Skip to content

Privacy Policy

Last updated: March 2026

Overview

Domato (“we”, “our”, “us”) operates a suite of AI-powered products including BrokerIQ (realestate.domato.ai) and PublicIQ (publiciq.domato.ai), as well as this corporate website (domato.ai). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access any of our products and services. Each product may operate on a separate domain with distinct functionality, but this policy applies across all Domato-operated services unless a product-specific policy states otherwise.

We are committed to complying with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable state and territory privacy legislation. Where we operate services accessible outside Australia, we also endeavour to meet the expectations of comparable international privacy frameworks.

Information we collect

The types of information we collect depend on which Domato product you use and how you interact with it.

Information you provide directly

  • Contact and enquiry forms: Name, email address, company name, and message content when you submit a form on domato.ai.
  • Account information: Where a Domato product requires registration (e.g. BrokerIQ), we collect your name, email, and any preferences you configure.
  • Support communications: Information you include in emails or support requests sent to support@domato.ai.

Information collected automatically

  • Usage data: Pages viewed, features used, search queries (e.g. scenario activity on BrokerIQ), interaction patterns, and session duration. This helps us understand how products are used and where we can improve.
  • Device and technical data: Browser type, operating system, device type, screen resolution, IP address, and referring URL.
  • Cookies and similar technologies: We use cookies, local storage, and similar mechanisms for session management, preference persistence (e.g. dark mode settings, saved preferences), and analytics. See the Cookies section below for details.

Information from public sources

Some Domato products aggregate and analyse publicly available data as a core part of their functionality. For example, Domato Real Estate uses publicly available suburb-level data (demographics, amenities, transport, infrastructure) to generate location insights. PublicIQ will aggregate data from government databases, public filings, news sources, and other openly accessible datasets. This data relates to places, organisations, and public records — not to individual users — and is processed to generate aggregated intelligence, not to identify or profile individuals.

How we use your information

We use personal information for the following purposes:

  • Service delivery: To operate, maintain, and provide the features of our products — including broker scenario management, client intake, calculations, and public data analytics.
  • Product improvement: To analyse usage patterns, identify issues, and improve the accuracy and relevance of our AI-driven features.
  • Communications: To respond to your enquiries, provide customer support, and send product-related updates where you have opted in.
  • Security and integrity: To detect and prevent fraud, abuse, and security incidents across our services.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

Where AI is used within our products (e.g. answering natural language queries or generating data insights), it operates on the data relevant to that specific product function. We do not intentionally use your personal information to train general-purpose AI models. However, some third-party AI providers we integrate with may have their own data practices — we select providers whose terms align with our privacy commitments and opt out of training programmes where available.

Product-specific considerations

BrokerIQ (realestate.domato.ai)

This product is a workspace for mortgage brokers that includes scenario management, client intake, calculators, and CDR market rate data. Loan scenarios, client intake submissions, and workspace data you create are stored to provide a persistent experience. If you use Gmail Integration, email content is imported only into your workspace and is not shared with other users or organisations. Document uploads submitted through client intake are stored securely and accessible only to your organisation.

PublicIQ (publiciq.domato.ai)

PublicIQ aggregates census demographics, crime statistics, and government data from official public sources across Australian statistical areas. The product does not collect personal information from end users beyond account credentials and usage analytics. The public data processed by PublicIQ relates to suburbs, regions, and statistical areas, and is not used to identify or profile individuals.

Data sharing and disclosure

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

  • Service providers: We use trusted third-party providers for hosting, analytics, email delivery, and other operational functions. These providers are contractually required to handle your data securely and only for the purposes we specify.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or enforceable government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to the same privacy protections described here.
  • With your consent: We may share information where you have given explicit consent.

Data security

We implement technical and organisational measures appropriate to the sensitivity of the information we handle. These include:

  • Encryption of data in transit (TLS)
  • Access controls and authentication for internal systems
  • Periodic security reviews and dependency updates
  • Hosting on enterprise-grade cloud infrastructure
  • Role-based access for enterprise deployments

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security and encourage you to use strong passwords and protect your account credentials.

Data retention

We retain personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Contact form submissions are retained for the duration of any resulting business relationship. Usage analytics are retained in aggregated, de-identified form. Account data is retained until you request deletion. For enterprise deployments, data retention periods are defined in the applicable client agreement.

Cookies and local storage

Our products use cookies and browser local storage for:

  • Essential functionality: Session management, authentication tokens, and user preferences (e.g. theme settings, workspace configuration).
  • Analytics: Understanding how our products are used so we can improve them. We aim to use analytics tools that minimise the collection of personally identifiable information.

We do not knowingly use third-party advertising cookies. Some analytics providers may set their own cookies — we recommend reviewing your browser settings to manage cookie preferences. Disabling cookies may affect the functionality of certain features.

Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or out-of-date information
  • Request deletion of your personal information, subject to any legal obligations we may have to retain it
  • Opt out of marketing communications at any time
  • Lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at support@domato.ai. We will respond to access and correction requests as soon as practicable.

Third-party links

Our products may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our products.

Children's privacy

Our products are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will take steps to delete it promptly.

International data transfers

Some third-party service providers we use may process data in jurisdictions outside Australia. Where personal information is transferred outside Australia, we take reasonable steps to ensure the recipient handles it in accordance with the Australian Privacy Principles or substantially similar protections.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, products, or legal requirements. Material changes will be communicated by posting the updated policy on this page with a revised “Last updated” date. We encourage you to review this policy periodically.

Contact

If you have questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, contact us at:

Domato

Email: support@domato.ai

Web: domato.ai/contact

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).