Acquilens — Privacy Policy

Version 1.0 — 16 April 2026

This Privacy Policy explains how Acquilens Pty Ltd (ABN [ACQUILENS ABN]) of [REGISTERED ADDRESS] (Acquilens, we, us, our) handles personal information in connection with the Acquilens platform (the Platform).

This Policy is written to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where you are located outside Australia, additional rights may apply to you under local law; where so, we apply the stricter of the applicable standards.

This Policy forms part of our Terms of Service.


1. About this Policy

This Policy covers personal information we collect about:

If you disagree with anything in this Policy, do not use the Platform.

2. Who we are and how to contact us

We are Acquilens Pty Ltd, an Australian company.

3. What personal information we collect

We collect the following categories of personal information:

3.1 Account information (from Users)

3.2 Usage information (from Users)

3.3 Customer Content (as hosted for our customers)

When you upload documents or other material to the Platform, that material may contain personal information about you or about third parties (for example, employees, directors, counterparties, or others named in due-diligence documents). We handle this personal information as a data processor on behalf of our customer.

Before Customer Content is sent to our AI processing sub-processor, we run it through a privacy pipeline that attempts to remove personally identifiable information. The pipeline is based on industry tooling (currently Microsoft Presidio) and is designed to identify and pseudonymise names, emails, phone numbers, identifiers, addresses, and similar categories of personal information. Pseudonymisation is not a guarantee of complete de-identification. See clause 8 for detail.

3.4 Billing information

If we introduce fees, we may collect billing and payment information (for example, name, billing address, ABN, and payment-method details). Payment-card data, if relevant, is handled by our payment provider, not stored directly by us.

3.5 Communications

We collect information you provide when you contact us (email, web form, support ticket), including its contents and any attachments.

3.6 Website visitors

We collect log data about visitors to our website (similar to clause 3.2). We may also collect information through cookies and web analytics — see clause 11.

4. How we collect personal information

We collect personal information:

If it is reasonable and practicable, we collect personal information directly from the individual it concerns. Where we collect personal information about individuals named in Customer Content, we do so from our customers who have warranted their authority to provide it to us (see Terms of Service, clause 10).

5. Why we collect and how we use personal information

We collect and use personal information to:

We do not use your Customer Content to train or improve AI models, or to benchmark or provide services to any other customer. See clause 8.

We will not use your personal information for a secondary purpose that is unrelated to the primary purpose for which we collected it, unless you would reasonably expect that use, you have consented, or we are otherwise permitted under the APPs.

6. Direct marketing

We may send you information about new features, events, or updates relevant to your use of the Platform. You can opt out at any time by using the unsubscribe link in any marketing email or by contacting privacy@acquilens.ai. We will not send you marketing communications if you have opted out.

7. To whom we disclose personal information

7.1 Within Acquilens

We disclose personal information to our employees and contractors who need it to perform their duties and who are bound by confidentiality obligations.

7.2 Sub-processors

We engage third-party service providers (sub-processors) to process personal information on our behalf. We remain responsible for personal information we disclose to a sub-processor. Our current sub-processors are listed at acquilens.ai/legal/sub-processors and include:

| Sub-processor | Purpose | Location | |---|---|---| | Anthropic, PBC | AI model processing (Claude Messages API) — see clause 8 | United States | | Supabase, Inc. | Database hosting (Postgres + pgvector + Supabase Auth) | Australia (ap-southeast-2, Sydney) | | [BACKEND HOSTING PROVIDER] | API / backend service hosting, privacy pipeline hosting | [REGION — confirm pre-pilot] | | [FRONTEND HOSTING PROVIDER] | Dashboard and website hosting, CDN | [REGION — confirm pre-pilot] | | [TRANSACTIONAL EMAIL PROVIDER] | Sign-in emails, password resets, notifications | [REGION — confirm pre-pilot; may be "same as database hosting" if using built-in auth email] | | [ERROR TRACKING PROVIDER, IF USED] | Error and diagnostic telemetry | [REGION — or remove if not used] | | [WEB ANALYTICS PROVIDER, IF USED] | Aggregate website/product analytics | [REGION — or remove if not used] |

Pre-pilot note: the bracketed entries are confirmed and finalised before the Platform is offered to external customers. The Sub-processors page is updated when new sub-processors are added and material changes are notified under the Terms of Service.

7.3 Other disclosures

We may also disclose personal information:

7.4 Cross-border disclosures (APP 8)

Some of our sub-processors are located outside Australia, principally in the United States. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs in relation to the information. This is achieved through contractual commitments in our sub-processor agreements.

