Legal

Privacy Policy

This policy explains how BuildCentral collects, uses, and protects your personal information when you use DatumDesk. We handle personal information in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

Last updated 29 June 2026

1.Who is responsible for your data

DatumDesk is operated by BuildCentral. BuildCentral is the entity responsible for the personal information described in this policy. For any privacy request or question, contact us at privacy@datumdesk.ai.

2.Information we collect

We collect the following categories of information:

  • Account information — your email address and, where you provide it, your name. Sign-in is passwordless (email one-time code) or via Google/Microsoft single sign-on.
  • Practice profile — the profession, building classes, and states or territories you select during onboarding, used to tailor your compliance answers.
  • Queries and answers — the questions you ask, the answers returned, and the source references retrieved. We keep these as an audit trail so you can re-open past answers.
  • Billing information — subscription status and a customer identifier from our payment processor. We do not see or store your full card details; those are handled directly by Stripe.
  • Technical information — standard log and device data generated when you use the service, used for security and reliability.

3.How we use your information

We use personal information to:

  • Provide, maintain, and improve the service;
  • Generate compliance answers tailored to your profession and jurisdiction;
  • Authenticate you and keep your account secure;
  • Process subscriptions and billing;
  • Respond to support requests and send service-related communications; and
  • Meet our legal and regulatory obligations.

We do not sell your personal information, and we do not use the content of your queries to advertise to you.

4.Service providers and where data is stored

We use a small number of trusted providers to run the service. They process data on our instructions and only as needed to provide their function:

  • A cloud database and authentication provider — stores your account, practice profile, and query history. This data is hosted in Sydney, Australia (ap-southeast-2).
  • Stripe — our payment processor, which handles subscription payments and card details. We never see or store your full card number.
  • AI and vector-search providers — interpret your question, retrieve the relevant source passages, and generate the cited answer. The text of your question is sent to these providers to produce a response.
  • Web hosting and analytics providers — deliver the site and help us understand how it is used. Our analytics provider sets cookies (see Cookies and analytics below).

Some providers may process data outside Australia. Where that happens, we take reasonable steps to ensure your information is handled consistently with the Australian Privacy Principles.

A current list of the specific sub-processors we use is available on request at privacy@datumdesk.ai.

5.Cookies and analytics

We use cookies and similar technologies to keep you signed in and to measure how the site is used. Essential cookies are required for the service to work, including authentication. Analytics cookies, set by our analytics provider, help us understand traffic and improve the site; you can block or delete cookies in your browser settings, though some features may not work as well if you do.

6.AI processing of your questions

To answer a question, DatumDesk sends the text you enter to the AI and search providers listed above. Please avoid including personal information about identifiable individuals, or confidential client details, in your questions where it is not necessary to get a useful compliance answer.

7.How long we keep information

We keep your account information and query history for as long as your account is active, so you retain your audit trail. We keep billing records for as long as required for tax and accounting purposes. When you close your account we delete or de-identify your personal information within a reasonable period, except where we are required to retain it by law.

8.Security

We protect your information with measures including encryption in transit, row-level access controls that restrict each user’s data to that user, and restricted administrative access. No system is perfectly secure, but we work to protect your information and to respond promptly to any incident.

9.Your rights

You can access and correct your personal information, or ask us to delete it, by contacting privacy@datumdesk.ai. If you are not satisfied with how we handle a privacy concern, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10.Changes to this policy

We may update this policy from time to time. If we make material changes we will take reasonable steps to notify you. The “last updated” date above shows when the policy last changed.

11.Contact

For any question about this policy or your personal information, contact privacy@datumdesk.ai.