Privacy Policy

Last updated: 10 May 2026

Who we are

DueDili is operated by Alpine Code (ABN 83 774 179 276). In this policy, "we", "us", and "our" refer to Alpine Code. DueDili operates the DueDili website and the LotAPI address intelligence API. This policy explains what data we collect and how we use it.

1. Information we collect

Account information

• Email address— provided when you create an account or sign up for an API key. Used to identify your account and send service-related notifications.
• User intent— if you tell us why you're using DueDili (e.g. buying, investing, renovating), we store this to improve your experience.

API usage data

• Endpoints called, addresses queried, request timestamps, and response times. Used for rate limiting, debugging, and aggregate analytics.

Website analytics

• Google Analytics (GA4)— we use GA4 to understand page visits and feature usage. This may set cookies in your browser. See Google's privacy policy.
• First-party analytics— we operate our own analytics system to understand how people use DueDili. This collects:
  • A random visitor ID stored in your browser's localStorage
  • Page views, button clicks, and which report sections you expand or collapse
  • Device type (mobile/tablet/desktop), screen size, and browser orientation
  • How you arrived (referrer URL, UTM campaign parameters)
  • Session duration and scroll depth
• If you are signed in, analytics events are linked to your account so we can provide personalised features like your recent report history.

Feedback

• If you submit feedback (star ratings or comments), this is stored alongside your visitor and session context to help us understand the issue.

Browser storage

• We store a random visitor ID and your recently viewed addresses in your browser's localStorage. This data stays on your device and is not shared with third parties. You can clear it at any time via your browser settings.

2. What we do NOT collect

• Passwords are handled securely by AWS Cognito and are never stored or accessible by DueDili directly. API keys are SHA-256 hashed before storage and cannot be retrieved.
• We do not collect payment information (the service is free during beta).
• We do not use advertising trackers or sell data to third parties.
• We do not collect your name, phone number, or physical address.

3. How we use your data

• To authenticate requests and enforce rate limits.
• To monitor service health and investigate errors.
• To understand how people use DueDili and improve the product.
• To provide personalised features (e.g. recent reports, dashboard).
• To send you critical service updates (e.g. breaking changes, outages).
• To generate aggregate, anonymised usage statistics.

4. Data storage and security

Your data is stored on AWS infrastructure in the Sydney (ap-southeast-2) region. API keys are SHA-256 hashed before storage. Authentication is managed by AWS Cognito. We use encrypted connections (TLS) for all data in transit.

5. Data retention

• API request logs: 90 days.
• Analytics events and sessions: 12 months.
• Visitor records: retained until you request deletion or clear your browser storage.
• Account data (email, intent): retained for the lifetime of your account.
• You can request deletion of all your data by contacting us.

6. Third-party services

• AWS Cognito — handles authentication (email, password).
• AWS (Sydney region) — hosts the service, database, and API.
• Google Analytics (GA4) — website usage analytics.
• NSW Government data sources— we aggregate publicly available data from G-NAF, NSW Planning Portal, BOCSAR, Transport for NSW, NSW Education, and the ABS. We do not share your queries with these sources.

7. Data breach notification

In the event of a data breach that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.

8. Children

DueDili is not directed at anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Your rights and complaints

Under the Australian Privacy Act 1988, you have the right to access, correct, or delete your personal information. Contact us at support@duedili.com.au. We aim to acknowledge complaints within 7 days and resolve them within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au/privacy/privacy-complaints.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the email address associated with your account.