Estimator+
PlatformIntelligence BridgePricingLearn
Sign inBook a demo

Privacy Policy

The policies and terms that apply when you use Estimator+.

Last updated: 9 July 2026

Browse policies

Privacy policyTerms of useSupport policyWebsite terms

1. About this policy

1.1 Estimator Plus Pty Ltd (ABN 79 699 842 227) (we, us, our) provides the Estimator+ construction estimating and tendering platform (the Platform). This Privacy Policy explains how we handle personal information in connection with the Platform and our website, consistent with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

1.2 “Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, as defined in the Privacy Act.

1.3 By using the Platform, you agree to the handling of personal information as described in this policy.

2. Whose information this policy covers

This policy covers personal information about: the account users of our customers (our customers' staff); individuals whose details our customers enter into the Platform (such as subcontractors and clients); and individuals who contact us or use our website.

3. Personal information we collect

We collect the following kinds of personal information:

(a) Account users (our customer's staff): email address, first and last name, job title, and account timestamps. We do not collect date of birth, home address, phone number, or photo for account users.

(b) Business details (of our customer): company name, address, phone, email, ABN and logo. These may appear on tender documents generated through the Platform.

(c) Third-party contacts entered by our customer: for subcontractors: name, contact, email, phone and postcode; for clients: name, contact, email and phone. This information is entered by our customer, not collected by us directly from those individuals.

(d) Customer content: plan drawings (stored as images; the original PDF is not retained), measurements, pricing, project notes.

(e) Billing records: we use Stripe to process payments. Your card details, billing name and address, and full invoice, refund and dispute records are collected and held by Stripe on its systems; we do not store them. From Stripe we hold only your Stripe customer and subscription identifiers, your subscription status, the number and type of seats on your plan, and subscription dates (such as trial, renewal and cancellation dates). Your ABN is collected at checkout and is also held by us for tax and invoicing purposes. We do not collect or store full card numbers, PAN or CVV; these are handled entirely by Stripe.

(f) Operational information: AI connection records, where our customer connects an external AI application (which applications a user has connected and their read or write permissions); an audit log of changes made by connected AI applications (which user and application made each change and what changed, including prior values); login session information (one active session per user).

4. How we collect personal information

4.1 We collect personal information:

(a) when account users register for and use the Platform;

(b) when our customers enter business details and third-party contact details into the Platform;

(c) when customers upload plan drawings and project content;

(d) through operational logs generated by use of the Platform (including the AI connection and audit records described in clause 3(e));

(e) from Stripe, when you subscribe or a payment event occurs (clause 3(f)); and

(f) when you contact us or otherwise interact with us or our website.

4.2 Where our customer enters personal information about a third party, our customer is responsible for having the right to provide that information to us (see clause 10).

5. Why we collect, hold, use and disclose personal information

5.1 We collect, hold, use and disclose personal information to:

(a) create and administer accounts;

(b) provide, support, secure and operate the Platform, including generating estimates, tenders and Submissions;

(c) provide the plan-reading feature and operate the AI connector (see clauses 7 and 8);

(d) process subscriptions and payments;

(e) communicate with users about the service, including service and administrative messages;

(f) improve, develop and analyse our products and services, and develop new features;

(g) market our own products and services to our customers, subject to the opt-out arrangements in clause 5.2; and

(h) comply with our legal obligations.

5.2 Direct marketing and opt-out: We may use the contact details of our customers and their account users to send marketing communications about our own products and services. You may opt out of receiving marketing communications from us at any time by using the unsubscribe function in the message or by contacting us via the details in clause 19 and we will stop sending them. We do not use personal information for third-party direct marketing, and we do not sell personal information.

6. Disclosure and our service providers (sub-processors)

6.1 We disclose personal information to the following service providers who help us deliver the Platform:

ProviderRoleInformation involvedLocation
SupabaseCore database, authentication, hostingAll application dataSydney, Australia
Google (Gemini)Plan reading: reading plan page images and extracting text for indexingPlan page images (extracted text is returned to the Platform)United States
Cloudflare R2Image and logo storagePlan images, logosAsia-Pacific region
ResendTransactional emailRecipient email address and email contentUnited States
StripeSubscription billing and card paymentsCard, billing address and ABN (collected directly by Stripe; we do not see card data)United States
Fly.ioHosting for the AI connector (see clause 8)Project data in transit only: the connector stores no customer data and holds no credentialsSydney, Australia (Fly.io, Inc. is a US company)

6.2 We may also disclose personal information where required or authorised by law, to protect our rights, or in connection with a sale or restructure of our business (subject to appropriate confidentiality).

6.3 We do not sell personal information, and we do not disclose it for third-party direct marketing.

6.4 An external AI provider that our customer connects to the Platform is chosen and engaged by the customer, not by us, and is not one of our service providers, in accordance with clause 8.

7. Plan reading and our AI provider

7.1 The Platform uses an AI provider to read plan page images and extract text from them, so that plans are indexed and searchable within the Platform. This is the only feature for which we send data to an AI provider. The Platform no longer includes a built-in AI assistant, AI scope drafting or text tidy-up.

