Privacy Policy

Effective date: June 30 2025

Last updated: May 25th 2026

Miira is a real estate sales platform. We collect personal information about our customers (real estate developers, agencies and agents) and about the prospective buyers, tenants and other individuals whose enquiries flow through our customers’ workspaces from sources such as realestate.com.au, Domain, Apartments.com.au, OpenLot, Meta, TikTok, Zapier, custom forms, email and direct calls. We use that information to run the CRM, send marketing emails and SMS where the law permits, host project media for prospects to view, schedule appointments, and record and transcribe sales calls and meetings where consent has been given. We never sell personal information. We adhere to the Google API Services User Data Policy (including Limited Use). You can request access to or deletion of your information at any time at exclude@miira.com.au


1. Introduction

This Privacy Policy describes how Miira Technologies Pty Ltd (ABN [INSERT ABN]) (“Miira”, “we”, “us”, “our”) collects, uses, stores, shares, secures and disposes of personal information in connection with the Miira platform, our website at https://www.miira.app, our mobile and tablet applications, our presentation “Control” and CRM “Portal” products, and all related services (collectively, the “Services”).

Miira is an operating system for selling property. We help real estate developers, agencies and sales teams run multi-residence projects end-to-end: presenting media, managing stocklists, capturing leads from advertising portals and forms, sending marketing communications, scheduling and recording appointments, and tracking the buyer journey through to deposit and settlement. As part of providing the Services we necessarily handle personal information about three different groups of individuals, and this policy explains our practices in respect of each.

This policy is designed to comply with:

  • The Australian Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs);

  • The Spam Act 2003 (Cth), in respect of commercial electronic messages sent through the Services;

  • The Do Not Call Register Act 2006 (Cth), in respect of telemarketing activity facilitated by the Services;

  • Australian state and territory surveillance, listening and workplace surveillance legislation, in respect of call and meeting recording features;

  • The Google API Services User Data Policy (including the Limited Use requirements) and Workspace API user data and developer policy;

  • Other applicable laws where we operate.

2. Who this policy applies to

This policy applies to three distinct categories of individuals, each of whom we treat slightly differently:

(a) Website visitors. Anyone who visits https://www.miira.app, our marketing pages, or our public lead-portal pages hosted on our infrastructure.

(b) Miira customers and authorised users (“Customers”). The real estate developers, agencies, brokerages, project marketers, sales managers and individual agents who hold a Miira subscription, and the team members they invite into a workspace. Customers are the controllers of the data in their own workspace.

(c) Prospects and other end-individuals (“Prospects”). The prospective buyers, investors, tenants, vendors, agents, contractors and other individuals whose personal information is captured by, uploaded to, or otherwise processed through a Customer’s Miira workspace — typically because they have enquired about a project advertised on realestate.com.au, Domain, Apartments.com.au, OpenLot, a developer website, Meta or TikTok lead forms, a Zapier-connected source, or directly by phone, email or SMS. For Prospect data we are generally acting as a service provider to the relevant Customer.

If you are a Prospect and you would like to access, correct or delete information held about you, you should usually contact the Customer (the agent, agency or developer) you have been dealing with first, as they control the data in their workspace. If you cannot reach them or need our help, you can always contact us at exclude@miira.com.au and we will work with the relevant Customer to action your request.

3. About Miira and how to contact us

Entity: Miira Technologies Pty Ltd

ABN: 87 688 069 712

Registered address: Suite 26/68 Victor Cres, Narre Warren VIC 3805

Email (privacy and general): contact@miira.com.au

Email (data deletion and access requests): exclude@miira.com.au

Website: https://www.miira.app

4. What information we collect

The categories of information we collect depend on whether you are a Website visitor, a Customer, or a Prospect, and on which features you (or the Customer acting on your behalf) choose to use.

4.1 Information about Customers and authorised users

Account and identity data. Name, work email, phone number, job title, agency or developer name, profile photo, and password (stored only as a salted, irreversible hash).

Subscription and billing data. Billing contact, business address, ABN, tier selected (Developer, Agency or Enterprise), seat counts, invoice history and tax data. Payment card numbers are collected and tokenised directly by our payment processor and are never stored on Miira servers.

Workspace configuration. Project names, branding, team structure, role assignments, pipeline stages, automation rules, lead-routing rules, templates, and integration credentials (OAuth tokens, API keys, SMTP credentials, inbound email aliases).

