leaso
Sign Up for Free

Leaso

Privacy Policy

Last updated: 20 March 2026 · Leaso Pty Ltd (ABN: 30 674 276 781)

Leaso Pty Ltd ("Leaso", "we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what we collect, why we collect it, who we share it with, and what your rights are.

It applies to your use of leaso.com, the Leaso web app, mobile applications, browser extension (Smart Browse), WhatsApp integration, and all related services (together, the "Services").

By using the Services you agree to this Privacy Policy. If you do not agree, you must not use the Services.

1. Legal Basis and Compliance

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where you access the Services from the European Economic Area (EEA) or United Kingdom, we also comply with the General Data Protection Regulation (GDPR) and UK GDPR respectively.

Under the GDPR and UK GDPR, our legal bases for processing your personal information are:

  • Contract — processing necessary to provide the Services you have signed up for;
  • Legitimate interests — operating, securing, and improving the Platform, and communicating with you about it;
  • Consent — for optional features such as WhatsApp notifications and direct marketing (which you can withdraw at any time);
  • Legal obligation — where we are required to process data by law.

2. Information We Collect

We collect the following categories of personal information:

Identity and contact

Name, email address, phone number, and date of birth. Phone number is only collected if you choose to enable WhatsApp notifications.

Account and profile

Username, password (stored in hashed form), profile details, property preferences, and any Intentions you create on the Platform.

Communications

Messages sent within the Platform (including via Connections), support queries, feedback, and any communications with our team.

Payment and billing

Billing address and transaction records. Full card details are processed directly by Stripe and are never stored on Leaso's servers.

AI and chat interactions

Inputs you provide to Leaso's AI features, including via the web app and WhatsApp. These are used to build your profile, generate matches, and improve AI performance. See Section 5 for more detail.

Usage and technical data

Browser type, IP address, device identifiers, pages visited, access times, referring URLs, and clickstream data. Collected automatically when you use the Services.

Cookies and tracking

See Section 9 for details of our use of cookies and similar technologies.

You warrant that you are authorised to provide any personal information you submit, including information about third parties, and that we may use it in accordance with this Policy.

3. How We Collect Your Information

We collect personal information:

  • directly from you, when you register, update your profile, create an Intention, send messages, make payments, or contact us;
  • automatically, through cookies, analytics tools, and device/browser data when you use the Services;
  • from third-party providers, including Stripe (payment processing), Google Analytics (usage analytics), Meta (where you use WhatsApp integration), and AWS (infrastructure);
  • from publicly available sources, where relevant to verifying information or improving the Services.

4. How We Use Your Information

We use your personal information to:

  • create, manage, and secure your account;
  • provide the Services, including AI matching, the Connection model, Smart Browse, and Agency Messaging;
  • process payments and maintain billing records;
  • send match notifications, Connection updates, platform announcements, and — where you have consented — marketing and promotional messages via email, in-app notifications, and WhatsApp;
  • enable approved Agents to contact renters who have posted an active Intention, solely to assist them to secure a rental property;
  • respond to support queries, complaints, and feedback;
  • analyse usage patterns to improve the Services and user experience;
  • detect and prevent fraud, abuse, and security incidents;
  • comply with legal obligations and enforce our Terms of Service;
  • use de-identified or aggregated data for analytics and product development.

5. AI and Automated Processing

Profile building

When you interact with our AI chat (via the web app or WhatsApp), your inputs are processed to build your property profile and generate match recommendations. This processing is a core function of the Service.

Matching

Our AI systems analyse your profile and preferences against other users to generate match suggestions. No Connection is opened without both parties independently expressing interest (our Double Opt-In model). Automated matching does not constitute a decision with legal or similarly significant effects.

WhatsApp AI

If you engage with Leaso's AI via WhatsApp, your messages are processed by Leaso's AI systems. Your phone number and message content are shared with Meta Platforms, Inc. as necessary to deliver the WhatsApp service. Meta processes this data in accordance with its own Privacy Policy and WhatsApp Business Terms.

AI improvement

We may use anonymised or aggregated interaction data to train and improve our AI models. We will not use personally identifiable data to train AI models without your explicit consent.

Your rights regarding automated processing

EEA and UK users have the right to request human review of any automated decision that significantly affects them. To exercise this right, contact support@leaso.com.

6. Third-Party Processors

We share your personal information with the following categories of third-party processors, only to the extent necessary to provide the Services:

Stripe

Payment processing. Stripe processes your payment information directly. We do not store full card details. Stripe's privacy policy: stripe.com/privacy.

Meta Platforms, Inc. (WhatsApp Business)

If you enable WhatsApp notifications or use Leaso's WhatsApp AI, your phone number and message content are shared with Meta to deliver the WhatsApp service. Leaso operates as a WhatsApp Business Solution Provider and is subject to Meta's WhatsApp Business Terms. Meta's privacy policy: whatsapp.com/legal/privacy-policy.

