Identity, account and authentication information

Passwords are hashed. We record successful and unsuccessful sign-in outcomes with the time, outcome and a pseudonymised one-way hash of the attempted identifier.

3.2 Documents, envelopes and signing records

We collect documents and related metadata you upload or generate through Urban Pulse, including:

When a sender prepares an envelope, they may add more than one participant and may mark some participants as notification-only CC recipients. For each participant, we collect the name, email address and, where the sender chooses to provide it, phone number. For signers, we also store which signature or initials fields are assigned to that person, the document page, and the normalised placement coordinates for each field. We use this only to route, evidence and audit the signing workflow for that envelope.

For e-signature events, we collect signer name, email address, time signed, signing-context metadata, a truncated network prefix and a one-way hash of the browser type against the signature and consent record.

3.3 Payments, subscriptions and referrals

We collect billing name and address, payment references, receipts, subscription plan and billing status, Stripe customer/subscription identifiers, and records needed to reconcile invoices, refunds, chargebacks and tax obligations. Stripe tokenises card details in your browser before they reach us.

If you take part in our referral program, we collect:

3.4 Project, planning, marketplace and collaboration content

Where you use project-management, town-planning, marketplace or property-intelligence features, we collect the information you create or provide in those workflows, including:

Free-text fields may contain personal information if you choose to include it.

3.5 Communications and support

We collect the content of emails, SMS messages, in-app messages, live chats, support tickets, feature requests and other communications you send to us or via the platform. If you send a listing enquiry, your message and account email address are sent to the person or team handling that listing so they can respond.

If an email bounces, is reported as spam, or is unsubscribed from, we record the affected address and event so we can honour suppression and opt-out obligations.

3.6 Technical, usage, location and cookie information

We collect technical and usage information needed to operate, secure and improve the service, including:

Where a map is displayed on a property or site-intelligence surface, the property address or map area being viewed is used to draw that map. The map provider receives standard technical information from your browser as part of loading the map. See Section 6.7.

3.7 AI-assisted features

Where you use AI-assisted features, we process the prompts, uploaded documents, extracted text, project records or planning context needed to generate the requested draft or answer. AI outputs are draft assistance only. A person remains responsible for reviewing the result before relying on it, sending it, lodging it, signing it or using it in a professional workflow.

Planned Anthropic-backed document extraction and contract-reading features are not active today. We will update this policy and our cross-border disclosure register before customer document text, party names, property addresses or contract terms are sent to Anthropic for those features.


4. How we collect personal information

We collect personal information:

Where we collect your personal information from someone else, we take reasonable steps to make you aware of this policy, including by linking it from recipient and account surfaces.


5. Why we use your personal information

We use personal information where it is reasonably necessary for our functions or activities, where you have consented, where you would reasonably expect the use, or where the use is required or authorised by Australian law.

5.1 To deliver the Urban Pulse service

This includes creating and securing accounts, operating workspaces, sending envelopes, capturing signatures, storing documents, processing payments, managing referrals, providing planning/project/marketplace tools, running support and keeping transaction records.

5.2 To process payments, referrals and prevent fraud

This includes verifying payment methods, settling funds through Stripe, reconciling payments and refunds, detecting suspicious activity, administering referral rewards and preventing self-referral or abuse.

5.3 To comply with Australian law

This includes responding to lawful requests from courts, regulators and law-enforcement agencies, meeting tax record-keeping obligations, meeting consumer-protection obligations, and complying with privacy, spam and notifiable-data-breach requirements.

5.4 To improve and secure the product

This includes analysing aggregated and de-identified usage data, measuring feature usage, fixing bugs, monitoring errors, improving security controls and developing product improvements.

5.5 To communicate with you

This includes service notifications, sign-in alerts, document-status updates, payment receipts, security notices, support replies, feature-request updates and marketing where you have opted in.


6. Who we share your personal information with

We share personal information only with the third parties listed below, and only to the extent necessary. Overseas recipients are identified by country. For overseas processors, we take reasonable steps to ensure they handle personal information consistently with the Australian Privacy Principles, including through data-processing terms, vendor security commitments, contractual safeguards and an internal cross-border disclosure register reviewed before materially new overseas processing is activated.