Usage telemetry. Pages viewed, features used, search queries, presentations streamed, devices presented to, sessions, timestamps, browser, OS, device identifiers, language, referrer URL and crash/error logs.

Support communications. Any messages, attachments, recordings or screenshots you share with us through support channels.

4.2 Information about Prospects

When a Customer uses Miira to capture and manage leads, the following categories of information about Prospects are typically held in their workspace. The exact fields depend on the source and on what the Prospect has provided.

Identity and contact data. Name, email address, phone number(s), postal address, social handles (where supplied by the source), language preference.

Enquiry and intent data. The property, project, residence, floor plan or price-point the Prospect enquired about; the enquiry message and any free-text; the source of the lead (e.g. realestate.com.au, Domain, Apartments.com.au, OpenLot, developer website, Meta lead ad, TikTok lead form, Zapier-connected source, inbound email, custom form or manual entry); timestamps; UTM and campaign parameters; referring URL.

Financial and qualifying data (only where the Prospect or Customer provides it). Budget range, finance status, buyer profile (owner-occupier, investor, downsizer, first-home-buyer, etc.), timeline to purchase, requirements (beds, baths, parking, orientation, level), existing property, deposit amount or status. Miira does not require this data; it is optional context the Customer may capture.

Communications content and metadata. Emails, SMS messages, in-app notes, call logs and call recordings (where consent has been obtained — see Section 6), meeting transcripts and action items generated by Miira’s AI features, and the contents of any documents, brochures or media shared with the Prospect through a prospect portal.

Engagement data. When a Prospect opens a Miira-hosted prospect portal, views shared media, downloads collateral, clicks links in marketing emails, replies to SMS or opens a tracked email, Miira records the engagement event (timestamp, IP address, approximate location derived from IP, device type, page or asset viewed, dwell time) so the Customer can see what the Prospect has engaged with.

Pipeline and lifecycle data. Pipeline stage (e.g. Lead, Appointment, Marketing, Deposit, Sold), allocated agent, assigned residence(s) of interest, follow-up tasks, deposit and contract status.

4.3 Information about Website visitors

Log and device data. IP address, browser, OS, device type, referrer, pages viewed, search terms and timestamps.

Cookies and similar technologies. First-and third-party cookies, local storage and similar technologies, used for authentication, session management, preferences, analytics and (where you consent) marketing measurement. You can control cookies through your browser; see Section 13.

Forms you submit. If you contact us through the website, book a demo, or sign up for updates, we collect what you submit (typically name, email, company and message).

4.4 Information we receive from connected services and integrations

A central feature of Miira is the consolidation of leads and communications from many sources into one workspace. When a Customer authorises a connection, we receive information from that source according to the permissions granted and the source’s own policies.

Real estate portals and lead sources

realestate.com.au (REA Group). Enquiry records for listings advertised on REA, delivered to Miira via API, branded email (“mail pass” / inbound parsing) or webhook, including the Prospect’s name, contact details, the enquiry message and the listing identifier.

Domain. Enquiry records for listings on Domain, delivered via API, email parsing or webhook.

Apartments.com.au. Enquiry records for apartment listings, delivered via API, email parsing or webhook.

OpenLot. Enquiry records for house-and-land and lot listings, delivered via API, email parsing or webhook.

Meta (Facebook and Instagram) lead ads. Leads submitted via Meta lead forms, delivered through the Meta Marketing API once the Customer connects their Meta business account.

TikTok for Business lead generation. Leads submitted via TikTok lead forms, delivered through the TikTok Marketing API once the Customer connects their TikTok business account.

Zapier and other webhook sources. Any source the Customer connects via Zapier or a generic webhook — the data we receive depends entirely on what that source sends.

Custom forms and website widgets. Forms hosted on Customer websites that post directly to Miira, including the fields the Customer has configured.

Inbound email aliases. Email forwarded to a Miira-issued address (e.g. leads@<customer>.miira.app) is parsed to create or update lead records.