Amazon Web Services (AWS)

Cloud infrastructure and data storage. Your data may be stored on AWS servers in Australia and/or other AWS regions. AWS is certified under internationally recognised security standards including ISO 27001 and SOC 2.

Google Analytics

Usage analytics. Google Analytics collects anonymised data about how users interact with the Services (pages visited, session duration, device type). This data is aggregated and does not identify you personally. You can opt out via Google's opt-out browser add-on (tools.google.com/dlpage/gaoptout). Google's privacy policy: policies.google.com/privacy.

OpenAI

Leaso's AI features — including profile building, matching, and chat — are powered by the OpenAI API. When you interact with any AI feature on the Platform, your inputs (including property preferences, chat messages, and profile information) are sent to OpenAI's servers for processing. OpenAI processes this data in accordance with its API data usage policies and does not use API data to train its models by default. OpenAI's privacy policy: openai.com/policies/privacy-policy.

Email delivery providers

We use third-party email delivery services to send transactional and marketing emails. These providers access your email address solely to deliver messages on our behalf and are not permitted to use it for any other purpose.

Other providers

We may engage additional third-party providers for functions such as customer support tooling, identity verification, or security monitoring. All providers are contractually required to protect your data in accordance with this Policy and applicable law.

We do not sell your personal information to third parties.

7. Agent Access to Your Information

If you post an Intention, approved Agents may view your Intention and contact you via the Platform's Agency Messaging feature, solely to assist you in securing a rental property. By posting an Intention you expressly consent to this, as described in our Terms of Service.

Leaso shares only the information necessary to facilitate this communication. Your contact details (phone number, email address) are never shared with Agents. All communication takes place within the Platform.

Agents are contractually prohibited from using your information for any purpose other than assisting you to secure a rental property, and from sharing it with third parties.

8. International Data Transfers

Leaso is operated from Australia. Your personal information may be transferred to, processed, and stored in countries outside Australia, including the United States (AWS, Stripe, Google, Meta) and other countries where our service providers operate.

Where we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission or UK Information Commissioner's Office, or transfers to countries with an adequacy decision.

By using the Services you consent to these international transfers.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Services. These include:

  • Essential cookies — required for the Platform to function (e.g. session management, authentication). These cannot be disabled.
  • Analytics cookies — used by Google Analytics to collect anonymised usage data. You can opt out via your browser settings or Google's opt-out tool.
  • Preference cookies — used to remember your settings and preferences (e.g. WhatsApp connection state).

By using the Services you consent to our use of cookies. You may disable non-essential cookies via your browser settings, but some features may not work correctly as a result.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. We may also retain certain information after account closure where required by law, to resolve disputes, enforce our Terms, or for legitimate business purposes (such as fraud prevention).

AI chat and WhatsApp interaction logs are retained for a period necessary to maintain your profile and improve the Services, after which they are anonymised or deleted.

Payment records are retained for the period required by applicable tax and financial regulations.

You may request deletion of your personal information at any time (see Section 12).

11. Children's Privacy

The Services are not intended for anyone under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have done so, we will promptly delete that information. If you believe a child under 16 has provided us with personal information, please contact support@leaso.com.

12. Your Rights

Depending on where you are located, you may have the following rights regarding your personal information:

All users

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — request deletion of your personal information, subject to legal retention obligations.
  • Opt out of marketing — unsubscribe from marketing emails at any time via the link in any email, or update your preferences in Settings.
  • WhatsApp opt-out — disconnect WhatsApp at any time via Settings.

EEA and UK users (GDPR / UK GDPR)

  • Restriction — ask us to restrict processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Human review — request human review of any automated decision that significantly affects you.
  • Complaint — lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national supervisory authority in the EEA).

To exercise any of these rights, contact us at support@leaso.com. We will respond within 30 days (or within the timeframe required by applicable law).

13. Data Security

We implement technical and organisational measures to protect your personal information, including encryption of data in transit and at rest, access controls, and regular security reviews. However, no method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and any applicable regulatory authority as required by law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or in-app notification before the change takes effect. Your continued use of the Services after the effective date of any update constitutes acceptance of the revised Policy.

The current version of this Policy is always available at leaso.com/privacy.

15. Contact and Complaints

For questions, requests, or concerns about this Privacy Policy or how we handle your personal information, contact us at:

Email: support@leaso.com

Website: leaso.com/contact

We will investigate and respond within a reasonable time. If you are not satisfied with our response:

  • Australian users may contact the Office of the Australian Information Commissioner at oaic.gov.au.
  • UK users may contact the Information Commissioner's Office at ico.org.uk.
  • EEA users may contact their national data protection authority.