Legal

Privacy Policy

Last updated: June 2026  ·  Buy Build Sell Pty Ltd  ·  buybuildsell.com.au

Summary: We collect only what we need to run the platform. We never sell your data. Your deal information is private to your account only. You can request deletion at any time.

Contents

  1. Who We Are
  2. What Data We Collect
  3. How We Use Your Data
  4. Cookies
  5. Data Sharing
  6. Data Retention
  7. Your Rights
  8. Security
  9. Children
  10. Additional Rights for US Residents
  11. UK & EU Rights (UK GDPR)
  12. Changes to This Policy
  13. Contact Us

🏠 1. Who We Are

Buy Build Sell Pty Ltd operates the M&A Deal Room platform at buybuildsell.com.au. We provide analytical software tools to help individuals evaluate potential business acquisitions.

We are based in Melbourne, Australia and are subject to the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). We serve users globally including Australia, the United Kingdom, the United States and other jurisdictions. We are committed to meeting applicable privacy obligations in each region where we operate, as described in this policy.

Contact: admin@buybuildsell.com.au  ·  +61 426 357 193

📄 2. What Data We Collect

Account information

  • First name, last name, email address
  • Password (encrypted and never readable by us)
  • IP address at registration
  • Subscription plan and billing history

Deal and financial data

  • Business names, financial figures and documents you upload
  • Seller questionnaire responses
  • LBO calculations and saved scenarios
  • Notes and analysis you create

Usage data

  • Feature usage counts (AI extractions, LBO saves)
  • Login timestamps
  • Browser type and general location (country level)

We do not collect payment card details — payments are processed by Stripe and subject to their privacy policy.

⚙️ 3. How We Use Your Data

PurposeLegal Basis
Providing the platform and your accountContract performance
Sending confirmation and notification emailsContract performance
Enforcing plan limits (deal counts, extraction usage)Contract performance
Improving platform features and fixing bugsLegitimate interests
Sending product updates (you can opt out)Legitimate interests
Complying with legal obligationsLegal obligation

We do not use your deal data or financial figures for any purpose other than operating your account. We never use deal data for training AI models or for marketing.

🍪 4. Cookies

We use the following cookies:

CookiePurposeDuration
VMAISESSIDSession authentication — keeps you logged inSession (deleted on browser close)
cookie_consentStores your cookie preference1 year (localStorage)
disclaimer_acceptedRemembers disclaimer acceptanceSession

We do not use advertising cookies, third-party tracking cookies, or cross-site tracking of any kind.

You can manage cookies through your browser settings. Disabling the session cookie will prevent you from logging in.

👥 5. Data Sharing

We do not sell, rent or share your personal data with third parties for marketing purposes. Data is only shared in the following limited circumstances:

  • Stripe — payment processing. Subject to Stripe's Privacy Policy.
  • Cloud hosting provider — server infrastructure only; data is hosted in Australia. They do not access your data.
  • Legal requirements — if required by law, court order or to protect our legal rights.

Your deal data is strictly isolated to your account. Other platform users cannot see your deals, prospects or financial data.

📅 6. Data Retention

  • Active accounts: Data retained for the life of your account plus 90 days after cancellation.
  • Deleted accounts: Personal data deleted within 30 days. Anonymised usage statistics may be retained.
  • Financial documents: Deleted immediately upon your request or within 30 days of account deletion.
  • Billing records: Retained for 7 years to comply with Australian tax law.

⚖ 7. Your Rights

Under the Australian Privacy Act and applicable laws, you have the right to:

  • Access — request a copy of all personal data we hold about you
  • Correction — ask us to correct inaccurate data
  • Deletion — request deletion of your account and all associated data
  • Portability — request your data in a machine-readable format
  • Object — opt out of non-essential communications at any time

To exercise any of these rights, email admin@buybuildsell.com.au. We will respond within 30 days.

🔒 8. Security

  • All data transmitted over HTTPS/TLS encryption
  • Passwords stored using AES encryption — never readable in plain text
  • User data isolated at the database level — strict per-user access controls
  • Server-side session management with secure, httponly cookies
  • Regular backups with encrypted storage

While we take security seriously, no system is completely immune to breaches. If a breach occurs that affects your data, we will notify you within 72 hours as required by law.