Google user data (when a Customer connects a Google account)

If a Customer connects a Google account to Miira (typically Gmail and Google Calendar), Miira accesses data through Google APIs using OAuth. The specific Google user data we access depends on the scopes you authorise during the OAuth consent screen. Subject to the scopes you grant, this may include:

  • Google account profile information (name, email address, profile picture, and Google account ID) to identify the connected account in Miira;

  • Gmail messages, threads, metadata (sender, recipient, subject, timestamps, labels) and attachments — to identify and import real estate enquiries that arrive in your inbox into the relevant lead record, to send and reply to messages on your behalf from within Miira, and to keep email conversations associated with the relevant Prospect, contact or project;

  • Google Calendar events, attendees, conferencing data and availability — to display, create, update, cancel and synchronise appointments (property inspections, display suite meetings, follow-up calls) between Miira and your Google Calendar, and to suggest available times to Prospects;

  • Where you separately authorise it, Google Contacts data, to keep your Miira contacts synchronised with your Google Contacts.

Section 7 sets out the additional commitments we make under the Google API Services User Data Policy, including the Limited Use requirements and our no-AI-training commitment for Google Workspace data.

Other connected services

Customers may also connect Microsoft 365 / Outlook, SMS providers, click-to-call telephony providers, document signing tools, accounting/invoicing tools, and analytics tools. When you do, we receive data from those services as needed to provide the integration.

4.5 Sensitive information

Miira is not designed to collect “sensitive information” as defined in the Privacy Act (such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal record). We ask that Customers do not enter sensitive information into Miira unless it is genuinely necessary for the sales process and they have a lawful basis to do so. If a Prospect voluntarily provides sensitive information (for example, mentioning accessibility requirements when enquiring about a residence), it will be treated with the same security as other personal information in the workspace.

5. Why we collect and how we use information

We use personal information only for purposes that are reasonably necessary to operate, provide, secure and improve the Services, to communicate with our Customers and (where permitted) with Prospects on Customers’ behalf, and to comply with our legal obligations. The principal purposes are:

Providing the CRM and presentation platform

  • Authenticating Customers and authorised users, hosting their workspaces, and keeping data tied to the right project, residence and Prospect;

  • Streaming project media (renders, floor plans, videos, brochures) from the Miira “Control” presentation product to phones, tablets, office TVs and immersion rooms;

  • Building and maintaining stocklists, including the automatic extraction of beds, baths, internal/external areas, status and price from uploaded floor plans using AI vision models;

  • Tying every lead to the unit(s) the Prospect is interested in and exposing pipeline, allocation and activity views to Customers.

Lead ingestion and routing

  • Receiving leads from portals, forms, email, social platforms and webhooks, deduplicating them against existing contacts, and routing them to the right agent or queue;

  • Triggering Customer-configured workflows (“Playbooks”), notifications, auto-responses and follow-up sequences.

Communications with Prospects on a Customer’s behalf

  • Sending and receiving email (including click-to-track marketing emails) on behalf of the Customer, from the Customer’s connected mailbox or from Miira’s sending infrastructure;

  • Sending and receiving SMS messages between the Customer and Prospects through Miira’s connected SMS providers;

  • Initiating click-to-call telephone calls between the Customer and the Prospect through Miira’s connected telephony providers;

  • Hosting prospect portals — Miira-hosted pages from which a Prospect can view media and collateral that the Customer has shared with them — and recording engagement events on those portals (opens, views, downloads, dwell time);

  • Bulk and segmented marketing email and SMS campaigns sent by Customers to Prospects, subject to Section 6.

Appointments and meeting capture

  • Scheduling property inspections and meetings through Google Calendar, Microsoft 365 or Miira’s native scheduling tools;

  • Recording and transcribing calls and meetings where Miira’s call/meeting capture feature has been enabled and the participants have consented in accordance with applicable law (see Section 6);

  • Generating notes, action items, summaries and follow-up drafts from transcripts and pushing them back to the relevant contact record.

Billing, administration, security and legal compliance

  • Processing subscription payments and maintaining invoicing and tax records;

  • Detecting, investigating and preventing fraud, abuse, account takeover, spam, malware and other security issues; enforcing our Terms;

  • Complying with law and responding to lawful requests from regulators, courts and authorities;

  • Maintaining backups, monitoring system health and supporting customers.

Improvement and analytics

  • Aggregated and de-identified analytics of how the Services are used, to debug, improve performance and prioritise new features;

  • Powering Miira’s product-specific AI features (e.g. floor-plan extraction, meeting transcription, draft replies, lead summarisation). See Section 8 for our approach to AI and model training.

