Privacy Policy

Optible Ventures Pty Ltd trading as Optible AI

ABN 76 659 316 202

1. Introduction

Optible Ventures Pty Ltd trading as Optible AI ("Optible", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our platform and services ("Services").

This policy applies to all users of our Services, including grant applicants, assessors, administrators, and website visitors.

For detailed information about our security practices and certifications, visit trust.optible.ai.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address

• Organisation name and role

• Account preferences and settings

2.2 Grant Application Data

When your organisation uses our Services, we process:

• Grant application content submitted by applicants

• Assessment notes, scores, and feedback

• Supporting documents and attachments

• Workflow and approval data

2.3 AI Interaction Data

When you use AI Features, we collect:

• Your messages and prompts

• AI-generated responses

• Feedback you provide (ratings, comments)

• Documents and application data within the grant being discussed

2.4 Usage Information

We automatically collect:

• Log data (IP address, browser type, pages visited)

• Device information

• Feature usage and interaction patterns

• Performance and error data

2.5 Payment Information

Billing and payment details are collected and processed by our payment provider (Chargebee). We do not store complete payment card details.

3. How We Use Your Information

We use personal information to:

• Provide, maintain, and improve the Services

• Process grant applications and assessments

• Provide AI-powered analysis and assistance

• Communicate with you about the Services

• Process payments and billing

• Ensure security and prevent fraud

• Comply with legal obligations

• Respond to your enquiries and support requests

3.1 Legal Bases (GDPR)

For users in the European Economic Area and UK, we process personal information on the following bases:

• Contract: To provide the Services you have requested

• Legitimate interests: To improve our Services, ensure security, and communicate with you

• Legal obligation: To comply with applicable laws

• Consent: Where you have given explicit consent (e.g., marketing communications)

4. AI Features and Your Data

4.1 AI Processing

AI Features analyse grant applications to provide assessment assistance and recommendations. AI processing occurs on our cloud infrastructure in your selected region.

4.2 Human Oversight

AI-generated outputs are suggestions only. All final decisions require human review and approval. You have the right to request human review of any AI-assisted assessment.

4.3 How AI Improves

We use your interaction data to improve how Optible works for you - refining suggestions, improving accuracy, and making workflows smarter. The more you use the platform, the better it gets for your grant program.

Your data is not used to train external AI models or shared with third parties for their model development.

4.4 AI Access Controls

• AI Features access application data only when an authorised user initiates a request

• Access follows your organisation's role-based permissions

• AI Features do not access applications across different subscriber accounts

5. Data Residency

5.1 Regional Processing

Grant applications, assessment data, and AI processing are hosted in your selected region:

• Australia: AWS Australia

• European Union: AWS EU

• United States: AWS US regions

5.2 Australia-Hosted Services

The following services are hosted in Australia for all users:

• Authentication: Kinde (Australia)

• Billing: Chargebee (Australia)

5.3 EU-Hosted Services

The following services process operational data in the EU:

• Analytics: PostHog (EU)

• Error monitoring: Sentry (Germany)

5.4 Global Services

• Cloud security: Cloudflare (global edge network, no persistent storage)

For a complete list of subprocessors, visit trust.optible.ai/subprocessors.

6. Error Monitoring and Analytics

6.1 Error Monitoring

To maintain service quality and resolve issues, we use Sentry (hosted in Germany) for error monitoring. When errors occur, we may capture:

• Error messages and technical details

• Session replay recordings showing what happened before the error

This helps us identify and fix problems quickly. Recordings are:

• Only accessed by our team for debugging purposes

• Automatically deleted after 90 days

• You may request deletion by contacting us

6.2 Analytics

With your consent, we use PostHog (hosted in EU) for product analytics, which may include session recordings to understand how features are used and identify usability issues. You can manage this through our cookie banner.

7. International Data Transfers

Where personal information is transferred outside your region, we ensure appropriate safeguards:

• EU/UK to other regions: Standard Contractual Clauses (SCCs) as approved by the European Commission

• Other transfers: Contractual protections and security measures

We only transfer data to countries or organisations that provide adequate protection or where appropriate safeguards are in place.

8. Data Retention

We retain personal information for as long as necessary to provide the Services and fulfil the purposes described in this policy:

• Account data: Duration of your subscription plus 7 years (or as required by law)

• Grant applications: As configured by your organisation, typically 7 years

• AI conversation history: Retained with the associated grant application

• Usage logs: 12 months

• Session replay recordings: 90 days

• Billing records: 7 years (legal requirement)

Upon termination of your subscription, we delete Subscriber Data within 90 days unless you request export or retention is required by law.

9. Cookies and Tracking

9.1 Essential Cookies

We use essential cookies for:

• Authentication and session management

• Security features

• Feature flags for service delivery

These cookies are necessary for the Services to function and cannot be disabled.

9.2 Analytics Cookies

With your consent, we use analytics cookies for:

• Usage analytics to improve our Services

• Feature adoption tracking

• Performance monitoring

You can manage cookie preferences through the cookie settings in the platform footer.

9.3 Do Not Track

Some browsers offer a "Do Not Track" signal. We do not currently respond to Do Not Track signals as there is no industry standard. You can manage tracking through our cookie consent preferences.

10. Your Privacy Rights

10.1 All Users

Regardless of location, you may:

• Access: Request a copy of your personal information

• Correction: Request correction of inaccurate information

• Deletion: Request deletion of your personal information

• Complaint: Lodge a complaint with a supervisory authority

10.2 European Economic Area and UK Residents (GDPR)

You also have the right to:

• Portability: Receive your data in a portable format

• Restriction: Request restriction of processing

• Objection: Object to processing based on legitimate interests

• Withdraw consent: Where processing is based on consent

• Human review: Request human review of decisions involving automated processing

10.3 California Residents (CCPA/CPRA)

You have the right to:

• Know: Know what personal information we collect and how it is used

• Delete: Request deletion of your personal information

• Opt-out of sale/sharing: We do not sell or share your personal information for advertising purposes

• Opt-out of profiling: Opt out of automated decision-making

• Non-discrimination: We will not discriminate against you for exercising your rights

10.4 Australian Residents

You have rights under the Privacy Act 1988 (Cth) and Australian Privacy Principles, including the right to access and correct your personal information.

10.5 Exercising Your Rights

To exercise your rights, contact: security@optible.ai

We will respond within:

• 30 days (GDPR, extendable by two months for complex requests)

• 45 days (CCPA, extendable by an additional 45 days)

• 30 days (Australian Privacy Act)

11. Data Security

We implement technical and organisational measures to protect personal information, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)

• Access controls and authentication

• Regular security assessments

• SOC 2 Type II and ISO 27001:2022 certifications

For details about our security practices, visit trust.optible.ai.

12. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

• Notify affected subscribers within 72 hours of becoming aware

• Notify relevant supervisory authorities as required by law

• Provide information about the nature of the breach and remediation steps

13. Children's Privacy

The Services are not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

14. Third-Party Links

The Services may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or through the Services. The "Last Updated" date indicates when the policy was last revised.

16. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights:

Privacy Enquiries
Email: security@optible.ai

General Contact
Optible AI Lot Fourteen North Terrace Adelaide SA 5000 Australia
Website: optible.ai
Trust Centre: trust.optible.ai
Address: Stone & Chalk, Lot Fourteen, Adelaide, South Australia, Australia

Optible Ventures Pty Ltd trading as Optible AI

ABN 76 659 316 202