Who we are
RateSync is an Australian mortgage comparison tool operated by Alpine Code (ABN 83 774 179 276). We help you see how your home loan rate compares to products from major Australian banks using publicly available data from the Consumer Data Right (CDR) APIs.
What data we collect
We collect as little as possible. RateSync is designed so you can get value without creating an account or providing personal information.
Data stored on your device only (anonymous users):
- Comparison inputs(rate, balance, property value, loan type) are stored in your browser's localStorage only. They never leave your device unless you click “Compare.”
- When you run a comparison, your inputs are sent to our server to filter and rank products. We do not log or store these inputs after the response is returned.
- No sign-in is required. We do not collect your name, email, phone number, or any identifying information.
Anonymous analytics:
- We use Google Analytics 4 (GA4) to understand how the Tool is used. GA4 collects anonymised data including device type, pages visited, interactions (e.g. comparisons run), and scroll behaviour. When you run a comparison, aggregated input values (such as loan balance range, rate type, and LVR bracket) are recorded as anonymous analytics events to help us improve the Tool. These values are not linked to your identity.
- GA4 uses cookies for session management. You can opt out using your browser settings or a Google Analytics opt-out browser add-on.
First-party analytics:
- We store anonymised interaction data (such as which form fields are used, scroll depth, and time spent on inputs) in our own database to improve the Tool. A random identifier is stored in your browser's localStorage to distinguish returning visitors — this is not linked to your name, email, or any personal information.
- Financial values are recorded as broad brackets (e.g. “$400k–$600k”), never as exact amounts. This data cannot identify you.
- First-party analytics data is retained for up to 90 days and then permanently deleted.
What we do NOT collect
- IP addresses (beyond standard server logs retained for 14 days)
- Advertising or third-party tracking cookies
- Personally identifiable financial data — analytics events are anonymous and not linked to your identity
Anonymity and pseudonymity
In accordance with Australian Privacy Principle 2, you can use RateSync without identifying yourself. No account, name, email, or phone number is required. You may use the Tool completely anonymously.
CDR data
Product data (rates, fees, features) is sourced from public CDR APIs mandated by the Australian Government. This data is publicly available and does not contain any personal information. We refresh this data daily.
How we use your data
- To calculate and display your mortgage comparison results
- To understand feature usage and improve the Tool
- To improve the accuracy and performance of the Tool
- We do not sell, rent, or share your personal data with third parties
- We do not use your data for advertising or profiling
Data storage and security
- Our servers run on AWS in the Sydney (ap-southeast-2) region
- All connections use HTTPS/TLS encryption
- Database storage is encrypted at rest
- We apply security headers (CSP, HSTS, X-Frame-Options) to protect against common web attacks
- Access to infrastructure is restricted to authorised personnel
- Comparison inputs exist only in memory during request processing and are not persisted
- Anonymous user financial details remain in browser local storage, subject to your device and browser security
Data retention
In accordance with Australian Privacy Principle 11.2, we only retain data for as long as it is needed:
- Comparison inputs — exist only in memory during your request and are not stored after the response is returned.
- CDR product data — refreshed daily. Old product data is deleted and replaced each time new data is pulled from bank APIs.
- Analytics data — anonymised analytics are retained by Google Analytics per their standard retention policies.
- Server logs — standard web server logs (IP address, request URL, timestamp) are retained for up to 14 days for security and debugging purposes, then automatically deleted.
- Browser local storage — persists until you manually clear it.
When data is no longer needed, we take reasonable steps to destroy or permanently de-identify it.
Third-party services
We use the following third-party services to operate RateSync:
- Amazon Web Services (AWS) — hosting, database, content delivery (CloudFront), and infrastructure
- Google Analytics 4 — anonymised usage analytics
- Sentry — error monitoring and reporting
- Google Fonts— web fonts loaded from Google's CDN
Additional third-party services may be introduced; this policy will be updated before any new service receives personal data.
International data transfers
Our servers are located in AWS's Sydney (ap-southeast-2) region, and your data is processed in Australia. However, some of our service providers are headquartered overseas:
- Amazon Web Services (AWS) — US-headquartered company. Our infrastructure runs in Sydney, but AWS is subject to US law. Content may be delivered via CloudFront edge locations outside Australia.
- Google (Analytics & Fonts)— data may be processed outside Australia per Google's privacy policies.
- Sentry — error data may be processed outside Australia.
We take reasonable steps to ensure any overseas recipients handle your information in accordance with the Australian Privacy Principles.
Cookies and tracking
RateSync uses the following client-side storage:
- localStorage — stores your comparison inputs on your device. This is not a cookie and is never sent to third parties.
- Google Analytics cookies — used for anonymised session management and usage analytics. No advertising or third-party tracking cookies are used.
You can disable cookies in your browser settings or use the Google Analytics opt-out add-on.
Marketing communications
RateSync does not currently send marketing emails. If we introduce email communications in the future, they will be opt-in only and every email will include an unsubscribe link. Opting out will not affect your access to the Tool.
Third-party links
RateSync may contain links to third-party websites, including bank product pages. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policy of any site you visit.
Your rights
Under the Australian Privacy Principles, you have the right to:
- Know what personal information is held about you
- Request access to your personal information
- Request correction of inaccurate information
- Request deletion of your data
- Complain about breaches of the Australian Privacy Principles
Since we currently do not collect personal information from anonymous users, there is generally nothing to access or correct. If you have questions or concerns, contact us at the email below.
Data breach notification
In the event of a data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth), notifying the Office of the Australian Information Commissioner (OAIC) and any affected individuals as required.
Children's privacy
RateSync is designed for adults comparing mortgage products. Our services are not directed to persons under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
Complaints
If you believe we have breached the Australian Privacy Principles:
- Contact us at support@ratesync.com.au with your complaint details
- We will acknowledge your complaint within 7 days
- We will investigate and respond with an outcome within 30 days
If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Changes to this policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. We will not reduce your privacy protections without clear notice.