Data Security Policy

Last Updated 24th October 2023

At Optible, we are committed to data privacy and security. We understand the importance of safeguarding your data and maintaining confidentiality. This policy outlines our dedication to data and security practices in compliance with Australian law. We may update this policy periodically, with the latest version available on our website. Please note, "we", “our” and "us” refers to Optible AI (The Company) ACN 76 659 316 202. "Customers" refers to users of our products and services. "Data" refers to any information or content processed or stored within our system. "System" refers to our software and associated infrastructure used to provide our products and services. "Terms of Service" refers to our contractual terms governing the use of our products and services. "Privacy Policy" refers to our policy outlining our practices for collecting, using, and protecting data. If you have any questions or concerns about our data and security practices, please contact us at support@optible.ai

Data Usage and Access Controls

We will access and use customer content only with explicit permission for the limited purposes of providing our products, improving our product quality, developing new AI/NLP capabilities, and as otherwise set out in our Terms of Service and Privacy Policy. The sole exception is in the case of a system emergency where access may be necessary to ensure the continued operability of our products. Access to the system is limited to authorised key personnel within our organisation, who must authenticate with a two-factor authenticator. We retain logs of all data access, and indefinitely retain logs of API calls.

Data Retention and Disposal

We retain data within the system for historical training and audit logs throughout the contract period, and retain it for up to three years after termination, unless formal requests to delete all records are received. Data used for system training will be anonymised and redacted wherever possible. Data may be deleted upon receipt of a formal request.

Data Encryption

We use HTTPS to ensure data transmitted between users and our services is encrypted during transmission, safeguarding it from interception. We use MTLS which enforces authentication and end-to-end encryption between services, ensuring information remains confidential and protected from unauthorised access. Additionally, we ensure all data is stored with encryption at rest settings, making it indecipherable.

Information Security and Network Protection

We have robust services and uptime measures in place to ensure the security and availability of our system. Our solution is stored within Australia to comply with Australian data privacy laws. We have monitoring in place to detect and respond to any security threats or incidents in a timely manner.

Security and High Availability

Our databases are isolated and can only be accessed using the dedicated service for each database. We utilise high availability measures to ensure continuous service availability and minimise any potential downtime.

Security testing is a fundamental component of our data security strategy. We conduct regular testing to assess any vulnerabilities in our system, as well as infrastructure security reviews and maintenance, and take action accordingly. We have implemented various automations which notifies our team on any vulnerabilities in our code and libraries.

Third Party Compliance

We work with trusted vendors and third-party cloud providers, such as AWS and Google Cloud, to ensure the security and compliance of our systems. Neither AWS nor Google Cloud accesses or uses customer data for any purpose other than as legally required for maintaining their respective services. To learn about compliance standards in the context of the Australian landscape, please read here: Google Cloud compliance and AWS compliance.

We ensure that our vendors and third-party providers comply with relevant data protection regulations and industry best practices for data security and privacy.

Documentation and Reporting

We ensure our data security policies and protocols are up to date, documented, and accessible. In the event of a security breach, we have strict protocols and reporting in place.