6. Marketing communications, SMS, telephony and call recording

Miira gives Customers the ability to communicate with Prospects at scale: marketing emails, SMS broadcasts, click-to-call telephony, and call/meeting recording with AI transcription. These features carry specific legal requirements. We allocate responsibility between Miira and our Customers as follows.

6.1 Marketing email and SMS (Spam Act 2003)

Where a Customer sends commercial electronic messages (marketing emails or SMS) to Prospects through Miira, the Customer is the “sender” for the purposes of the Spam Act 2003 (Cth) and is responsible for ensuring that:

  • the recipient has given express or inferred consent to receive the message;

  • the message clearly and accurately identifies the sender and provides their contact details; and

  • the message contains a functional unsubscribe facility that operates for at least 30 days after the message is sent.

Miira supports these obligations by: (i) automatically appending a working unsubscribe link to bulk marketing emails sent through our platform; (ii) honouring unsubscribe requests across the Customer’s workspace so a Prospect is suppressed from future marketing once they unsubscribe; (iii) honouring SMS STOP / opt-out replies; and (iv) maintaining suppression lists. Customers must not disable these mechanisms or attempt to message Prospects who have unsubscribed.

Transactional and service messages (for example, an inspection confirmation, an appointment reminder, or a reply to a direct enquiry) are not “commercial electronic messages” where they relate to a transaction the Prospect has initiated, but the same identification requirements apply.

6.2 Telemarketing and the Do Not Call Register

Where Customers use Miira’s click-to-call or campaign-calling features to make telemarketing calls, the Customer is the “caller” for the purposes of the Do Not Call Register Act 2006 (Cth) and is responsible for washing their calling lists against the Do Not Call Register and observing permitted calling hours. Miira does not perform Do Not Call washing on Customers’ behalf.

6.3 Call and meeting recording and transcription

Miira’s appointment capture feature can record calls and meetings and generate transcripts, summaries and action items. Recording of telephone calls and in-person meetings is regulated in Australia by state and territory surveillance, listening and workplace surveillance legislation, which differs across jurisdictions — in some states all parties to a private conversation must consent before it is recorded; in others, the consent of one party may be sufficient; and additional rules apply to workplace surveillance.

Customer responsibilities. It is the Customer’s responsibility to ensure that all parties to a call or meeting have been informed that the conversation will be recorded and transcribed, and that any required consents have been obtained, before activating the recording feature. Miira provides audible/visual notification prompts and pre-call disclosure templates to help Customers comply, but Customers retain ultimate responsibility.

How we handle recordings. Audio recordings and transcripts are stored in the Customer’s workspace, encrypted at rest, accessible only to authorised users of that workspace, and retained according to the retention rules in Section 11. Recordings and transcripts are processed by Miira’s AI transcription subprocessors strictly to deliver the transcription and summarisation features the Customer has requested; they are not used to train general AI/ML models.

6.4 Marketing from Miira itself

We may send you (as a Customer or website lead) marketing communications about new Miira features, releases and offers. You can opt out at any time by using the unsubscribe link in those messages or by emailing exclude@miira.app. Service messages (security alerts, billing notices, material changes to the Services or to this policy) will continue regardless of marketing preferences.

7. Google user data and Limited Use

Miira’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This section is written to satisfy Google’s disclosure expectations for Restricted Scopes and is incorporated into and forms part of this Privacy Policy.

7.1 What Google user data we access

Subject to the OAuth scopes a Customer grants on the Google consent screen, Miira accesses:

  • Basic Google profile information (name, email, picture, Google account ID) to identify the connected account in Miira;

  • Gmail messages, threads, metadata, labels and attachments — to import real estate enquiries into the relevant lead record, to send and reply to messages on the Customer’s behalf from within Miira, and to keep email conversations associated with the relevant Prospect and project;

  • Google Calendar events, attendees, conferencing data and availability — to display, create, update, cancel and synchronise appointments between Miira and the Customer’s calendar.

We request the minimum scopes necessary to deliver the user-facing features the Customer has enabled.

7.2 How we use Google user data

Google user data is used solely to provide and improve the user-facing features visible in Miira to the Customer who connected the account. Specifically:

  • Purpose-limited use. We use Google user data only to deliver the CRM, lead import, email send/reply and calendar synchronisation features described above, and to support, troubleshoot and improve those features.

  • No advertising. We do not use Google user data for serving advertising, including retargeting, personalised or interest-based advertising.

  • No selling. We do not sell Google user data.

