Legal

Privacy Policy

CONNIE QA Beta · effective 15 July 2026

1. Who we are

CONNIE QA (the "Service") is a research-preview AI compliance assistant for Australian construction practitioners. This policy describes how we handle personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). During the research preview, please use the Feedback button in the app footer for privacy matters.

2. What we collect (APP 1, 3, 5)

  • Account: email address and full name.
  • Professional profile: role, state/territory, licence number, licence class, and licence state (where you provide them).
  • Free-text responses: the "hopes" field on the beta-signup form.
  • Usage telemetry: conversation and thread metadata, uploaded photos, drawings and datasheets, and AI call events for rate-limiting and abuse prevention. We do not store model prompts or responses outside the conversation record you can see and delete.
  • Auth metadata: session timestamps and sign-in events from our authentication provider.

3. Why we collect it

To provide the Service, calibrate the beta to real practitioner workflows, protect the Service through rate-limiting and abuse prevention, and contact you about the preview. We do not sell personal information and we do not run advertising or third-party analytics tracking.

4. How and where it is stored (APP 8 — cross-border disclosure)

Cross-border notice: personal information is stored on Supabase infrastructure in Tokyo, Japan (ap-northeast-1). By creating an account and using the Service you consent to this overseas storage. In reliance on APP 8.2(a), we have obtained your consent after notifying you that APP 8.1 will not apply to that disclosure.

Data in transit is encrypted (TLS). Data at rest is encrypted by the hosting provider. Access is limited to authenticated database roles and application service-role code paths.

5. Retention

  • Beta account data: for the life of the beta and 90 days after its closure.
  • Usage and AI-audit events: 12 months, for security review and abuse response.
  • Content you delete (conversations, threads, uploads): purged within 30 days of the deletion request.

6. Your rights (APP 12 and APP 13)

You can request access to, correction of, or deletion of personal information we hold about you via the Feedback button in the app footer. We aim to respond within 30 days. If you believe we have breached the APPs, you may complain to us first and, if unsatisfied, to the Office of the Australian Information Commissioner (OAIC).

7. Notifiable Data Breach scheme

Under Part IIIC of the Privacy Act 1988 (the NDB scheme), we will notify affected individuals and the OAIC within 72 hours of confirming an eligible data breach that is likely to result in serious harm.

8. Third parties and sub-processors

  • Supabase — hosting, authentication, database, storage (ap-northeast-1, Tokyo).
  • Lovable AI Gateway — model routing for AI features.

We do not use advertising cookies or third-party analytics tracking on the Service.

9. Research preview

CONNIE QA is preview software. Features, data schemas, and access may change without notice. The Service is not intended for production compliance sign-off.

10. Practitioner responsibility

Nothing produced by CONNIE QA is legal advice or a substitute for a registered practitioner's judgement. The registered practitioner remains responsible for verifying and signing every output against the current NCC, referenced Australian Standards, and applicable state or territory regulations.

11. Changes to this policy

Material changes will be emailed to registered users. The latest version is always available at this URL.

Terms · Privacy · Coverage ·