How we handle your information.

1. About this policy

This Privacy Policy explains how Marenn Australia Pty Ltd (ABN 44 696 505 610) ("Marenn", "we", "us", "our") collects, uses, stores, discloses and protects your personal information when you use marenn.com or any Marenn service. We comply with the Australian Privacy Principles ("APPs") under the Privacy Act 1988 (Cth), with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth) for our electronic and telephone marketing, and with the Notifiable Data Breaches scheme. This policy should be read together with our Terms of Use.

Marenn's services are designed for Australian residents and Australian properties; our address-lookup is restricted to Australian addresses. If you are a resident of another jurisdiction (the EU, the UK, California or anywhere else) whose privacy law applies to you despite our Australian focus, you retain the mandatory rights granted by that law in addition to the rights set out here. We will honour those rights to the extent they apply. See section 11.

2. The personal information we collect

A note on scope. The personal information you give Marenn at a typical first interaction is intentionally minimal: name, email and (where relevant) a property address. The risk content in the Marenn Risk report is built from public-domain sources we ingest into our coastal data lake (government overlays, satellite imagery, address and parcel registries, weather and radar records, peer-reviewed peril research); none of that has to come from you. The optional property-detail fields described in 2.1 are clarifications about the property, not about you, and the report is still generated if you leave them blank.

2.1 From the free Marenn Risk report request form (/risks)

• Your name and email address.
• The property address you ask us to report on and the geographic latitude and longitude resolved by your browser via the Google Places autocomplete (so we can pin the report to your block, not your postcode).
• Optional property details you supply (construction material, approximate year built, roof type, number of storeys, primary use, presence of a pool, large or overhanging trees, recent renovation). These refine the report but are not required for it to be generated; without them we fall back to Vision AI inference from public aerial and street imagery.
• Your express opt-in choice on the marketing consent checkbox, recorded as a boolean alongside the timestamped version of the consent text you saw, so we can prove or rebut consent at any later time.
• The IP address and approximate location of your device, captured by the rate-limiting layer that protects the form from abuse.

2.2 From other forms on marenn.com

• Insurance waitlist (/insurance-waitlist): first name, last name, email, postcode (optional), property type (optional).
• Stewardship and trade applications: name, email, phone, property address or service area, and any context you choose to share.
• Climate Mesh host registrations: venue name, contact name, email, phone, venue address.
• Sentinel and care-report requests: name, email, phone, address, scheduling preferences.

2.3 From your communications with us

The content of emails, calls, SMS, postal correspondence and any other communication you have with us, including any attachments you choose to share.

2.4 From your use of marenn.com

Page-view analytics (pages viewed, referring site, approximate location at city or region level, browser and device type, time on page) and cookies set by our analytics, by essential form functionality and by embedded maps and imagery. See section 7.

2.5 From your property and its microclimate (if you become a member or host)

• Inspection photographs, video, audio recordings and condition checklists captured by a Marenn steward at each visit.
• Drone aerial imagery captured by SkyCheck during inspections.
• Continuous sensor readings from any Marenn climate station installed at your property.
• Maintenance and service history recorded in your Digital Home Record.
• Smart-home or appliance data that you choose to share with us.

2.6 From third parties and public sources

• Government cadastral and address registries, council planning overlays, flood mapping, bushfire mapping, coastal erosion data, satellite imagery (Landsat, Sentinel, Digital Earth Australia Water Observations from Space, DEA Coastlines, NASA FIRMS), historical weather records, and similar open data we ingest into our coastal data lake.
• Aerial and street imagery licensed from third-party providers (including Esri and Google).
• Publicly available real-estate listings and sale records to verify property attributes.
• Information from referrers, brokers, agents or partners who introduce you to us, where they confirm to us that they have a lawful basis to do so.

2.7 Information derived by Marenn

The Marenn Score, per-peril scores, structure-offset multipliers, cohort comparisons, the Property Condition Index, narrative risk summaries and other analytical outputs produced from the categories above. These incorporate your personal information by reference (to your property) and are protected on the same basis.