7.2 Current provider; provider may change: Our current AI provider for plan reading is Google (Gemini). We may change or add AI providers for this feature from time to time, provided any replacement or additional provider is a reputable provider of comparable services engaged on terms consistent with this policy. We will update this policy to reflect any change of AI provider.

7.3 What is and isn't sent: We send the AI provider plan page images (to read them) and text machine-transcribed from those plans (to index and summarise them). We do not send account users’ names, email addresses or login details, and there is no chat, question or user-typed content to send.

7.4 How the AI provider handles it: The AI provider acts as our processor and does not use prompts or responses to train its models. The provider retains data only transiently for abuse detection and legal compliance. This processing is governed by the AI provider's data processing terms for products where it acts as a data processor.

7.5 Extracted text is assistive. Text extracted from plans is generated automatically and may be inaccurate or incomplete. Our customers are responsible for checking it. This is also addressed in the Software Terms of Use and Licence.

7.6 Automated decision-making: The plan-reading feature extracts text; it does not make decisions that produce legal or similarly significant effects about individuals. External AI applications connected by our customers (clause 8) are operated by or for the customer, not by us. If our use of automated processing changes such that it is captured by automated decision-making transparency requirements, we will update this policy to disclose the required information.

8. AI applications connected by our customers

8.1 Our customers can connect their own external AI application (such as an AI assistant like Claude or ChatGPT) (called an AI Agent in our Software Terms of Use and Licence) to their data in the Platform through our AI connector. The connector is hosted in Australia, holds no credentials and stores no customer data: it passes each request through as the signed-in user, and the Platform’s access controls apply to every read and write.

8.2 Customer’s AI, not ours: The AI provider is selected, authorised and engaged by our customer. When a customer connects an AI application, information that application reads (which may include project details, estimates and pricing, subcontractor and client names and contact details, plan images and extracted plan text, and project notes) is transmitted to that AI provider at the customer’s direction. That provider’s handling of the information is governed by the customer’s own agreement with that provider, not by this policy, and the provider is not our sub-processor.

8.3 Consent and control: AI application access is off by default. It operates only if a customer administrator enables it at company level (read-only or read-and-write) and the individual user approves the specific application through a consent screen (with write access a separate opt-in). Either can be revoked at any time from the connected-apps panel. These settings apply only to external AI applications connected by our customer: they do not switch off the plan-reading feature described in clause 7, which operates as part of the Platform whenever plans are uploaded.

8.4 Safeguards and audit: We have implemented restrictions designed to prevent a connected AI application from deleting or changing any record created or edited by a person, restructuring an estimate, or modifying submitted tenders, plan drawings, users or settings. A connected AI application with write access can add scope items, quotes, subcontractor contacts, notes and takeoff measurements, can change or remove only the items it created itself, and can set a plan sheet’s scale where none has been set. Everything it creates is marked as AI-created, and every change it makes is recorded in an audit log with prior values, which is designed to allow changes to be identified and reversed. These safeguards do not replace your review: anything an AI application creates or changes should be checked before it is relied on.

8.5 If you are a subcontractor or client: your details may be included in the information a customer’s connected AI application reads. The customer is responsible for having a basis to disclose your information to its chosen AI provider (see clause 10).

9. Cross-border disclosure (APP 8)

9.1 Some personal information is disclosed to, or stored by, recipients outside Australia:

(a) United States: plan page images (our AI provider, for plan reading); email addresses and email content (Resend); billing information including ABN (Stripe, collected directly).

(b) Asia-Pacific region: plan images and logos (Cloudflare R2). This storage is across the Asia-Pacific region and is not limited to Australia.

9.2 Our primary application database is hosted in Australia (Supabase, Sydney), and our AI connector is hosted in Australia and stores no customer data.

9.3 Before disclosing personal information overseas, we take reasonable steps to ensure the overseas recipient handles it consistently with the APPs.

9.4 Customer-directed disclosures to connected AI providers: Where our customer connects an external AI application (clause 8), information read by that application is disclosed to the customer’s chosen AI provider wherever that provider processes it (commonly the United States). That disclosure is made at the customer’s direction: the customer selects and authorises the provider, and is responsible for that disclosure.

10. Operator access

Our staff who are designated as platform administrators can access customer accounts and data across all customers through administrative tools (including project content, client names, pricing and plan images) for the purposes of support, account management and operating the Platform. Access is limited to these purposes.

11. Payments and ABN

Card payments are processed by Stripe on its hosted pages. Your full card number and CVV go directly to Stripe: we never receive or store them. We receive the billing records described in clause 3(f) to administer subscriptions, issue invoices and receipts, comply with our tax obligations and resolve payment issues. Your ABN is collected at checkout and is held by us and by Stripe for tax and invoicing purposes. Stripe also handles your information under its own terms and privacy policy.

12. Third-party information entered by customers

Where our customer enters personal information about a third party (such as a subcontractor or client), the customer is responsible for having the necessary right or basis to provide that information to us and for informing those individuals as required, including where the customer’s connected AI application will read that information (clause 8). We handle that information on the customer’s instructions to operate the Platform, as described in the Software Terms of Use and Licence.