👨‍👩 9. Children

The M&A Deal Room is intended for adults engaged in commercial activities. We do not knowingly collect data from anyone under the age of 18. If you believe a minor has registered, contact us immediately at admin@buybuildsell.com.au.

🇺🇸 9a. Additional Rights for US Residents

If you are a resident of the United States, this section applies to you in addition to the rest of this policy. Because privacy laws vary by state, we apply the following baseline rights to all US users regardless of state:

Your US Privacy Rights

  • Right to Know — You may request a copy of the personal information we have collected about you in the past 12 months, including the categories of data, the purposes for collection, and any third parties we share it with.
  • Right to Delete — You may request deletion of your personal information, subject to certain exceptions (e.g. legal obligations, active subscriptions).
  • Right to Correct — You may ask us to correct inaccurate personal information we hold about you.
  • Right to Opt Out of Sale — We do not sell personal information to third parties. No opt-out is required, but you have this right and we honour it.
  • Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights. You will receive the same quality of service regardless.
  • Right to Data Portability — You may request your data in a structured, machine-readable format.

How to Exercise Your Rights

Submit a verifiable request by emailing admin@buybuildsell.com.au with the subject line "US Privacy Request". We will respond within 45 days as required under applicable US state law (with one 45-day extension if needed). We may need to verify your identity before processing your request.

Authorised Agents

You may designate an authorised agent to submit a request on your behalf. We will require written proof of authorisation and may verify your identity directly.

Sensitive Personal Information

We do not collect sensitive personal information as defined under US state privacy laws (e.g. social security numbers, financial account credentials, health data, biometric data).

This blanket statement is intended to cover residents of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and all other US states with applicable privacy legislation. We apply these rights uniformly to all US users.

🇬🇧 9b. Additional Rights for UK & EU Residents (UK GDPR)

If you are located in the United Kingdom or European Economic Area, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (and, for EU residents, the EU GDPR) apply to our processing of your personal data. This section supplements the rest of this policy.

Data Controller

The data controller is Buy Build Sell Pty Ltd, contactable at admin@buybuildsell.com.au or +61 426 357 193.

Lawful Bases for Processing

We process your personal data under the following lawful bases (UK GDPR Article 6): performance of a contract (operating your account), legitimate interests (improving and securing the platform, and product updates you can opt out of), legal obligation (tax and compliance records), and consent where required (for example, non-essential cookies). Where we rely on consent you may withdraw it at any time.

Your UK / EU Rights

  • Access, rectification and erasure of your personal data
  • Restriction of, and objection to, processing
  • Data portability — your data in a structured, machine-readable format
  • Withdraw consent at any time, without affecting prior lawful processing
  • Not to be subject to solely automated decisions producing legal or similarly significant effects (we do not carry out such automated decision-making)

To exercise these rights, email admin@buybuildsell.com.au. We respond within one month, as required by the UK GDPR.

International Data Transfers

Our servers are located in Australia. Where personal data of UK or EU residents is transferred to Australia, we rely on appropriate safeguards consistent with the UK GDPR (such as the UK International Data Transfer Agreement / Addendum and equivalent contractual protections), and we apply the protections described in this policy regardless of where your data is processed.

Right to Complain

You may lodge a complaint with your local supervisory authority. In the UK this is the Information Commissioner's Office (ICO) (ico.org.uk); in Australia, the Office of the Australian Information Commissioner (OAIC) (oaic.gov.au). We ask that you contact us first so we can try to resolve your concern directly.

📝 10. Changes to This Policy

We may update this policy from time to time. When we make material changes we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of the platform after notification constitutes acceptance of the updated policy.

📞 11. Contact Us

If you have any questions about this privacy policy or how we handle your data:

Buy Build Sell Pty Ltd

Melbourne, Australia
Platform: buybuildsell.com.au
Privacy enquiries: admin@buybuildsell.com.au
Phone: +61 426 357 193

Email Us