UAI Engine Solutions is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the General Data Protection Regulation (GDPR) where applicable, and other relevant privacy laws.
1. Information We Collect
1.1 Information You Provide:
- Account information: name, email address, password (hashed).
- Profile information: business name, ABN, address, phone number.
- Payment information: billing address, card details (processed by Stripe, we do not store card numbers).
- Content: prompts, Generated Sites, and any other content you create or submit.
- Communications: emails, support requests, and feedback you send us.
1.2 Information Collected Automatically:
- Log data: IP address, browser type, pages visited, time and date of visits.
- Device information: device type, operating system, screen resolution.
- Usage data: features used, generation history, session duration.
- Cookies and similar tracking technologies (see our Cookie Policy).
1.3 Information from Third Parties:
- Authentication providers: Google and GitHub OAuth data (email, name, profile picture).
- Payment processors: transaction confirmations and billing information from Stripe.
2. How We Use Your Information
We use your personal information to:
- Provide, operate, and improve the Platform.
- Process payments and manage your Subscription.
- Send transactional emails including receipts, lead notifications, and account alerts.
- Provide customer support and respond to enquiries.
- Monitor and analyse usage patterns to improve our services.
- Detect, investigate, and prevent fraud and security incidents.
- Comply with legal obligations under Australian law.
- Send marketing communications where you have consented (you can opt out at any time).
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, or other GDPR-applicable jurisdictions, we process personal data under the following legal bases:
- Contract: processing necessary to provide the Platform services you have requested.
- Legitimate interests: fraud prevention, security, product improvement, and direct marketing to existing customers.
- Legal obligation: compliance with applicable laws.
- Consent: marketing communications and optional analytics. You may withdraw consent at any time.
4. Disclosure of Information
4.1 We may disclose your personal information to service providers who assist us in operating the Platform, law enforcement agencies or regulatory bodies when required by law, and successors in the event of a merger, acquisition, or sale of our business.
4.2 We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4.3 International Transfers: Some of our service providers are located outside Australia. By using the Platform, you consent to the transfer of your personal information to countries that may not have equivalent privacy protections. We take reasonable steps to ensure overseas recipients protect your information.
5. Data Storage and Security
5.1 Storage Location: Your primary data is stored on Google Firebase infrastructure in Sydney, Australia (asia-southeast1 region).
5.2 Security Measures: We implement industry-standard security measures including encryption in transit (TLS 1.2+) and at rest (AES-256), Firebase Authentication for secure login, Firestore Security Rules restricting data access to authorised users only, and regular security monitoring via Sentry.
6. Data Retention
We retain personal information for:
- Account data: duration of Account plus 7 years (Australian tax record requirements).
- Generated Sites and content: until Account deletion, then 30 days before permanent destruction.
- Lead/submission data: 2 years from collection or until you delete it, whichever is earlier.
- Payment records: 7 years as required by Australian taxation law.
- Log data: 90 days.
7. Your Privacy Rights
7.1 Australian Privacy Rights (Privacy Act 1988): You have the right to access the personal information we hold about you, request correction of inaccurate or outdated information, and make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
7.2 GDPR Rights (EEA/UK Users): In addition to the above, you have the right to erasure, restriction of processing, data portability, and to lodge a complaint with your local data protection authority.
7.3 California Privacy Rights (CCPA): California residents have the right to know what personal information is collected, delete personal information (subject to exceptions), and opt out of the sale of personal information (we do not sell personal information).
7.4 How to Exercise Your Rights: Submit requests to hello@uaiengine.com with "Privacy Request" in the subject line. We will respond within 30 days.
8. Children's Privacy
The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at hello@uaiengine.com.
9. Marketing Communications
9.1 We may send you marketing emails about our products and services where you have consented or as permitted under the Spam Act 2003 (Cth) and applicable laws.
9.2 You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email or contacting hello@uaiengine.com.
10. Contact Us
For privacy enquiries or to exercise your rights, contact:
- Email: hello@uaiengine.com
- Subject line: "Privacy Request"
- Response time: within 30 days
- OAIC complaints: oaic.gov.au/privacy/privacy-complaints