EnBright

Privacy Policy

Effective Date: 14 April 2026 · Last Updated: 14 April 2026

Enbright Pty Ltd (ACN 685 093 805) (“Enbright,” “we,” “us,” or “our”) operates the Enbright platform at www.enbright.com.au. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Spam Act 2003 (Cth), and other applicable Australian laws.

1. Our Commitment to You

  • Your choice, our rule: Your information will only be provided to the product supplier(s), installer(s), energy assessor(s), and financial institution(s) you explicitly select through our platform.
  • No selling of your data: We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
  • Transparent communication: Every marketing email includes an unsubscribe link. You can opt out at any time.
  • Minimum collection: We only collect personal information that is reasonably necessary to provide our services.

2. Information We Collect

2.1 Information you provide directly

  • Contact details: name, email address, telephone number, postal address.
  • Property and energy information: address, property type, existing energy assets, energy consumption data, roof type, hot water system details, and other data required for accurate quoting and comparison.
  • Financial information: if a transaction occurs, payment details may be processed by our secure payment partners. We do not store full credit card numbers.
  • Communications: records of your enquiries, feedback, and support requests.
  • Account credentials: email and password (passwords are encrypted and never stored in plaintext).

2.2 Information collected automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution.
  • Usage data: pages visited, time spent on pages, referral sources, click patterns. We use Google Analytics to help us understand how visitors interact with our website.
  • Cookies and similar technologies: see Section 9 below.

2.3 Information from third parties

  • Our partner suppliers or installers may provide us with information about the status of your order or installation, where you have engaged them through our platform.
  • Publicly available property data from government registries (e.g., BOM climate data, CER solar panel registrations) to pre-populate property information and reduce manual entry.

3. How We Use Your Information

We use your personal information for the following purposes:

  • To facilitate the competitive quoting process and connect you with your chosen supplier, installer, assessor, or financial institution.
  • To provide, administer, improve, and personalise our services.
  • To communicate with you about your enquiry, order status, and our services.
  • To send you industry updates, energy-saving tips, and offers we believe may be relevant to you (you can opt out at any time).
  • For internal analytics, research, product development, and quality improvement, including aggregated insights from Google Analytics.
  • To comply with legal obligations, including the Notifiable Data Breaches scheme under the Privacy Act.
  • To protect our rights, prevent fraud, and ensure the security of our platform.

4. Disclosure of Your Information

We will only disclose your personal information in the following circumstances:

  • To your chosen providers: To the energy product suppliers, installers, assessors, or financial institutions you explicitly select via our platform, solely to fulfil your request.
  • Service providers: To trusted third-party service providers who assist in operating our business (e.g., cloud hosting, payment processing, email delivery, analytics), under strict confidentiality and data processing agreements.
  • Legal requirements: Where required or authorised by Australian law, a court order, or a regulatory body (e.g., OAIC, ACCC, ATO).
  • With your consent: For any other purpose with your explicit, informed consent.
  • Business transfer: In connection with a merger, acquisition, or sale of all or part of our business, subject to the acquiring entity maintaining equivalent privacy protections.

5. Data Retention

We retain your personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Account and enquiry data: retained for the duration of your account plus 2 years after your last interaction with us.
  • Transaction records: retained for 7 years to comply with Australian tax and financial record-keeping obligations.
  • Marketing preferences: retained until you unsubscribe or delete your account.

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.

6. Security

We implement reasonable technical and organisational measures to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Access controls limiting who within our organisation can access personal information.
  • Regular security assessments of our systems and third-party providers.
  • Incident response procedures aligned with the Notifiable Data Breaches scheme.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. International Transfers (APP 8)

Your personal information is primarily stored and processed within Australia. We use cloud infrastructure and third-party services that may process or store data in other countries, including the United States, the European Union, and Singapore. Where this occurs, we take reasonable steps to ensure overseas recipients handle your information consistently with the APPs, including through contractual data processing agreements.

Our key service providers and their locations include:

  • Cloud infrastructure and edge services: We use Cloudflare Workers and R2 for application hosting, data storage, and content delivery. These services operate on a globally distributed network, which means personal information may be processed in multiple countries, including the United States, the European Union, and Singapore.
  • Cloud hosting and backups: We use Amazon Web Services (AWS), with primary infrastructure located in Australia (Sydney region) and backups that may be stored in the United States.
  • Email delivery: We use Resend, which processes data in the United States.
  • Analytics: We use Google Analytics, which may process data on servers located outside Australia, including in the United States.

8. Your Rights

Under the Australian Privacy Principles, you have the following rights:

  • Access (APP 12): You may request access to the personal information we hold about you. We will respond within 30 days.
  • Correction (APP 13): You may request correction of any inaccurate, out-of-date, incomplete, irrelevant, or misleading information.
  • Opt-out of marketing: You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.
  • Deletion: You may request deletion of your account and associated personal information, subject to our legal retention obligations.

To exercise any of these rights, contact our Privacy Officer (see Section 12). We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your experience, analyse traffic, and support marketing. We use:

  • Essential cookies: Required for the website to function (e.g., session management). Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our site. We use Google Analytics, which sets cookies to collect anonymised usage data such as pages visited, session duration, and referral sources.
  • Marketing cookies: Used to deliver relevant advertising and measure campaign effectiveness (if applicable).

You can manage cookie preferences through your browser settings. You can also opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on. Disabling certain cookies may affect website functionality.

10. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. If we become aware of a data breach that is likely to result in serious harm to you, we will:

  • Take immediate steps to contain the breach and assess the risk of serious harm.
  • Notify the Office of the Australian Information Commissioner (OAIC) as required.
  • Notify affected individuals with a description of the breach, the type of information involved, and steps they can take to protect themselves.

11. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, please contact our Privacy Officer in writing. We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

12. Contact Us

For any questions about this Privacy Policy, to exercise your privacy rights, or to make a complaint:

Privacy Officer
Enbright Pty Ltd
Email: privacy@enbright.com.au
Website: www.enbright.com.au

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The current version will always be available on our website. Where changes are material, we will notify you by email or by a prominent notice on our platform before the changes take effect.