Privacy

Last updated 12 July 2026

PowerLens exists to give you an honest answer about your electricity plan. We're not going to be cagey about what we do with your data to get you that answer — here's exactly what we collect, why, and how to delete it.

Short version: we read your bill once, throw away the file, and keep only the numbers needed to price your plan. Nothing is ever sold. Your report is deletable at any time, by you — confirm once and it's gone permanently.

What we collect

When you upload a bill

Your bill file (PDF or photo) is sent to Anthropic's Claude API to read the numbers off it — retailer, plan name, tariff rates, daily supply charge, feed-in rate, billing period, and your usage and export in kWh. This happens once, at upload. On our side, the file itself is deleted immediately after we've read it — we never store the bill, only the extracted numbers. Anthropic, as the processor that reads it, may retain the file for up to around 30 days under their standard API terms for abuse and safety monitoring, before it's deleted on their side too — this is their retention window, not ours, and we disclose it here rather than imply the bill vanishes everywhere the instant we've read it. If you add extra bills later for a sharper verdict, each one gets the same treatment: read once, thrown away on our side, only the numbers kept.

Your email address

We ask for your email when you upload — it's where your verdict report goes, and where any payment receipt goes. That delivery is the whole purpose: providing the service you asked for. We only ever send you marketing if you expressly opt in — an untick-by-default box at upload that you have to tick yourself. If you do opt in, we record that choice with a timestamp and the exact wording you agreed to, and you can take it back at any time: every marketing email carries a one-click unsubscribe link that works immediately, no login, no questions. Your email is used by PowerLens Pty Ltd only — never sold, shared, or passed to anyone else for their marketing, ever. It's kept with your report and deleted with it: deleting your report also deletes your email and the consent record.

Your meter number (NMI)

We never store your NMI in full. What we keep is a one-way cryptographic hash (SHA-256 — so we can confirm two bills are for the same property without holding the real number), the last 4 digits masked for display (e.g. ••••1315), your distributor, and your state. The full number never touches our database and is never shown back to you or anyone else.

In the correction step, you also tell us

Your postcode (to confirm it) and your battery install date, plus whether any of four plan-eligibility conditions apply to you: you have an electric vehicle, you'd bundle gas with the same retailer, you hold a Seniors Card, or you're on a government/premium feed-in tariff. Nothing else.

Your report

Your report lives at a private, hard-to-guess link — no account, no login, no password to lose. Anyone holding that link can view or delete the report; we treat possession of the link as your authority to do either. That's the whole security model, by design.

If you pay

Stripe handles your card details directly — we never see or store your card number. We keep your email (to send the report and any re-run) and Stripe's own transaction reference. The transaction reference has no personal details in it.

If you join the waitlist or ask for a reminder email

Just your email, and — for reminders — an optional install date and the date we should remind you. No name, no address, no phone number.

Behind the scenes (operational logs)

We log operational events — failed payment webhooks, rate-limit trips, extraction errors, which reports' verdicts changed on a re-run — so we can keep the service working and catch problems fast. These logs hold counts, error reasons, and report IDs only. Never your bill numbers, your email, or your NMI.

Where your data is processed

Your report data is stored with Supabase, hosted in Sydney, Australia. Some processing genuinely crosses borders, and we're not going to hide that: reading your bill uses Anthropic's Claude API (a US company) — your bill image is sent there for that one read, and discarded on our side the moment we've extracted the numbers. Anthropic may hold their copy of the file for up to around 30 days under their own API terms, for abuse and trust-and-safety monitoring, before they delete it — we don't control that window, but we're disclosing it plainly rather than letting "discarded" read as instant everywhere. This is the extent of our overseas disclosure of your bill: Anthropic reads it to extract numbers, under their standard retention terms, and nothing else is done with it there. Card payments are processed by Stripe, report and reminder emails are sent via Resend, and the site itself is hosted and served through Vercel's global network — all established international providers. None of this changes what we do with your data; it just means a few processing steps briefly leave Australia in transit, the same as almost any website you use.

How long we keep things

Deleting your data

Your report: open your report link and choose Delete this report. You'll be asked to confirm once — that confirmation is real: once you go through with it, this permanently removes your extracted bill data, any extra bills you added, your email and marketing-consent record, and your payment-unlock status for that report. It can't be undone — there's no recovery, and no support process can bring it back.

Reminder emails: every reminder email has a one-click unsubscribe link that stops future emails immediately.

Marketing emails: only ever sent if you expressly opted in, and every one carries a one-click unsubscribe link that revokes that consent immediately — your verdict report and receipts still arrive as normal.

Waitlist emails, or a full erasure of anything else we hold about you (including actually deleting a waitlist or reminder row, not just unsubscribing): email support@powerlens.com.au. We're a small team and haven't built a self-serve button for this yet — every request is handled by hand, and we treat them as urgent.

If PowerLens is sold

PowerLens is built to be a sellable business. If we're ever acquired or merge with another company, customer data may transfer to the new owner as part of that sale — standard practice for a business sale, and disclosed here upfront so it's never a surprise later. Any new owner would be bound by this same privacy policy (or one at least as protective) for any data they receive.

Your rights

Under the Australian Privacy Principles, you can ask what we hold about you, have it corrected, or have it deleted. The correction step in the report flow already lets you fix anything we misread from your bill before it's priced. For anything else, email support@powerlens.com.au.

Security

Every table holding your data is locked down by default — nothing is readable except by our own servers, not even by us through any public interface. Card payments never touch our servers at all; Stripe handles them directly. We don't sell your data, ever, to anyone, for any reason.

Questions

support@powerlens.com.au — a real person reads this, not a bot.