Privacy Policy
Last updated: 9 March 2026
About this policy: This Privacy Policy explains how QuickReply ("we", "us", "our") collects, uses, stores, and protects personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you have questions, contact us at
kap.heng@perennialit.com.au.
1. Who We Are
QuickReply is an automated email reply service operated by Perennial IT Pty Ltd (ABN 89 405 638 909), based in South Australia. Our service helps real estate agencies automatically respond to property enquiries received via email.
Contact for privacy matters:
Email: kap.heng@perennialit.com.au
Website: https://quickreply.akboredom.com.au
2. What Personal Information We Collect
We collect different types of personal information depending on how you interact with our service:
2.1 Information from our clients (subscribers)
When a real estate agency signs up for QuickReply, we collect:
- Business name and contact details (name, email address, phone number)
- Login credentials (username and a securely hashed password — we never store your password in plain text)
- Billing information processed through our payment provider, Stripe (we do not store credit card numbers on our servers)
- Microsoft 365 authentication tokens (encrypted at rest using AES-256-CBC encryption) to access your email inbox
2.2 Information from email leads (third parties)
When our system processes incoming emails on behalf of our clients, we collect:
- Sender's email address
- Email subject line
- Date and time the email was received
- Whether an auto-reply was sent and when
We collect this information solely to provide the auto-reply service to our clients. We do not read or store the full body content of incoming emails beyond what is needed for keyword matching.
2.3 Technical information
- IP addresses (used for login security and rate limiting)
- Browser type and session data (used for dashboard access)
- Activity logs (login events, actions taken within the dashboard)
3. How We Use Your Information
We use personal information for the following purposes:
- Providing the service — monitoring your connected email inbox, matching incoming emails against your projects, and sending auto-replies on your behalf
- Account management — managing your subscription, processing payments, and communicating about your account (billing reminders, service alerts, password resets)
- Security — protecting against unauthorised access, detecting abuse, and enforcing rate limits
- Service improvement — monitoring system health and diagnosing technical issues
- Legal compliance — meeting our obligations under Australian law
We do not use your personal information for direct marketing purposes unless you have given us express consent. We will never sell your personal information to third parties.
4. How We Share Your Information
We share personal information only with the following third-party service providers, and only to the extent necessary to operate the service:
- Microsoft Corporation (United States) — We use the Microsoft Graph API to access your Microsoft 365 email inbox and send auto-replies. Microsoft's privacy practices are governed by the Microsoft Privacy Statement.
- Stripe, Inc. (United States) — We use Stripe to process subscription payments. Stripe handles all credit card data directly; we never see or store your full card number. Stripe's privacy practices are governed by the Stripe Privacy Policy.
- Hosting provider — Our application and database are hosted in Australia. Your data is stored on servers located in Australia.
Cross-border disclosure (APP 8): Some of your data may be processed by Microsoft and Stripe on servers located in the United States. These companies maintain data protection standards that we consider adequate to protect your information. By using our service, you acknowledge this cross-border data transfer.
We do not share personal information with any other third parties unless required by law (for example, in response to a court order or a request from a government authority with proper jurisdiction).
5. Data Security
We take the security of your personal information seriously. Our security measures include:
- All data transmitted between your browser and our servers is encrypted using HTTPS (TLS/SSL)
- Passwords are hashed using the bcrypt algorithm and never stored in plain text
- Microsoft 365 authentication tokens are encrypted at rest using AES-256-CBC encryption
- All database queries use parameterised statements to prevent SQL injection
- CSRF (Cross-Site Request Forgery) protection on all forms
- Rate limiting on login attempts to prevent brute-force attacks
- Session cookies configured with HttpOnly, Secure, and SameSite=Strict flags
- Daily automated database backups (retained for 7 days)
- Upload file validation (file type whitelist, MIME type checking, and size limits)
- Multi-tenant data isolation — each client's data is strictly separated at the database level
6. Data Retention and Deletion
We retain your personal information only for as long as necessary to provide our service and meet our legal obligations:
- Account data — retained for the duration of your subscription, plus 30 days after cancellation to allow for reactivation
- Email logs (sent replies, flagged emails) — retained for the duration of your subscription
- Billing records — retained for 7 years as required by Australian tax law
- Login and security logs — retained for 90 days
- Database backups — automatically deleted after 7 days
Upon account termination, we will delete or de-identify your personal information within 30 days, except where we are required to retain it by law. Microsoft 365 tokens are immediately revoked and deleted upon account closure.
7. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access your information (APP 12) — You can request a copy of the personal information we hold about you. We will respond within 30 days.
- Correct your information (APP 13) — If you believe any information we hold about you is inaccurate, incomplete, or out of date, you can ask us to correct it. You can also update many details directly through your QuickReply dashboard.
- Request deletion — You can request that we delete your personal information. We will comply unless we are required to retain it by law.
- Make a complaint — If you believe we have breached your privacy, you can lodge a complaint with us (see Section 11 below). If you are not satisfied with our response, you can escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
To exercise any of these rights, contact us at kap.heng@perennialit.com.au.
8. Cookies and Tracking
QuickReply uses only essential cookies required for the service to function:
- Session cookie — used to keep you logged into the dashboard. This cookie is deleted when you log out or when your session expires (after 1 hour of inactivity).
- CSRF token cookie — used to protect forms from cross-site request forgery attacks.
We do not use any third-party tracking cookies, analytics services, or advertising cookies. We do not track your activity across other websites.
9. Automated Decision-Making
In accordance with the Privacy and Other Legislation Amendment Act 2024 (POLA), we disclose the following automated processes:
- Email matching — Our system automatically compares incoming email sender domains and subject line keywords against your configured projects. If a match is found, an auto-reply is sent without human intervention. This does not use artificial intelligence — it is simple pattern matching based on rules you configure.
- Trial abuse detection — Our system checks for signs of repeated free trial signups (based on email domain, company name, IP address, and browser fingerprint). This is used to prevent abuse of our free trial offer and may result in a trial being declined.
- Rate limiting — Our system automatically blocks login attempts after 5 consecutive failures for a period of 15 minutes. This is a security measure to protect your account.
None of these automated decisions involve profiling or have significant legal effects on individuals beyond the scope of the service itself. If you have concerns about any automated decision, please contact us.
10. Children's Privacy
QuickReply is a business-to-business (B2B) service designed for use by real estate professionals. Our service is not directed at children under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.
11. How to Make a Privacy Complaint
If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you can submit a complaint by emailing kap.heng@perennialit.com.au with the subject line "Privacy Complaint".
We will acknowledge your complaint within 7 days and provide a written response within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes that affect how we handle your personal information, we will notify you by email or through a notice in the QuickReply dashboard.
We encourage you to review this policy periodically.