Privacy Policy

1. Overview

ComplianceIntel (“we”, “us”, “our”) provides a statutory compliance intelligence platform for Queensland local government councils (the “Service”). We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2. Information We Collect

• Account information — name, work email address, organisation, and role, provided when your council sets up access to the Service.
• Usage information — log data such as IP address, browser type, pages visited, and timestamps, collected automatically to operate and secure the Service.
• Content data — information your council enters into the platform to manage its compliance register, including obligation assignments, assessments, controls, and incident records. This may include the names and roles of council officers identified as duty holders.
• Enquiry information — details you provide when contacting us for a demo or support, such as your name, email address, and council name.

3. How We Use Your Information

We use personal information to:

• provide, operate, and maintain the Service;
• authenticate users and secure accounts, including multi-factor authentication;
• respond to enquiries and provide support;
• monitor and improve the performance, reliability, and security of the Service; and
• comply with our legal obligations.

We do not use personal information for advertising, and we do not sell personal information to third parties.

4. Data Hosting and Storage

All platform data is stored with Supabase (PostgreSQL) in the Sydney region (ap-southeast-2). Your data remains within Australia and is not transferred offshore as part of our standard hosting arrangement.

5. Data Sharing and Subprocessors

We share personal information only with the service providers needed to operate the platform, including:

• Supabase, for database hosting and authentication; and
• Cloudflare, for content delivery, DDoS protection, and security.

These providers are bound by their own privacy and security obligations and only process data on our instructions. We do not otherwise disclose personal information to third parties except where required by law.

6. Data Security

We apply technical and organisational measures to protect personal information, including encryption in transit and at rest, row-level security at the database layer, multi-factor authentication, and role-based access control. Further detail is available on our Security page.

7. Data Retention

We retain personal information for as long as your council’s account remains active, or as needed to provide the Service. If your council’s account is closed, we will delete or de-identify personal information within a reasonable period, unless we are required to retain it for legal or regulatory reasons.

8. Your Rights

Under the Australian Privacy Principles, you may request access to, or correction of, personal information we hold about you. To make a request, contact us using the details below. We will respond within a reasonable timeframe.

9. Cookies

The Service uses strictly necessary cookies to maintain your session and keep your account secure. We do not use cookies for advertising or cross-site tracking.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to council administrators via email or through the Service.

11. Contact Us

For privacy-related questions or requests, contact us at hello@complianceintel.ai.