Privacy

Close Enough lets you look up Melbourne addresses without an account. If you sign in, we save your addresses, search history, deep reports, and credit balance. Sales-agent and admin features track referrals and commissions. You can export and delete your account from Settings — both are immediate.

Close Enough is a Melbourne address-liveability dashboard. Free lookups work without an account. Optional accounts unlock saved addresses, search history, deep reports, and the Pro subscription. The mobile app can use your device GPS when you ask it to, but never stores your location. Sales agents have an extra layer that tracks referrals and commission attribution.

What we collect

We collect and store the following kinds of data, each with its own retention and legal basis:

Account — Your sign-in identity is managed by Lotl Auth, our authentication service (auth.lotlsoft.com). Lotl Auth stores your email, your name if you provided one, and a hash of your password (argon2id). Sign-in issues a short-lived JWT access token (15 minutes) and a refresh token (30 days). Email verification and password resets go through transactional email (Resend).Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account. Shared with: Lotl Auth, Resend.
Saved addresses — Addresses you save to your account, with whatever label and notes you attach. They appear in your dashboard so you can re-open them later.Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account.
Deep reports — Each deep report you generate is stored against your account so you can re-open it without paying again. You can delete a report at any time; deletion is immediate.Stored on our server. Kept until you delete it. You control when to regenerate or delete a report. Deletion is immediate and irreversible. Legal basis: contract (needed to run the service). Removable when you delete your account.
Search history — Your recent free and deep lookups so the app can show 'recents' and rerun a search. We also cache geocoded coordinates briefly so repeated lookups don't re-charge the geocoder.Stored on our server. Kept until you delete it. Rolling window: older entries are dropped as newer ones land. Geocoding cache rolls every 90 days. Legal basis: contract (needed to run the service). Removable when you delete your account.
Device location — Only used when you tap 'Use my location' in the mobile app. The coordinate is sent to the geocoder, converted to an address, and discarded. Nothing about your location is stored.Stored in your browser. Held briefly during the request and discarded. Held in memory only for the geocoding round-trip; not persisted client- or server-side. Legal basis: consent. Removable when you delete your account. Shared with: DigitalOcean.
Credits and purchases — Your credit balance, every purchase, every spend, every starter grant, every referral redemption, and your Pro subscription state — visible to you in Settings as a transaction ledger. Purchase records are kept for tax and dispute resolution even if you delete your account.Stored on our server. Kept permanently. Purchase records are kept for tax and dispute-resolution reasons even after account deletion. Legal basis: contract (needed to run the service). Not individually deletable. Shared with: Stripe.
Usage telemetry — Anonymous usage events, performance gauges, and error reports are sent to Lotl Observe, our observability service (observe.lotlsoft.com). Lotl Observe stores error messages, stack traces, request URLs, user-agent strings, telemetry events, and per-event metadata. It does not store the contents of your application data. We process this under legitimate interests: Lotl Observe is in-house, no third-party analytics or session replay is involved, and identifiers are pseudonymous. Account deletion removes your associated telemetry. Project-specific: telemetry doesn't include your saved-address contents or deep-report results.Stored on our server. Held briefly during the request and discarded. Crash and performance data are kept for 90 days; product-interaction analytics for 30 days. Legal basis: legitimate interests. Removable when you delete your account. Shared with: Lotl Observe.
Sales attribution and commissions — If you signed up via a sales-agent referral, we track the attribution so the agent can be paid commission. Sales agents see their own commissions and referred customers in their dashboard; admins see the full ledger.Stored on our server. Held briefly during the request and discarded. Attribution records are kept for 13 months from the attribution event (12-month commission window plus a one-month reconciliation tail). Legal basis: legitimate interests. Removable when you delete your account.
Feedback messages — Feedback you send via the in-app form is stored unredacted so we can read it. Don't paste passwords, account numbers, or anything sensitive — we'll see it.Stored on our server. Kept until you delete it. Legal basis: legitimate interests. Removable when you delete your account.

What we don't collect

We deliberately don't collect or store any of these:

Continuous location data — the mobile 'Use my location' button geocodes a single coordinate and discards it
Behavioural fingerprinting, session replay, or third-party tracking pixels
Information from people who haven't created an account (anonymous lookups stay anonymous)

Cookies

We don't use cookies for tracking. We use localStorage to keep you signed in and remember UI preferences.

Third parties

These external services receive some of your data:

Atlas of Living Australia — biodiversity occurrence data for the address area (server sends a coordinate-bounded query)
Australian government open-data services — LGA boundaries (ABS), planning overlays (VIC), public-toilet locations (NSW), and other gov.au datasets queried server-side by area
CartoDB — browser-side basemap tiles for the map widgets (the tile URLs encode your map viewport)
DigitalOcean — server hosting for the Close Enough service
Google APIs — address geocoding, places, air quality, and Street View imagery
Open-Elevation — free elevation lookup for the address coordinates
OSRM routing service — walking, cycling, and driving route distance calculations (only when self-hosted OSRM isn't available; production typically routes via Google)
Resend — transactional email delivery
Stripe — payment processing for credits and Pro subscriptions

Where your data is stored

Close Enough runs on DigitalOcean's Sydney region; your data stays in Australia. Google APIs (geocoding, places, air-quality, Street View imagery) process address queries from their global infrastructure. Stripe processes payments in their region (typically the US for cards issued there); Resend delivers email through Amazon SES infrastructure. We don't transfer data internationally beyond those processor relationships.

Children's data

Close Enough is intended for adults researching liveability of Melbourne addresses. We don't knowingly collect personal data from anyone under 16. If we learn we've stored data from a child, we'll delete it.

If something goes wrong

If we ever discover a data breach affecting your account, we'll email you within 72 hours and tell you what was accessed and what we're doing about it.

Your rights

You can export everything we hold about you (Settings → Export) and delete your account at any time (Settings → Delete account). Deletion cascades through saved addresses, search history, deep reports, telemetry, and feedback. Purchase records are retained for tax and dispute reasons. We don't anonymise on delete; we remove.

Contact

Questions about privacy? Email privacy@lotlsoft.com.

Last updated: 2026-05-27 · Version 2026.05.10.