Privacy Policy

At AppGenie, privacy is not a marketing term. It is an accountability obligation: what we collect, why we collect it, who can access it, how long it is retained, and how we can prove the controls operated. We design privacy and security as verifiable operating controls—supported by traceable evidence.

1. Purpose and data minimisation

We collect and process only the information required to deliver services, operate our systems, and meet contractual or legal obligations. Where practical, we prefer low-sensitivity data, aggregation, and short retention windows over broad collection. If data is not required for an operational outcome, we do not keep it.

2. Accountability and provability

Privacy controls are only credible if they can be demonstrated. Our approach is built around:

Traceability: clear data lineage from source to storage to use.
Access accountability: role-based access, least privilege, and periodic review.
Audit evidence: access and change activity is logged to support investigation, assurance, and compliance reporting.
Retention discipline: defined retention and disposal rules aligned to purpose and obligations.

3. Security controls and protection of information

We apply security controls appropriate to the sensitivity and classification of the data and the operating environment. This commonly includes encryption in transit and at rest (where supported by the underlying platform), controlled identity and access management, segregation of environments, and monitored logging. Specific control sets are implemented according to the contract, risk profile, and the environment in which services are delivered.

4. Framework alignment

Our delivery practices are informed by recognised Australian and international frameworks, including the Australian Privacy Principles (APPs), ASD Essential Eight, and ISO/IEC 27001-aligned control thinking. Where Defence-adjacent or regulated supply chains are involved, we design for disciplined access control, evidence-grade logging, and operational governance that supports formal assurance activities.

5. Customer and site visitor information

If you contact us or use our website, we may collect basic identifiers and interaction metadata (for example: name, email address, organisation, and enquiry context) to respond securely and maintain service quality. We do not sell, trade, or broker personal information.

6. Third-party services and hosting

Where third-party platforms or providers are used (for example cloud hosting), we select services that support strong identity controls, logging, and security configuration. We restrict access using least privilege and maintain oversight of identity and access policies. For delivery engagements, the specific platforms used and the control responsibilities are documented for your environment.

7. Operational security and controlled access

Access to sensitive information is restricted to authorised personnel on a need-to-know basis and is subject to monitoring and review. Administrative actions are controlled and logged. Where required, we use time-bound access patterns and documented approvals to ensure access is both justified and auditable.

8. Requests, review, and contact

If you have a privacy query, wish to request access to personal information we hold about you, or require a review of data handling in a delivery context, contact us at info@appgenie.com.au.. We treat privacy matters as operational issues: triaged, tracked, and resolved with evidence.

Compliance MCP Service - Privacy Supplement

This supplement applies specifically to the AppGenie Compliance MCP Service (the "Compliance MCP"), the Model Context Protocol service available at https://compliance.appgenie.com.au and through connected AI assistants such as Claude and ChatGPT. It adds service-specific detail to the policy above; where they differ for this service, this supplement governs.

A. What the Compliance MCP collects

Account and identity data: your email address, email-verified status, and your identity-provider subject identifier, obtained when you sign in via our authentication provider using OAuth 2.1. Your access token is stored only as a SHA-256 hash; the raw token is never stored.
Query content: the compliance question you submit to a tool. It is processed to retrieve and generate a cited answer and is not retained in our audit or usage records. We do not collect your wider conversation history or chat transcript.
Audit and usage telemetry: per request we record a request identifier, timestamp, tool name, requested and resolved compliance profile, entitlement decision, billable units, subscription tier and HTTP status, for security, billing and audit purposes.
Billing metadata: subscription tier, plan, and the identifiers issued by our payment processor. We do not store payment card numbers; card data is handled solely by our payment processor.

B. How we use it

To authenticate you, enforce your subscription entitlements and usage limits, generate cited compliance guidance, operate and secure the service, meter and bill usage, and maintain audit evidence. We do not sell, trade or broker personal information.

C. AI and your data

The Compliance MCP answers questions using retrieval-augmented generation over a curated, AppGenie-authored compliance corpus. We do not use your queries to train or fine-tune AI models. Your query content is processed transiently to produce a response and is not added to any training dataset. Outputs are governed compliance guidance and are not a substitute for professional or legal advice.

D. Sub-processors and data residency

Primary service data is hosted in Amazon Web Services in the Asia Pacific (Sydney) ap-southeast-2 region in Australia. We use the following sub-processors:

Amazon Web Services (AWS) - hosting, compute and database (ap-southeast-2, Australia).
WorkOS, Inc. - authentication and identity (OAuth / AuthKit) and verification email (United States).
Stripe - subscription billing and payments (Australia and United States).
Amazon Simple Email Service (SES) - transactional email where used (AWS).

Authentication (WorkOS) and billing (Stripe) involve limited processing of identity and billing data in the United States; the compliance content and audit data remain in Australia.

E. Retention

Retention follows the AppGenie Data Retention and Disposal Standard:

Account and identity data: kept for the life of your subscription and deleted within 30 days of account closure or a verified deletion request, unless a legal hold applies.
Audit and usage records: retained for 2 years.
Operational authentication and access logs: 12 months.
Backups: up to 1 year.
Query content: not retained beyond transient processing.

F. Your rights

Consistent with the Australian Privacy Principles and, where applicable, the GDPR, you may request access to, correction of, or deletion of the personal information we hold about you. We complete verified deletion within 30 days unless a legal hold prevents it. To exercise these rights, contact info@appgenie.com.au.

G. Security

Access is authenticated with OAuth 2.1; tokens are short-lived and stored only as a hash. Data is encrypted in transit and at rest. The service serves only customer-distribution-approved content; internal-only material is excluded from the customer corpus. Access is least-privilege and audited.

Compliance MCP Service supplement - effective 31 May 2026.

Last updated: 31 May 2026