Privacy Policy

Last updated 29 April 2026.

Esteb and Co Pty Ltd (ACN 681 636 056) trading as Esteb & Co is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what personal information we collect, why we collect it, how we use and disclose it, and the rights you have over it.

The short version: we collect what we need to find you a home loan, we share it only with the lender you ask us to deal with and the regulated infrastructure that runs our business (aggregator, email, analytics), and we don't sell your information to anyone.

1. Who we are

Trading name: Esteb & Co
Legal entity: Esteb and Co Pty Ltd (ACN 681 636 056)
Credit Representative: Esteb and Co Pty Ltd, ASIC Credit Representative #574070
Authorised broker: Richard Esteb, ASIC Credit Representative #574071
Australian Credit Licensee: Australian Finance Group Ltd (AFG), ACL #389087
Privacy contact: Richard Esteb · r@estebandco.com · +61 424 406 977

2. What we collect

Information you give us through a calculator

Income figures (base salary, bonus, rental, other), employment type, dependants, household structure
Existing liabilities (credit card limits, personal loans, car loans, HECS, BNPL)
Property details (purpose, postcode, expected rent for investments)
Loan term and household living expenses

Information you give us when requesting a report

Name, email address, mobile number (optional)
Whether you've indicated you're ready to speak with a broker

Information collected automatically

Technical data: IP address, browser/user-agent string, device type
Page interaction: which questions you answered, time on each step, abandonment points
Marketing attribution: UTM parameters, Google Click ID (gclid), Facebook Click ID (fbclid), referring URL

Information collected later in the process (only if you proceed with a loan)

Identity documents (driver licence, passport) for AFG/lender ID verification
Income and asset evidence (payslips, BAS, bank statements, tax returns)
Credit history (with your consent, via the lender's credit enquiry)
Property and contract documents

3. Why we collect it

We collect personal information for the following purposes:

To run the calculator and show your panel result — figures are processed by our borrowing-capacity engine against each lender's published policy.
To respond to your request for a personalised report, follow up by email or phone, and arrange a meeting if you've asked to speak with a broker.
To prepare and lodge a credit application with a lender on your behalf, if you decide to proceed.
To meet our regulatory obligations — file notes, the Credit Quote and Credit Proposal disclosure, AML/CTF identification, ASIC and AFG audit requirements, and 7-year record retention under the National Consumer Credit Protection Act.
To improve the calculators — we look at aggregated funnel analytics (which questions cause drop-off, how long the wizard takes) so we can make the tool better.

4. Who we share it with

We disclose your personal information to the following categories of third parties, only for the purposes above:

Recipient	What is shared	Why
Australian Finance Group Ltd (AFG) — our aggregator and Australian Credit Licensee	Full file: contact details, financial position, ID, application data	AFG is the licensee under which Richard Esteb is authorised to provide credit assistance. Lodgement, compliance and audit run through AFG's systems.
The lender you choose to apply with	Application data, ID, income/asset evidence, credit-enquiry consent	To assess and process your loan application. We only send your file to a lender after you've signed the Credit Proposal authorising it.
Mailgun (Sinch Australia / Mailgun Technologies, US)	Email address, name, message content	Sends transactional and broker emails on our behalf. Mailgun does not use your data for its own purposes.
Google (Google LLC, US) — Analytics 4 and Ads	De-identified usage events; hashed email if you submit (advanced matching)	Measures site performance and ad attribution. We do not upload financial figures to Google.
Meta Platforms, Inc. (US) — Facebook Pixel and Conversions API	Hashed email, hashed phone, hashed name, country, event metadata	Measures ad attribution. Identifying fields are SHA-256 hashed before transmission.
Hostinger (Lithuania / Singapore)	Server-side data and DNS	Hosts our infrastructure. Data on the server is encrypted at rest where supported.
Service providers we engage to settle your loan	Application-relevant data only	For example: valuers, conveyancers, settlement agents — only when a transaction reaches that stage.
Government and regulators	As required by law	ASIC, AUSTRAC, the Australian Taxation Office, courts, and law-enforcement agencies — only when legally compelled.

We do not sell your personal information to anyone.

5. Overseas disclosure

Some of the providers above (Mailgun, Google, Meta) store and process data outside Australia, primarily in the United States and the European Union. Where personal information is disclosed overseas we take reasonable steps, consistent with APP 8, to ensure the recipient handles it consistently with the Australian Privacy Principles. By submitting information through a calculator or contact form you consent to that overseas disclosure.

6. Cookies and analytics

Our site uses cookies and similar technologies for three things:

Functionality — remembering your progress through a calculator wizard so you don't lose answers if you reload.
Analytics — Google Analytics 4 (anonymised IP, no demographic targeting).
Advertising attribution — Google Ads conversion tag, Facebook Pixel. Both fire only after you've submitted your details, and identifying fields are hashed.

You can disable cookies in your browser. Disabling functional cookies may break the calculator wizards. Disabling analytics or advertising cookies has no effect on the calculator output you see.

7. Direct marketing

If you submit your details through a calculator we may send you:

An immediate report email summarising the panel result you saw on screen.
Follow-up emails relevant to your scenario (for example: rate movements, lender policy changes, content tied to your loan type).

Every marketing email contains a one-click unsubscribe link and we honour unsubscribe requests immediately. You can also reply STOP to any email or text us at +61 424 406 977 and we'll remove you from follow-up. Transactional and regulatory communications (for example: a Credit Proposal you've signed) are sent regardless of marketing preference.

8. Storage and security

Personal information is stored on a server we operate in Australia, plus the third-party platforms listed in §4. Reasonable steps we take to protect it:

HTTPS for all browser-to-server traffic
SSH key authentication for server administration; root login disabled by password
Encryption-at-rest where supported by the underlying storage
Database access restricted to least-privileged application users
Daily database backups retained for 14 days
API keys and credentials kept outside the public web root

No system is bulletproof. If we ever experience a notifiable data breach affecting your information we will notify you and the Office of the Australian Information Commissioner (OAIC) consistently with our obligations under Part IIIC of the Privacy Act.

9. How long we keep it

Calculator submissions without contact details: up to 12 months for funnel analysis, then deleted.
Lead records (with email): kept for 24 months from last interaction unless you've engaged us as your broker.
Active client files: retained for the life of the loan and then for 7 years after the file closes, as required under the National Consumer Credit Protection Act and AFG's record-keeping policy.

10. Your rights — access, correction, complaints

You can ask us, at any time, to:

Tell you what personal information we hold about you (APP 12)
Correct any of it that's wrong, incomplete or out of date (APP 13)
Delete your record (where we're not legally required to retain it)
Stop sending marketing emails

Email r@estebandco.com with the subject line "Privacy request" and we'll acknowledge within 7 days and respond substantively within 30 days.

If you're not satisfied with our response, you can complain to:

Office of the Australian Information Commissioner (OAIC) — oaic.gov.au/privacy/privacy-complaints · 1300 363 992
Australian Financial Complaints Authority (AFCA) — afca.org.au · 1800 931 678. Esteb & Co is covered under AFG's AFCA membership (#10532).

11. Changes to this policy

We may update this policy from time to time — for example, to reflect changes in the providers we use or in the law. The "last updated" date at the top of the page reflects the most recent revision. Material changes will also be notified to active clients by email.

12. Contact

For privacy questions, access requests, or to correct your details:

Email: r@estebandco.com
Phone: +61 424 406 977
Post: Richard Esteb, Esteb and Co Pty Ltd, Gold Coast QLD