3. Why we collect it

• To deliver what you asked for — your Marenn Risk report, your stewardship visits, your climate-station installation, your sentinel post-storm report, your insurance quote at launch, and any other Marenn service you sign up for.
• To operate, maintain, secure and improve the service — fraud and abuse prevention, rate-limiting, error monitoring, system administration, performance optimisation, security.
• To build, refine and operate the Marenn coastal data lake, the Marenn Score model, the Climate Mesh, our underwriting models, the Property Condition Index and our other analytical products. Where practical we use de-identified or aggregated data for this purpose.
• To send you the marketing communications you have consented to, where you have ticked the express consent box on the report request form or otherwise opted in. See section 4.
• To comply with law — court order, regulatory request or our legal obligations (including ASIC, AUSTRAC, ATO, OAIC, courts and tribunals).
• To establish, exercise or defend legal claims, including claims handling, litigation, regulatory investigation or a Marenn corporate transaction (sale, merger, restructure, insolvency, financing); in any such transaction the personal information continues to be protected on the same terms.

4. Marketing & promotional communications

We collect marketing consent in two stages, each scoped to what we are actually contacting you about at that point. We never bundle the broader stage 2 ask into the top-of-funnel stage 1 opt-in.

4.1 Stage 1 — Insurance updates (express opt-in at the report form and waitlist)

If you tick the marketing-consent box on the free Marenn Risk report form (/risks), you give us your express consent under the Spam Act 2003 (Cth) to contact you by email only about Marenn insurance products as they launch. The categories within this stage 1 opt-in are:

• Insurance products as they become available (closed list): home and buildings, contents, landlord, holiday-let and short-stay, motor and vehicle, liability, parametric weather-event, marine and watercraft, appliance and equipment replacement, business-pack — all subject to required Australian Financial Services Licensing.
• Insurance-adjacent updates only: waitlist news, launch announcements, pricing previews, eligibility expansions, partner-underwriter information.

Fresh consent for genuinely new categories. If Marenn later adds a genuinely new insurance category that falls outside the enumerated list above (for example, pet, travel, cyber or life cover), we will collect fresh express consent for that category at the point we offer it. This stage 1 opt-in is not automatically extended to any new category. The text version identifier recorded with each opt-in (see section 4.3) allows us to demonstrate which enumerated list each user agreed to at the time of their consent.

We do not contact you by SMS, telephone or post under this opt-in. We do not extend this opt-in to any other Marenn product line. Ticking the marketing-consent box is not a condition of receiving your free Marenn Risk report; the report is delivered whether you tick the box or not.

By submitting the insurance waitlist (/insurance-waitlist) you ask us to send you the service communications that waitlist membership entails: build updates each quarter, your founding-cohort quote 6–8 weeks before public launch, and any service notices about your waitlist spot. These are service-related (transactional) communications under the Spam Act — sent under inferred consent because you have asked for them by joining — not marketing under the stage 1 opt-in. They are sent by email only. They stop on request via the unsubscribe link or by emailing us.

4.2 Stage 2 — Broader Marenn product and service updates (collected separately, in context)

If you proceed beyond the free report or waitlist into an insurance application, member onboarding, Climate Mesh hosting or another Marenn engagement, we may invite you to give separate express consent for contact about the broader Marenn platform, by the channels relevant to each engagement (which may include SMS or phone if you've supplied those details for a service reason). This consent is never bundled into the stage 1 ask, and you opt into each category in context, at the point we are asking. Categories that may be offered at stage 2 (so you can see the full landscape in advance) include:

• Property intelligence and condition products: address-level paid risk reports, the Property Condition Index, the Digital Home Record, pre-purchase and pre-sale reports, ongoing monitoring services, the Marenn Sentinel post-storm exterior assessment, drone surveys, asset and appliance registers.
• Stewardship, trades and maintenance: the Marenn+ monthly Care Report, Marenn Prevent trade coordination, scheduled and reactive maintenance management, on-call assistance, key-safe and access management, end-of-tenancy and pre-arrival readiness, mail and parcel handling, and concierge-style property services.
• Climate Mesh and weather: installation of Marenn Climate Stations at your property or venue, participation in the public Climate Mesh, microclimate dashboards, alerts and warnings, regional weather analysis and forecasting products, and historical climate reports for your property.
• Financial services: renovation finance, green-energy and solar finance, battery and storage finance, electric-vehicle and EV-charger finance, home-improvement finance, mortgage broking and mortgage referrals, refinancing referrals, utilities switching and procurement (energy, gas, water, telecommunications), strata and body-corporate financial products, and any other financial service Marenn (or its authorised partners) offers in any market we serve, subject to required licensing.
• Data products and partner offerings: aggregated or de-identified data products marketed to insurers, reinsurers, banks, councils, real-estate professionals and researchers; co-distribution of carefully vetted partner offerings through the Marenn Care Report and member channels, with no direct marketing by those partners and no transfer of your personal information to them without your separate consent.
• Marenn brand, community and events: build updates, new-product announcements, member events, sponsorship and community programs, customer research and surveys, beta and early-access invitations, content and editorial.

