Privacy Policy

Applies to all Compliai suite products. Last updated: April 2026.

Who we are: Risk Assessment Tool is operated by Pingzhou Tu (ABN 56 591 469 534), an Australian sole trader. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What we collect

  • Account details: name, email address, organisation name
  • Usage data: features used, login activity
  • Content you create: records, reports, and forms you generate inside the app
  • Payment data: handled by Stripe — we never store card numbers

How we use it

  • To provide and improve the service
  • To send transactional emails (receipts, password resets)
  • To respond to support requests

We do not sell your data. We do not use your data for advertising.

Third-party services

ServicePurpose
SupabaseDatabase & authentication
StripePayment processing
ResendTransactional email
VercelHosting & delivery

All providers are contractually required to protect your data.

Data storage and security

Your data is stored on servers located in Australia (AWS ap-southeast-2 region). We use TLS 1.3 for all data in transit and AES-256 encryption for data at rest. We apply row-level security to ensure each organisation can only access its own records. Internal access to user data is restricted on a least-privilege basis.

Data retention

Data is retained while your account is active. After cancellation, account data is held for 90 days to allow for reactivation or export, then permanently deleted. You may request earlier deletion at any time by contacting us. Backups are retained for up to 30 days and overwritten on a rolling basis.

Your rights (APPs)

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate, incomplete, or out-of-date information
  • Request deletion of your personal information (subject to legal retention obligations)
  • Complain about a breach of the APPs — we will respond within 30 days

To exercise any of these rights, email us at the address below. We will respond within 30 days.

Cookies

We use essential session cookies only, required for authentication and core functionality. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Our analytics (Google Analytics, if enabled) uses anonymised data only and respects browser Do Not Track settings.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified to active account holders by email at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

Contact

For privacy-related enquiries or to exercise your rights:

privacy@getcompliai.com.au

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).