Privacy Policy
Effective date: 27 March 2026 · StrataCheckAI Pty Ltd
1. Our commitment to your privacy
StrataCheckAI Pty Ltd is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use the StrataCheckAI platform.
2. What personal information we collect
We collect: account information (email address, name if provided, subscription status); documents you upload (which may contain personal information about third parties — you are responsible for ensuring you have the right to share this); hashed IP addresses (we do not store raw IP addresses); usage and technical data; and disclaimer acknowledgement records.
3. How we use your personal information
We use your personal information to provide, operate, and improve the Platform; process payments and manage subscriptions; send transactional emails; respond to support requests; maintain our legal compliance obligations including 7-year evidence bundle retention; and detect and prevent fraud and abuse. We do not use your personal information for direct marketing without your consent. We do not sell, rent, or trade your personal information to third parties.
4. Disclosure to third parties
We disclose your personal information to the following service providers solely to provide the Platform services:
| Service provider | Purpose | Location |
|---|---|---|
| Anthropic (Claude AI) | AI analysis of document content | USA |
| Amazon Web Services | Document storage and evidence bundle retention | Australia (ap-southeast-2) |
| Supabase | Database (account data, report data) | USA |
| Clerk | Authentication and identity management | USA |
| Stripe | Payment processing | USA |
| Resend | Transactional email delivery | USA |
We may also disclose personal information where required by law, court order, or regulatory authority.
5. Data retention
| Data type | Retention period |
|---|---|
| Original uploaded documents (PDFs) | Deleted within 48 hours of report generation |
| Evidence bundle (AI inputs/outputs, hashes, chat logs, disclaimers) | 7 years in tamper-evident storage |
| Report summaries and findings | Duration of account + 7 years |
| Account information | Duration of account + 7 years, or as required by law |
| Payment records | 7 years (tax and accounting requirement) |
6. Security
We implement reasonable technical and organisational measures including: encryption of data in transit (TLS) and at rest; IP address hashing — we never store raw IP addresses; automatic deletion of source documents within 48 hours; WORM (write-once, read-many) storage for evidence bundles; and access controls limiting who can access personal information. We comply with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).
7. Your rights
Under the Australian Privacy Principles, you have the right to access, correct, and request deletion of your personal information, and to complain if you believe we have breached the APPs. Contact us at privacy@stratacheckai.com.au. We will respond within 30 days. If you are not satisfied, you may lodge a complaint with the OAIC at oaic.gov.au.
8. Cookies and tracking
We use session cookies for authentication. We do not use advertising or tracking cookies. We may use anonymised, aggregated analytics to understand how the Platform is used.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.
10. Contact
Privacy enquiries, access requests, or complaints: privacy@stratacheckai.com.au