Privacy Policy for the Service

This policy applies to personal information we handle when you visit our website, create or use an account, upload documents, run assessments, receive results, contact support, subscribe to a paid plan, or otherwise interact with the Service.

We may collect and hold personal information such as:

Account and profile details, including your name, email address, organisation name, password hash, user role and account preferences.

Email verification, sign-in and security information, including login timestamps, IP address, device or browser information, authentication events and session information.

Billing and transaction information, including billing name, billing address, tax information, plan details, invoice records, payment status, and limited payment metadata supplied by our payment processor.

Uploaded content and related metadata, including documents, attachments, file names, framework selections, prompts, assessment parameters, assessment history and plain-English outputs.

Support and communications data, including enquiries, feedback and correspondence.

Technical and usage information, including logs, diagnostics, browser type, pages viewed, referring URLs and analytics information.

Cookies and similar technologies used for session management, security, preferences and, where applicable, analytics.

We collect personal information directly from you when you register, verify your email, upload a document, configure or run an assessment, subscribe to a paid plan, contact us, or use the Service.

We may also collect limited information automatically through cookies, logs and similar technologies, and we may receive payment-status information or fraud signals from our payment provider and delivery-status information from our email provider.

We collect, use and disclose personal information for purposes including:

Creating and administering accounts.

Verifying email addresses and authenticating users.

Hosting uploaded content and generating assessment outputs.

Providing plain-English feedback and related platform functionality.

Processing payments, issuing invoices and administering subscriptions, credits and assessment runs.

Communicating with you about your account, the Service, support, security and administrative matters.

Maintaining, operating, troubleshooting and improving the Service.

Detecting, preventing and responding to misuse, fraud, abuse and security incidents.

Meeting legal, regulatory, accounting and record-keeping obligations.

Enforcing our rights under our terms and policies.

We may also use aggregated or de-identified information for analytics, service improvement, reporting and business operations.

The Service uses AI-assisted functionality to help analyse uploaded material against selected frameworks and generate outputs.

This means uploaded content, prompts, assessment instructions and related metadata may be processed by third-party AI or machine-learning providers acting on our behalf.

AI-assisted processing can produce incomplete, inaccurate or inappropriate results. You should not rely on outputs as a sole source of truth or as professional advice.

We may disclose personal information to service providers who help us operate the Service, such as providers of cloud hosting, application infrastructure, database services, object storage, authentication, email delivery, payment processing, analytics, logging, customer support and AI processing.

We take reasonable steps designed to ensure that relevant providers handle information consistently with contractual obligations and applicable law.

Some of our service providers may store or process personal information outside Australia, including in the United States and other countries in which our infrastructure or processors operate.

Where practicable, we will describe material overseas recipient locations in our subprocessor information or similar disclosure.

By using the Service, uploading content, or otherwise providing information to us, you acknowledge that overseas handling may occur.

You control what you upload to the Service. You must ensure you have the right to upload and authorise the processing of that content.

Unless the Service expressly states otherwise, you should avoid uploading unnecessary personal information and unnecessary sensitive information.

If uploaded material includes personal information or sensitive information about another person, you are responsible for ensuring you have any required notices, consents and authority.

We may remove, quarantine, refuse to process, or delete content that we reasonably believe is unlawful, prohibited, poses unacceptable risk, or should not be handled through the Service.

We store account, billing, assessment and other structured application records in our application database and uploaded files in object storage.

We use reasonable administrative, technical and organisational measures designed to protect information from misuse, interference, loss and unauthorised access, modification or disclosure.

These measures may include role-based access controls, authentication controls, encryption in transit, backups, logging and vendor due diligence.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

We retain and delete information in accordance with our operational, technical, legal and business requirements.

We do not guarantee that information will be retained, deleted, recoverable or permanently erased within any specific timeframe.

We may retain, delete, restrict, archive or de-identify account information, uploaded content, assessment outputs, technical records and other data where we consider it necessary or appropriate for the operation, security, administration, improvement or protection of Docutiser, or to comply with legal, accounting, dispute resolution, audit or compliance requirements.

Deletion from active systems may not immediately remove information from backups, logs, caches, third-party systems or other operational records.

Where we no longer need personal information and are legally required to delete or de-identify it, we will take reasonable steps to do so.

You are responsible for keeping your own copies of anything you upload to or generate through Docutiser.

You may request access to personal information we hold about you and ask us to correct inaccurate, out-of-date, incomplete, irrelevant or misleading information.

You may also make a privacy complaint. We may need to verify your identity before acting on a request.

We will respond within a reasonable time. If you are dissatisfied with our response, you may be able to complain to the Office of the Australian Information Commissioner.

We use cookies and similar technologies for session continuity, authentication, login state, security, preferences and, where implemented, analytics.

Some public pages may function without account-login cookies, but technical cookies may still be used for security, website operation and service integrity.

You can usually control cookies through your browser settings, although blocking some cookies may impair functionality.

The Service may link to or interoperate with third-party websites, services or content.

We are not responsible for the privacy practices of those third parties, and their own terms and policies will apply to your dealings with them.

We may update this Privacy Policy from time to time.

If we make material changes, we may notify users by posting the updated version on our website or through the Service, by email, or by other reasonable means.

The updated policy will state its effective date.

If you have questions, requests or complaints about this Privacy Policy or our privacy practices, contact us at:

Privacy contact: James Pridgeon

Email: James@onyx-regional.com