4.3 Withdrawal and audit trail

You can withdraw any consent at any time, free of charge, via the unsubscribe link in any email, by replying STOP to any SMS (where SMS applies under a stage 2 opt-in), by emailing privacy@marenn.com, or by writing to us at the address in section 13. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. For each opt-in we record a timestamp, the version identifier of the consent text you saw, the IP address you submitted from and the user-agent string, so we can demonstrate compliance with our Spam Act and APP 7 obligations.

5. We never use the following

• We do not sell, rent or trade your personal information.
• We do not share your personal information with third-party advertisers, data brokers, list-rental services or social-media platforms for their own marketing.
• We do not feed your personal information into third-party generative AI training datasets, foundation models or large language models operated by providers other than the sub-processors named in section 6.
• We do not knowingly collect personal information from anyone under 16.
• We do not make solely-automated decisions that produce legal or similarly significant effects on you; the Marenn Score is informational only and a Marenn underwriter (a human) reviews any insurance-pricing decision that may flow from it once we are licensed to issue insurance.

6. Who we share information with

We share personal information only with the categories of recipient below, only as needed for the purposes in section 3, and only under written contracts that bind each recipient to confidentiality, security and use restrictions consistent with this policy and the APPs.

6.1 Sub-processors we currently rely on

• Google Cloud Platform (Google Australia Pty Ltd and Google LLC): application hosting (Cloud Functions, Cloud Run), data storage (Cloud Storage, BigQuery), authentication (Firebase Auth), Gemini Vision and Gemini text models for image classification and risk narratives. Primary region is Sydney (australia-southeast1).
• Anthropic, PBC: Claude language models accessed via API for risk narratives and analysis. Anthropic's Commercial Terms and Data Processing Addendum apply; prompts and outputs are not used to train Anthropic's models.
• Netlify, Inc.: static site hosting for marenn.com, edge cache, form submission collection, deploy pipeline.
• Google LLC: Google Places (address autocomplete), Google Maps Static and Street View imagery, reCAPTCHA (where used).
• Esri: aerial imagery via ArcGIS Online services.
• Stripe, Inc.: payment processing for paid services. Stripe is independently certified to PCI-DSS Level 1; we do not see or store full card numbers.
• Gmail (Google Workspace): outbound transactional and marketing email via SMTP; inbound support email.
• GoSquared, Ltd.: website analytics. We do not enable any of GoSquared's advertising integrations.
• SMS and voice providers (currently Twilio, Inc. and similar): outbound notifications and alerts.

Public datasets we ingest into our coastal data lake (Bureau of Meteorology, Geoscience Australia, Digital Earth Australia, the Queensland Government, NASA FIRMS, the European Space Agency Sentinel program, the United States Geological Survey Landsat program, OpenStreetMap) are read-only sources; no personal information is sent to them.

6.2 Other recipients

• Insurance underwriters, reinsurers, brokers and authorised representatives with whom we partner to deliver insurance products to you once licensed, where you have asked for a quote, a policy or a related service. We disclose only the information they need to assess, quote, issue, administer or settle a claim.
• Marenn stewards, Marenn Prevent trades and other contractors who provide services at your property, limited to the information they need to attend the property safely and deliver the service.
• Professional advisors (lawyers, accountants, auditors) under confidentiality obligations.
• Acquirers in connection with a corporate transaction (see section 3).
• Government bodies and law-enforcement agencies where required by Australian law or where we reasonably believe disclosure is necessary to protect life or property, to investigate fraud, or to enforce our Terms of Use.

7. Where your information is held

Your information is primarily stored on Google Cloud's Sydney (australia-southeast1) region. Some sub-processors (Google Cloud for certain managed services, Anthropic, Netlify, Stripe, Twilio, GoSquared) may process limited categories of data outside Australia (typically the United States or the European Economic Area) to deliver their services. Each such provider operates under its own privacy program and processes the data only as needed to deliver the service and only on Marenn's instructions. We do not transfer personal information offshore for marketing or advertising purposes.

8. Cookies and analytics

We use the smallest practical set of cookies:

• Strictly necessary: session, CSRF, load-balancing, fraud-protection and basic form-functionality cookies.
• Analytics: GoSquared on the .marenn.com domain. We do not enable advertising integrations and we do not share analytics cookies with ad networks.
• Third-party embeds: Google Places, Google Maps, Google Street View, Esri tiles and similar may set cookies under their own privacy policies; we configure embeds with the most privacy-respecting settings each provider offers.