  • Limited human access. We do not allow humans to read Google user data unless: (a) we have the Customer’s affirmative agreement to view specific messages (e.g. during a support session); (b) it is necessary for security purposes (such as investigating abuse or a security incident); (c) it is necessary to comply with applicable law; or (d) the data has been aggregated and de-identified and is used for internal operations in accordance with applicable privacy and other laws.

  • No AI/ML training on Workspace data. We do not use Google Workspace API data (including data from Gmail and Google Calendar) to develop, improve or train generalised or non-personalised AI and/or machine learning models. Where Miira provides AI-assisted features that operate on Google data — for example, summarising an inbound enquiry email or suggesting a reply — the AI processing is performed in real time, scoped to the user’s own data, and is not used to train models that serve other customers or general use cases.

  • No transfer except as required. We do not transfer Google user data to third parties except (i) as necessary to provide or improve the user-facing features described above (for example, to our cloud hosting and email infrastructure providers acting as our subprocessors), (ii) to comply with applicable law or valid legal process, or (iii) as part of a merger, acquisition or sale of assets with notice to affected users.

7.3 Storing, securing and deleting Google user data

Google user data is stored on encrypted infrastructure in line with Section 10. OAuth access and refresh tokens are encrypted at rest and used only to deliver authorised features. Customers can disconnect a Google account at any time from Miira’s integration settings, and can revoke Miira’s access at https://myaccount.google.com/permissions. Disconnection or revocation immediately stops Miira from accessing further Google user data. Data already imported into the Customer’s Miira workspace (for example, emails that were imported into lead records or calendar events that were synced) remains in the workspace until the Customer deletes it or their account is deleted in accordance with Section 11.

7.4 Workspace API AI/ML training disclosure

Miira affirms that it does not retain or use data obtained from Google Workspace APIs to develop, improve or train generalised or non-personalised AI and/or ML models. Any AI features that touch Workspace data are scoped to the requesting Customer’s own data and produce outputs only for that Customer.

8. Our use of artificial intelligence

Miira uses AI in several product features. We use AI responsibly and in a way that respects the trust Customers and Prospects place in us.

  • Floor-plan extraction. When a Customer uploads floor plans, Miira uses computer-vision and language models to extract beds, baths, internal/external/total areas, status and indicative price. The output is shown to the Customer for review before publication.

  • Call and meeting transcription and summarisation. Where call/meeting recording has been enabled with appropriate consent, Miira uses speech-to-text and large-language-model subprocessors to produce transcripts, summaries, action items, stock-interest tags and draft follow-up messages. Transcripts and summaries are stored in the workspace and visible only to authorised users of that workspace.

  • Drafting and suggestion features. Miira may suggest replies to Prospect enquiries, summarise long email threads, or generate first drafts of follow-up communications. The Customer reviews, edits and approves all messages before they are sent.

  • No third-party model training. We contract with our AI subprocessors so that Customer data, Prospect data and Google user data submitted to them is processed only to deliver the requested output. We do not permit our AI subprocessors to use that data to train their general-purpose models, and we do not use it to train Miira’s own general-purpose models.

  • Human oversight. AI output is always reviewable and editable by the relevant Customer. AI suggestions are not used to make automated decisions that produce legal or similarly significant effects on Prospects.

9. How we share information

We do not sell personal information. We share personal information only in the following circumstances:

9.1 With the Customer who controls the workspace

If you are a Prospect, your information is held in the workspace of the Customer (agent, agency, developer or project marketer) who is dealing with you. That Customer is the controller of the data in their workspace; their team members can see, edit and act on that data, and Miira processes it on their behalf.

9.2 With service providers (subprocessors)

We share personal information with carefully selected service providers under contracts that require them to protect the data and use it only for the purposes we specify. Our categories of subprocessors include:

  • Cloud hosting and storage. To host the platform, store databases and media, and run backups.

  • Email infrastructure. To send transactional and marketing emails on Customers’ behalf, to deliver inbound email to workspaces, and to render email engagement events.

  • SMS providers. To send and receive SMS messages between Customers and Prospects, and to process STOP/opt-out replies.

  • Telephony providers. To place click-to-call calls, manage phone numbers and route call audio.

  • AI subprocessors. Speech-to-text, transcription, summarisation and language-model providers used to deliver the AI features described in Section 8.

  • Payment processors. To process subscription payments, manage payment methods and produce invoices.