13. Security

(a) We take reasonable steps to protect personal information, including: isolating customer data at the database level so it cannot be accessed across customers; hosting primary data in Australia; encrypting data in transit; limiting each user to one active login session (to deter credential sharing); not storing card data (Stripe handles it entirely); not using third-party tracking or analytics tools; and applying a content-security policy that restricts what the application connects to.

(b) For AI connections: the connector holds no privileged credentials and stores no customer data; every read and write by a connected AI agent or application is enforced by database-level access controls as the signed-in user; access is off by default and requires both an administrator setting and per-user consent, each revocable at any time; and AI writes are marked, audited with prior values, and reversible, and a connected AI agent or application can modify or delete only records it created.

(c) No method of transmission or storage is completely secure, and these measures are a description of our practices, not a guarantee.

14. Retention

14.1 We retain personal information only for as long as it is reasonably needed for the purposes described in this policy, or for any period we are required by law or a court or tribunal order to keep it.

14.2 While an account is open, information in the account is retained because the service requires it: customers use the Platform as their working record of projects, estimates and tenders.

14.3 If your account is deactivated for non-payment, or your Subscription ends, the information in the account is retained while the account remains inactive: you can still sign in to access and export it. If the account remains inactive for 2 years, we delete or de-identify the account and its information, unless we are required to retain particular information or one of the retention categories below applies.

14.4 If an account administrator requests deletion of the account, the account and its information are deleted 30 days after the request, subject to the retention categories below. Once deleted, account information cannot be recovered.

14.5 When personal information is no longer needed for any purpose under this policy (including after account closure), and no law or order requires us to keep it, we take reasonable steps to destroy it or ensure it is de-identified.

14.6 Information that has been deleted may persist in our encrypted operational backups for a limited period (up to 7 days) before those backups are overwritten. Backups are maintained for service continuity and are not a means of restoring individual account data on request.

14.7 Unless you delete a Submission through the Platform during the life of your account, Submissions are retained for 6 years after account closure (including where deletion of the account is requested) for our own contractual, compliance and record-keeping purposes, after which they are destroyed or de-identified. This retention is for our purposes: export and keep your own copies of submitted tenders before closing your account.

14.8 Records of deletion requests are retained for 6 years after the request is actioned, as evidence it was actioned.

14.9 The audit log of changes made by connected AI applications is retained for 6 years after the account is closed, after which it is destroyed or de-identified.

14.10 Billing records (clause 3(f)) are retained for the periods required by Australian tax and corporations law (generally five to seven years), including after account closure.

15. Access, correction and deletion

15.1 You may request access to, or correction of, the personal information we hold about you by contacting us via the details in clause 19. We will respond within a reasonable period and may need to verify your identity.

15.2 A user or an account administrator may request deletion of an account or data by contacting us via the details in clause 19. Australian privacy law does not confer a general right to have information deleted, and we do not promise deletion on request: we review each request and decide it in accordance with this policy and our legal obligations, and we will tell you the outcome, including if we decline in whole or in part.

15.3 Information we retain under clause 14 (including Submissions, billing records, deletion-request records and the AI change audit log) is not deleted in response to a request, and where we approve a request we may de-identify rather than delete.

15.4 Where the information was entered into the Platform by a customer (for example, a subcontractor's details), we may refer the request to that customer, as the information is held on the customer's instructions.

15.5 Where an individual user is deleted, their work product remains in the customer's account and the authorship link is removed.

15.6 There is no fee to make a request, though we may charge a reasonable cost for access in limited circumstances permitted by the APPs.

16. Anonymity

Where lawful and practicable, you may deal with us anonymously or using a pseudonym, for example when making a general enquiry. This is generally not practicable for account users, who need an identified account to use the Platform.

17. Complaints

17.1 If you believe we have breached the APPs, please contact us via the details in clause 19 with details. We will acknowledge your complaint and aim to respond within a reasonable period.

17.2 If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

18. Changes to this policy

18.1 We may update this policy from time to time by posting the updated version at estimator.plus/privacy-policy. The “last updated” date at the top of this policy shows when it last changed.

18.2 Where a change materially changes how we handle your personal information, we will give you reasonable prior notice by email or in-Platform notice before it takes effect, and clause 1.4 of the Software Terms of Use and Licence (including your right to cancel before the change takes effect) applies. Nothing in this clause limits any separate notice we must give, or consent we must obtain, under the Privacy Act.

19. Contact us

Estimator Plus Pty Ltd (ABN 79 699 842 227)

Privacy contact: support@estimator.plus

Estimator+

The estimating platform for commercial builders — takeoff, scope, quotes and review, with your own AI agent in the loop.

Product
PlatformIntelligence BridgePricing
Company
LearnContactBook a demoSign in
Legal
Privacy policyTerms of useSupport policyWebsite terms
Estimator Plus Pty Ltd · ABN 79 699 842 227 · Built in Australia.
© 2026 Estimator+ · Construction estimating, rebuilt for the AI era.