Where we disclose personal information to an overseas recipient, we do so in reliance on APP 8.2(a) (reasonable steps taken) and, where you consent to the disclosure by accepting these Terms and this Policy, APP 8.2(b).

8. AI processing — specific information

This clause explains what happens when your Customer Content is sent to our AI processing sub-processor to generate Outputs.

8.1 Privacy pipeline

Before Customer Content is transmitted to our AI processing sub-processor, we run it through a privacy pipeline (currently Microsoft Presidio) that attempts to identify and pseudonymise personally identifiable information, including names, email addresses, phone numbers, identifiers, and addresses. Pseudonymisation is imperfect, is not a guarantee of complete de-identification, and does not remove all privacy risk.

8.2 Anthropic (Claude Messages API)

We use Anthropic's Claude Messages API to generate Outputs. Based on Anthropic's published terms and documentation at the date of this Policy:

The Anthropic links that govern the above are set out at the end of this Policy. If we change AI processing sub-processor, or if Anthropic's terms change materially, we will update this Policy and, where required, notify you under the Terms of Service.

8.3 No training or reuse by us

We do not use your Customer Content to train or improve AI models, to benchmark the Platform, to fine-tune prompts for other customers, or for any cross-customer purpose. Aggregated, de-identified telemetry (for example, "median agent runtime", "number of documents processed this month") may be retained and used internally for product improvement. Telemetry never includes the content of your documents, Outputs, or other Customer Content.

9. How we store and retain personal information

9.1 Where we store

Personal information is stored with the sub-processors listed in clause 7.2. Backups and disaster-recovery copies may be held in additional regions operated by those sub-processors.

9.2 Retention

We retain personal information for as long as is necessary to provide the Platform and to meet the purposes set out in clause 5. Specifically:

9.3 Enterprise retention configuration

Customers on an enterprise Order Form may agree a different retention period for Customer Content (for example, a shorter period for higher-sensitivity workloads or a longer period for regulatory alignment). Where so agreed, that period applies in place of the default.

9.4 Deletion

On deletion, we take reasonable steps to remove personal information from live systems. Some residual copies may persist temporarily in backups and in disaster-recovery systems until their scheduled expiry.

10. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, including:

No method of transmission or storage is perfectly secure. We cannot guarantee the security of information transmitted to or from the Platform, and you are responsible for the security of your own credentials and devices.

11. Cookies and analytics

[CONFIRM PRE-PILOT: describe website and Platform cookie and analytics usage. If no analytics or cookies are used on the Platform itself (other than session cookies), say so. If the marketing site uses a provider, name it — for example Plausible, Fathom, or Google Analytics — and describe the categories of data collected. Include how users may opt out.]

Placeholder language pending confirmation:

We use strictly necessary cookies and similar technologies on the Platform to keep you signed in and to remember basic preferences. Our marketing website [may or may not] use [PROVIDER] for aggregate analytics. Details, including how to opt out, are set out in our Cookie Notice at acquilens.ai/legal/cookies [create this page if analytics are used; remove this reference if not].

12. Your rights and choices

12.1 Access and correction (APP 12, 13)

You may ask us for access to the personal information we hold about you, and ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within a reasonable time, usually within 30 days. In limited circumstances we may decline a request; if we do, we will give reasons in writing.

12.2 Account self-service

Users can update most account information directly in the Platform (for example, name, email, password). Account administrators can manage Users and tenant-level settings.

12.3 Deletion

You can request deletion of personal information we hold about you. Where the information is Customer Content hosted on behalf of another customer, we will direct the request to that customer and assist them to respond in line with clause 9.2.

12.4 Requests from individuals described in Customer Content

If you believe your personal information appears in Customer Content held by us on behalf of one of our customers and you want access, correction, or deletion, contact us at privacy@acquilens.ai and we will route your request to the relevant customer.

12.5 Marketing opt-out

See clause 6.

12.6 Complaints (APP compliance)

If you believe we have handled your personal information in a way that breaches the APPs or this Policy, please contact privacy@acquilens.ai. We will investigate and respond within a reasonable time. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):

13. Children

The Platform is not intended for children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

14. Changes to this Policy

We may update this Policy from time to time. Where a change is material, we will notify Users by email or through the Platform at least 30 days before the change takes effect (or such shorter period as is required by applicable law), and where required re-prompt you to accept the updated version. Your continued use of the Platform after a change takes effect constitutes acceptance of the updated Policy.

15. Contact us

If you have any questions about this Policy or how we handle personal information:


References

Policies of our AI processing sub-processor referenced in clause 8:


This Privacy Policy is Version 1.0, dated 16 April 2026. For questions, contact privacy@acquilens.ai.