  • Analytics and error monitoring. To measure platform usage, diagnose errors and improve performance.

  • Customer support tools. To manage and respond to support requests.

  • Identity, fraud and abuse-prevention tools. To verify accounts and detect malicious activity.

A current list of subprocessors is available on request from hello@miira.app.

9.3 With integrations a Customer authorises

When a Customer connects a third-party service (realestate.com.au, Domain, Apartments.com.au, OpenLot, Meta, TikTok, Zapier, Google, Microsoft 365, an SMS gateway, a telephony provider, an accounting tool, etc.), data flows between Miira and that service as needed to provide the integration the Customer has configured. The third party’s own privacy policy governs its handling of the data.

9.4 Legal, safety and compliance disclosures

We may disclose personal information where we believe in good faith that disclosure is required or permitted by law, including in response to lawful requests by public authorities; to enforce our Terms; to protect the rights, property or safety of Miira, our Customers, Prospects or others; and to detect, prevent or address fraud, security or technical issues.

9.5 Business transfers

If Miira is involved in a merger, acquisition, financing, reorganisation, insolvency or sale of all or part of its assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections and continued application of this policy or an equivalent policy. We will notify affected users of any change in ownership or use of their personal information that requires their consent under applicable law.

9.6 Aggregated and de-identified information

We may share aggregated or de-identified information that cannot reasonably be used to identify an individual — for example, benchmarks about lead-response times across the industry, or product analytics.

10. How we store and protect information

We take the security of personal information seriously and apply administrative, technical and physical safeguards designed to protect it against loss, misuse and unauthorised access, disclosure, alteration and destruction. Our principal safeguards include:

  • Encryption in transit. All traffic to and from the Miira platform is encrypted using TLS 1.2 or higher.

  • Encryption at rest. Databases, object storage (including project media and call recordings), search indexes and backups are encrypted at rest using AES-256 or equivalent.

  • Credentials and tokens. Passwords are stored only as salted, irreversible hashes. OAuth access and refresh tokens (including for Google, Microsoft and other connected services) are encrypted using envelope encryption with keys managed by our cloud provider’s key-management service.

  • Access control. Access to production systems is restricted to authorised personnel on a least-privilege, need-to-know basis, protected by single sign-on, hardware-key-backed multi-factor authentication, and audited. Customer workspaces are logically separated and access is role-based.

  • Network security. We use reputable cloud infrastructure providers, network segmentation, web application firewalls, DDoS mitigation and continuous monitoring.

  • Vulnerability management. We maintain dependency scanning, patching, code review, secrets scanning, and logging practices, and we periodically review our security posture against recognised frameworks.

  • Personnel. Our team is trained on privacy and security responsibilities, bound by written confidentiality obligations, and offboarded promptly when their access is no longer required.

  • Incident response. We maintain a documented incident response plan.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect personal information, we cannot guarantee absolute security. If we become aware of a data breach that is likely to result in serious harm to affected individuals, we will notify those individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable in accordance with the Notifiable Data Breaches scheme.

10.1 Where we store information

Miira primarily stores personal information on cloud infrastructure located in Australia. Certain subprocessors (notably some AI, email infrastructure, SMS, analytics and error-monitoring providers) may process data in the United States, the European Union, or other countries where they operate. Where personal information is processed outside Australia, we take reasonable steps to ensure it is handled consistently with this policy and applicable law, including by entering into contractual safeguards with our subprocessors and assessing the data-protection laws of the relevant jurisdictions.

By using the Services, Customers acknowledge that personal information they upload may be transferred to and processed in those jurisdictions.

11. Data retention and deletion

We retain personal information for as long as needed to provide the Services and for the legitimate business and legal purposes described below. Retention periods are necessarily approximate and may vary based on data type, Customer configuration and legal obligations.

11.1 Retention by data category

  • Customer account and workspace data. Retained for as long as the Customer’s account is active. Customers can delete records at any time from within their workspace.

  • Prospect records, communications, notes and engagement data. Retained in the relevant Customer workspace until the Customer deletes them, the Prospect requests deletion (see Section 11.3), or the Customer’s account is deleted.

  • Imported Google user data. Imported emails and synced calendar events remain in the workspace until deleted by the Customer or until the Customer disconnects the Google integration and we purge cached copies (typically within 30 days of disconnection, except where the Customer has explicitly chosen to retain the imported content in their workspace).