6.1 Stripe, Inc. (United States) — payments and subscriptions

We use Stripe to process card payments, subscription billing, payment disputes and related account-credit workflows. Stripe receives payment and billing information such as cardholder name, billing address, email address, payment-method token, amount, invoice references and subscription identifiers. Your full card number is tokenised by Stripe before it reaches us.

6.2 Resend (United States control plane; Amazon SES Tokyo, Japan data plane) — transactional email

We use Resend to deliver transactional emails, including sign-in confirmations, invoices, document-ready notifications, recipient notifications, support updates and internal signup notifications. Resend receives the recipient email address, message body and delivery metadata. Resend's control plane operates in the United States, and outbound email delivery and bounce processing are routed through Amazon SES in Tokyo, Japan.

6.3 Twilio (future state; United States API infrastructure; Australian contracting entity and carrier edge) — transactional SMS

We plan to use Twilio to deliver transactional SMS, such as verification codes and urgent document-status notifications. This SMS integration is not active today. Before it is switched on, we will update our cross-border disclosure register and confirm this policy remains current. When active, Twilio will receive the destination phone number, message content and delivery metadata. Twilio's API platform is operated from the United States; Twilio Australia Pty Ltd is the contracting entity for Australian customers; SMS delivery occurs through mobile carriers.

6.4 Urban Pulse signing records — built-in e-signature ceremony

Send & Sign envelopes are signed inside Urban Pulse's own signing ceremony. Signature images, consent records, signing metadata, completed signed PDFs and signing certificates are stored through the Australian hosting, storage and database providers described in Section 6.5.

6.5 Amazon Web Services Australia and Neon — hosting, storage and database

We use AWS Sydney (ap-southeast-2) for compute, file storage, secrets management and supporting infrastructure. We use Neon as our managed Postgres database provider, configured in the Sydney region. Account data, document metadata, audit rows and most customer records reside on Australian infrastructure.

6.6 Better Auth via Neon Auth and Google LLC — authentication

We use Better Auth, hosted via Neon Auth, to manage account credentials and sessions. Sign-up and sign-in flows are handled through Urban Pulse servers and our authentication service.

When you choose "Continue with Google", your browser is sent to Google to approve the sign-in and then returned to us. Google returns a signed token containing your email address, whether that email address is verified, and basic profile information such as your name. We use that information to authenticate you and create or match your Urban Pulse account.

6.7 Google LLC (United States) — map display and Google sign-in

Where we display a Google map on a property or site-intelligence surface, the map is loaded directly from Google's servers in your browser. Google receives the map location being displayed and standard technical information, including IP address, browser type and device type. Google may set or read its own cookies in that embedded map.

6.8 Anthropic, PBC (United States) — planned AI assistance

We intend to use Anthropic's Claude API for AI-assisted features, including document extraction, contract-reading summaries and related draft outputs. That Anthropic integration is not active today. Before it is switched on, we will update our cross-border disclosure register and this policy.

Once available, Anthropic may receive prompts, extracted text, document text, project records, planning context, property addresses, party names, contract terms or other information embedded in the content you ask the AI feature to process. Anthropic operates under a Zero Data Retention amendment with us.

6.9 Sentry (Functional Software, Inc.) — planned server-side error monitoring

We may use Sentry for server-side error monitoring and diagnostics. This integration is not active on the current Urban Pulse platform today. Before activation, we will confirm the relevant error-payload scrubber controls and update our cross-border disclosure register and this policy if required. When active, Sentry may receive stack traces, request URLs, IP addresses, user-agent strings and bounded user or organisation identifiers captured in an error context.

6.10 PostHog (PostHog, Inc.) — planned product analytics

We may use PostHog to measure product usage. This integration is not active on the current Urban Pulse platform today. Before activation, we will confirm the analytics wrapper, allowlisted event schema and cross-border register entry. When active, PostHog may receive an anonymous or pseudonymous user identifier, page path, campaign/source parameters, event name, event properties, IP address and user-agent.

6.11 Intercom (Intercom, Inc., United States) — in-product support chat

We use Intercom to provide in-product live chat, support messaging and help workflows for signed-in customers. We verify your identity to Intercom using a short-lived signed token created on our server. Intercom receives your email address, display name, stable account identifier, organisation identifier and role, chat message content you send, and standard technical information such as IP address, browser type and timestamps. When you open support, we also send a coarse allowlisted page route and product surface for the page where support was opened. We do not send arbitrary project/property slugs as Intercom support context.

