PR Insight.
Privacy Policy

What we collect, why, and how to delete it.

Last updated: 26 May 2026

This Privacy Policy describes what personal information PR Insight collects, why we collect it, who we share it with, and how you can access, correct, or delete it. It is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

PR Insight is a data tool, not a migration agent. We are not affiliated with the Australian Government, the Department of Home Affairs, or OMARA — see our Terms of Use for the full disclaimer.

1. What we collect

  • Account information:email address, name (optional). We use a passwordless magic-link flow — we never collect or store passwords. Where you sign in via the magic-link, we receive only the email address you provided.
  • Migration profile (only what you choose to enter): age, English level, occupation (ANZSCO code + title), years of skilled employment, qualifications, claimed points, visa subclass(es) of interest, nominating state preference, and partner / dependant details if you opt to model them.
  • Saved scenarios and documents: the assessments, comparisons, and plans you save to your account.
  • Communication preferences: round-alert subscriptions and email opt-ins.
  • Billing (paid plans only, post-launch): Stripe customer ID, subscription status, transaction history. Card numbers are entered into Stripe directly and are never stored on our systems.
  • Anonymous usage data: hashed IP addresses for rate-limiting and abuse prevention; aggregate page-view counts via Vercel Analytics. No personally identifiable information is sent to analytics providers.
  • Server logs: standard request logs (timestamps, error traces, app version) retained for debugging and security.

2. What we do NOT collect

To stay strictly within the role of a data tool and outside s.276 of the Migration Act, PR Insight does not collect, store, or process:

  • Passport scans, ID documents, or biometric data;
  • Skills-assessment outcome letters or other application evidence;
  • Health, police, or character documents;
  • Any document you would lodge with the Department of Home Affairs.

Please do not upload these. If you do, we will delete them.

3. Why we collect it

Your migration profile powers the points calculator, eligibility checker, pathway comparison, saved-scenarios dashboard, and email alerts you opt into. Cached snapshots make the app fast. Anonymous analytics help us understand which features work and improve the product. Billing data is used solely to operate paid subscriptions.

We do not use your data to train AI models, and we do not share it with advertisers. If we ever introduce advertising to support the platform, we will update this policy and disclose what data (if any) is shared with them before any change takes effect.

4. Subprocessors

We do not sell or rent your personal information. Limited data is processed by the following vendors strictly to operate the platform:

  • Neon, Inc.(United States / Singapore region) — serverless PostgreSQL database hosting. All user-owned data is filtered by user ID at the application layer.
  • Vercel, Inc.(United States) — web hosting and edge runtime. Receives request metadata and routes pages.
  • Resend, Inc.(United States) — transactional email delivery for magic-link sign-in and future alert emails. Receives your email address and message contents.
  • Stripe, Inc.(United States / Australia) — payment processing for paid plans (post-launch). Card details are entered into Stripe directly and we never receive or store them.

Each vendor has its own privacy policy. We will update this list before introducing any new subprocessor that processes personal information.

5. If you explicitly request a migration professional

If, and only if, you explicitly opt in to being connected with a migration professional, we will share your contact details and the relevant parts of your saved profile with a MARA-registered migration agent or Australian legal practitioner. This only happens with your express opt-in consent on a per-introduction basis. You can decline at any time, and declining does not affect your use of any other feature.

6. Data security

Your data is stored on Neon’s managed Postgres infrastructure with TLS-only connections. Authentication is handled via passwordless magic-link tokens issued by Auth.js; we never store passwords because we never collect them. All app traffic is served over HTTPS with strict transport security headers.

In the event of a data breach affecting your personal information, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.

7. Data retention & deletion

  • Saved scenarios remain in your account until you remove them from the dashboard or delete your account.
  • Email-send logs are retained for 30 days for rate-limit accounting, then aggregated.
  • Server logs are retained for up to 90 days, then deleted or anonymised.
  • Billing records (post-launch) are retained for 7 years to comply with Australian tax and accounting law.
  • To delete your account and all associated personal data, contact us via hello@prinsight.app. We will action deletion requests within 30 days.

8. Your rights under the Australian Privacy Principles

You have the right to:

  • Access the personal information we hold about you;
  • Correct it if it is inaccurate or out of date;
  • Request deletion of your data;
  • Object to particular processing activities;
  • Withdraw consent for optional features (alerts, analytics, professional introductions) at any time;
  • Lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au) if you believe we have mishandled your information.

9. International users & cross-border disclosure

Our service uses subprocessors located outside Australia (primarily the United States and Singapore). By using PR Insight you consent to your personal information being transferred to, and processed in, those jurisdictions. We apply the same controls regardless of your country and we take reasonable steps to ensure overseas recipients handle your information consistently with the APPs.

10. Children

PR Insight is not directed at children under 16 and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the “Last updated” date at the top of this page, and where appropriate we will notify signed-in users by email or an in-product banner. Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact

Questions about this policy, or requests to exercise a privacy right: hello@prinsight.app.