  • Call recordings and transcripts. Retained for the period set by the Customer in their workspace settings (default: 12 months), after which they are deleted. Customers may set a shorter retention period or delete recordings on demand.

  • Marketing engagement logs (opens, clicks, portal views). Retained for up to 24 months from the event, then deleted or aggregated.

  • Unsubscribe and suppression lists. Retained for as long as needed to honour the Prospect’s opt-out (potentially indefinitely).

  • Billing and tax records. Retained for at least 7 years as required by Australian tax law.

  • Security and audit logs. Retained for up to 12 months for security, abuse-prevention and forensics purposes.

  • Backups. Encrypted backups are retained on a rolling cycle (typically up to 35 days) and then deleted.

11.2 Deleting a Miira account

When a Customer deletes their Miira account (or asks us to do so), we will delete or de-identify the personal information in their workspace within 90 days, except where we are required to retain it for legal, tax, anti-fraud, dispute-resolution or audit purposes, or where it is contained in routine backups that are deleted on a rolling cycle. Aggregated, de-identified information may be retained for product analytics.

11.3 Prospect deletion and access requests

If you are a Prospect and you want to access, correct or delete the personal information held about you in a Miira workspace:

  • Step 1: contact the Customer (the agent, agency, developer or project marketer) you have been dealing with and ask them to action your request. Because the Customer controls the workspace, they are best placed to action it directly.

  • Step 2: if you cannot reach them, or you have already contacted them and need our help, email exclude@miira.com.au with the request and identifying details (such as the email address or phone number used in your enquiry, and the project name if you remember it). We will help locate the data and work with the Customer to action the request, and we will respond within a reasonable time, typically within 30 days.

11.4 Revoking Google access

Customers can disconnect a Google account at any time from Miira’s integration settings, or revoke Miira’s access at https://myaccount.google.com/permissions. Either step immediately stops further access to Google user data.

12. Your rights and choices

Subject to applicable law (principally the Australian Privacy Act and APPs), you have the following rights in respect of your personal information:

  • Access. Request a copy of the personal information we hold about you.

  • Correction. Request that we correct inaccurate or out-of-date information.

  • Deletion. Request deletion of your personal information (see Section 11).

  • Object or restrict. Object to certain uses of your information, including direct marketing.

  • Withdraw consent. Where we rely on consent, withdraw it at any time, including by disconnecting integrations.

  • Unsubscribe from marketing. Unsubscribe from marketing emails using the link in those emails, reply STOP to marketing SMS, or contact hello@miira.app.

  • Complain. Lodge a complaint with us at hello@miira.app. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au.

To exercise these rights, contact us at hello@miira.app. We may need to verify your identity before responding, particularly for requests relating to sensitive features such as call recordings.

13. Cookies, analytics and similar technologies

We use first-party and third-party cookies, local storage and similar technologies on our website and within the Miira platform to:

  • Keep you signed in and maintain your session;

  • Remember preferences such as language and display settings;

  • Measure feature usage and diagnose errors;

  • Measure marketing campaign performance (only where you consent or where applicable law allows).

Prospect portals hosted by Miira on behalf of Customers may set cookies to remember a Prospect’s session and to record engagement events on shared collateral. You can control cookies through your browser settings; disabling some cookies may affect functionality (for example, you may be unable to stay signed in).

14. Children

The Services are not directed to children. We do not knowingly collect personal information from individuals under the age of 18. Customers must not enter information about children into Miira unless it is genuinely necessary for a property transaction and they have a lawful basis to do so. If we become aware that we hold personal information about a child contrary to this policy, we will delete it.

15. Third-party websites and services

Our website and the Miira platform contain links to third-party websites (including realestate.com.au, Domain, Apartments.com.au, OpenLot, Meta, TikTok, Zapier, Google, Microsoft and others). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal information to them or connecting them to Miira.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal or regulatory requirements, or other factors. When we make material changes, we will update the “Effective date” and “Last updated” at the top of this policy and, where appropriate, give additional notice (by email to Customers, by an in-product notice, or by a notice on our website). We encourage you to review this policy periodically.

17. How to contact us

If you have any questions, comments or complaints about this Privacy Policy or our handling of personal information, please contact us:

Miira Technologies Pty Ltd

Email: privacy@miira.com.au

Website: https://www.miira.app