You can clear cookies and adjust cookie permissions in your browser. Some site features may not work as expected if you do.

9. How long we keep it

• Risk-report leads (name, email, address, consent record): up to 7 years from the last interaction, to support Spam Act record-keeping. You can ask us to delete sooner.
• Insurance waitlist: until our insurance product launches and you become a customer or decline, then 7 years if you become a customer, or 24 months otherwise.
• Stewardship and member data: for the duration of the membership plus 7 years after termination, matching Australian financial-records and tax-record norms.
• Trade and steward applicants: 24 months from the most recent contact (longer if engaged).
• Inspection imagery, condition records, sensor data from a member property: for the duration of the membership plus 7 years.
• De-identified climate and property data: retained indefinitely as part of the coastal data lake; this is no longer personal information once de-identified.
• General enquiries: 24 months.
• Server logs and security telemetry: 30 to 365 days depending on category.
• Backups: 35 days rolling.

Where Australian law requires us to retain longer, we will retain for the longer period.

10. Your rights under the Australian Privacy Principles

You have the right to:

• Access the personal information we hold about you (APP 12).
• Correct information that is inaccurate, out of date, incomplete, irrelevant or misleading (APP 13).
• Withdraw your consent to direct marketing at any time, free of charge (APP 7 and the Spam Act).
• Ask us how we calculated your Marenn Score, and to correct any input you believe is wrong.
• Complain to us about how we have handled your personal information, and (if you are not satisfied with our response) escalate to the Office of the Australian Information Commissioner at oaic.gov.au.

To exercise any of these rights, email privacy@marenn.com or write to us at the address in section 13. We will respond within 30 days.

11. Residents of other jurisdictions

Marenn's services are intended for Australian properties and Australian residents. We do not actively offer goods or services to, or monitor the behaviour of, residents of other jurisdictions, and the relevant non-Australian privacy laws (including the EU/UK GDPR, the California CCPA/CPRA and analogous US, Canadian and other state and national laws) generally do not apply to us by virtue of our Australian-focused operations.

If, despite that, a non-Australian privacy law applies to you because of where you are located (for example, because an EU resident submits the form), the mandatory rights granted by that law apply in addition to the rights set out above, and prevail over any inconsistent provision of this policy to the extent of the conflict. Email privacy@marenn.com if you want to exercise rights under a non-Australian law and we will assess and respond.

12. Security and breach notification

We protect personal information with technical and organisational measures appropriate to the risk, including transport-layer encryption (TLS 1.2+) for data in transit, AES-256 (or equivalent provider-managed) encryption for data at rest, role-based access controls, the principle of least privilege, audit logging, multi-factor authentication for administrative access, secret management via Google Cloud Secret Manager, network segmentation, web-application-firewall protection, rate-limiting, and an incident response plan.

If a data breach occurs that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme within the timeframes required by the Privacy Act 1988 (Cth).

13. Climate Mesh data anonymisation

If you host a climate station at a residential property, we anonymise the installation at the property level before any data appears on the public mesh. Your address, name and personal contact details are not published on the public network. Aggregated and anonymised climate readings (temperature, wind, rain) may be shown with a suburb-level pin, not a street-level pin. Public-venue stations (cafes, clubs, businesses hosting a station) appear on the public mesh with the venue's name and pin in exchange for hosting.

14. Aggregated and de-identified data

Subject to the APPs, we may create, retain, use and license aggregated or de-identified data derived from the information we collect, including for regional climate research, underwriting science, insurer and reinsurer data products, mortgage-risk modelling and academic research. Once de-identified the data is no longer personal information; we commit not to re-identify it and to require any recipient under contract not to re-identify it.

15. Children

Marenn's services are not directed at children. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected the personal information of a child without verified parental consent we will delete it. Parents and guardians who believe their child has provided personal information to Marenn should contact us at privacy@marenn.com.

16. Changes to this policy

We may update this policy from time to time as our services evolve. The "Effective" date and version at the top of this page reflect the current version. Where changes are material we will notify you via the email address we hold for you. Continued use of marenn.com or any Marenn service after the effective date of an update constitutes acceptance of the updated policy; if you object, you may withdraw consent and request deletion.

17. Contact and complaints

For privacy questions, to exercise your rights, or to complain:

Marenn Australia Pty Ltd
Attn: Privacy Officer
privacy@marenn.com
General: hello@marenn.com
Peregian Beach, Queensland, Australia

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at oaic.gov.au.