6.12 Other situations in which we may share information


7. Where your information is stored and how we secure it

7.1 Storage location

Urban Pulse stores customer personal information in Australia by default:

Where personal information is disclosed to an overseas processor listed in Section 6, that disclosure is the ordinary path by which the information leaves Australia to operate the service.

7.2 Security measures

We take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification or disclosure, including:

If we become aware of a data breach that meets the threshold for notification under Part IIIC of the Privacy Act, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

7.3 Keeping your information accurate

We take reasonable steps to ensure the personal information we collect, use and disclose is accurate, up to date and complete, having regard to the purpose. Please tell us if your details change.


8. How long we keep your information

CategoryRetention period
Transactional and financial records, including envelopes, signatures, payments, referral payouts and invoices7 years after the transaction completes, in line with Australian tax and consumer-protection record-keeping conventions.
Document files you uploadedFor as long as the associated project or envelope is active, plus 7 years where the document forms part of a regulated transaction record.
Audit log of state-changing actions7 years from the date of the action.
Account profile and contact detailsStandalone profile data is purged within approximately 90 days after account closure, allowing for account recovery and pending reconciliation. Contact details embedded in transactional and financial records follow the 7-year retention above.
Web-tier session and request logs90 days rolling.
Sign-in and sign-up outcome eventsRecorded in the append-only security audit log and retained 7 years with other audit records.
Recipient view linksValid for 14 days by default; the sender can shorten or extend this per envelope from 1 hour to 30 days.
Recipient comments and sender-supplied recipient detailsRetained with the associated envelope record.
Project collaboration contentRetained for as long as the associated project is active and thereafter with the project record where it forms part of a regulated transaction record.
Referral attribution recordsRetained for the life of the referral relationship and for a reasonable period afterwards to administer the program and evidence anti-abuse checks, then deleted or de-identified.
Conveyancer matters and drafted contract summariesRetained for as long as the matter is active; on request we delete a matter and its summaries to the extent we are not required by law to retain them.
Marketing consent and opt-out recordsRetained for the life of the marketing relationship plus a reasonable period to evidence the opt-out.
Analytics events24 months, anonymised or de-identified where practical, per our internal retention policy.

Where the law requires us to keep information for longer, the legal obligation overrides the table above. Where you exercise your right to deletion (Section 9), we honour it to the extent permitted, subject to legal-retention exceptions.


9. Your rights

Australian privacy law gives you a right to access and a right to correct the personal information we hold about you. We also offer deletion and data-portability commitments as a matter of our own policy.

To exercise any of these rights, email privacy@urbanpulse.com.au. We will respond within a reasonable period, no later than 30 days for an access or correction request. We may need to verify your identity before acting on a request.


10. Marketing communications

We send marketing emails or SMS only where you have expressly consented through a clearly labelled opt-in.

10.1 Emails

Every marketing email we send will:

10.2 SMS

Every marketing SMS we send will:

You can manage your marketing preferences at any time by emailing privacy@urbanpulse.com.au.

Service messages, such as sign-in alerts, document-ready notifications, payment receipts and security notices, are not marketing and will continue while you have an active account.


11. Cookies and similar technologies

We use cookies and similar technologies for:

Your browser settings let you inspect and clear cookies. Clearing strictly necessary cookies will sign you out and clear security preferences.


12. Children's privacy

Urban Pulse is a business-to-business and business-to-consumer construction-services platform intended for users aged 18 and over. It is not directed at children. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a child, email privacy@urbanpulse.com.au and we will delete it.


13. Changes to this policy

We update this policy from time to time. When we do, we change the "Last updated" date and version number. For material changes that affect what we collect, who we share it with, or your rights, we will notify you by email or in-app notice at least 14 days before the change takes effect.

The updated policy applies from its effective date. Where law requires consent for a change, we will ask for it separately. You may close your account and ask us to delete your personal information to the extent permitted by law.


14. Complaints

If you believe we have mishandled your personal information, please contact us first so we can try to resolve the issue:

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC):


15. Spam Act 2003 (Cth) — commercial electronic messages

To comply with the Spam Act 2003 (Cth) and ACMA's industry guidance:


16. Legal framework references

This policy is drafted with reference to:

This policy does not modify any rights you have under those laws.


17. Document control

Questions about this policy: privacy@urbanpulse.com.au.