Privacy Policy

1. What personal information we collect

We collect the following categories of personal information:

• Account information: Your email address, provided when you sign up.
• Payment information: Billing details processed and stored by Stripe (we do not store your full card number).
• Usage data: Basic interaction data from your use of the GovScanner dashboard (pages visited, features used).
• Search and query data: Searches you perform on the platform are logged to improve search quality and relevance. This includes search terms, filters applied, and results viewed.
• API usage data: If you use the GovScanner API, we log API requests including endpoints accessed, request frequency, and response metadata. This is used for rate limiting, abuse prevention, and service improvement.
• Communications: Any emails or messages you send to us.

2. How we collect personal information

We collect personal information:

• Directly from you - when you create an account, subscribe to a plan, or contact us.
• Automatically - through essential session cookies when you use the dashboard, and server-side logging of searches and API requests.

3. Why we collect and how we use your information

We collect and use your personal information for the following purposes (APP 6):

• Service delivery: Providing dashboard access and API responses to government data from our 10 data sources.
• Payment processing: Managing subscriptions and processing payments through Stripe.
• Service improvement: Analysing search patterns and API usage to improve search relevance and platform features.
• Account management: Managing your preferences and responding to support requests.
• Service communications: Sending transactional emails about your account, billing, and service changes.
• Legal compliance: Meeting our obligations under Australian law.

3A. Aggregated and de-identified data

We may compile, analyse, and use aggregated and de-identified usage data - including search trends, popular categories, and general platform activity patterns - to improve our services, develop new features, produce market insights and reports, and for other lawful business purposes. This data does not identify any individual user. We may share or publish aggregated insights derived from platform usage.

4. Third-party service providers

We use the following third-party services to operate GovScanner. Each may process your personal information in accordance with their own privacy policies:

• Supabase - Database hosting and authentication. Stores account data, search logs, and API usage data.
• Stripe - Payment processing. Stores and processes payment card details, billing address, and transaction history.
• OpenRouter / LLM providers - AI-powered data extraction and enrichment from government publications. Government content (which may contain names and other information published in the public record) is sent to large language model APIs for structured extraction. No subscriber personal information (email addresses or account data) is sent to these services. OpenRouter routes requests to various LLM providers; the data processed is exclusively publicly available government content.

We do not sell, rent, or trade your personal information to any third party.

5. Cross-border data transfers

In accordance with APP 8, we disclose that your personal information may be transferred to, and processed in, countries outside Australia. Specifically:

• Supabase: Data is hosted on servers which may be located in the United States or Singapore.
• Stripe: Headquartered in the United States, with servers globally.
• OpenRouter / LLM APIs: Servers located in the United States. Only government content is processed - no subscriber personal information is transferred.

We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs. By using GovScanner, you acknowledge and consent to these transfers.

6. Cookies and tracking

GovScanner uses only essential session cookies required for the dashboard to function (authentication and session management). We do not use analytics cookies, advertising cookies, or any third-party tracking scripts such as Google Analytics.

7. Data retention and deletion

We retain your personal information for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained while your account is active. Deleted within 30 days of account deletion.
• Search and API logs: Retained for 12 months for service improvement purposes, then automatically purged.
• Payment records: Retained as required by Australian tax law (generally 5 years from the relevant financial year).

You may request deletion of your account and personal information at any time by emailing us. We will process deletion requests within 30 days, subject to any legal obligations to retain certain records.

8. Data security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (APP 11). Our security measures include:

• Encrypted data transmission (TLS/HTTPS) for all communications.
• Secure authentication for dashboard access.
• Payment information handled entirely by Stripe (PCI DSS compliant) - we never see or store your full card details.
• Access to production systems restricted to authorised personnel only.
• Regular review of security practices.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you (APP 12).
• Correct any inaccurate, out-of-date, or incomplete information (APP 13).
• Request deletion of your personal information (subject to legal retention requirements).
• Complain if you believe we have breached the APPs.

To exercise any of these rights, contact us at [email protected]. We will respond to access and correction requests within 30 days.

10. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint by emailing [email protected]. We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: [email protected]

10A. AI Assistant Integrations (MCP)

GovScanner offers integrations with AI assistants (such as Claude, ChatGPT, Perplexity, and others) via the Model Context Protocol (MCP). When you connect an AI assistant to GovScanner:

• Authentication: You authorise the connection via OAuth 2.1. GovScanner issues an access token to the AI assistant on your behalf. We do not share your password with any AI assistant.
• Queries sent to GovScanner: When you ask the AI assistant to look up government data, your query (the search terms or record IDs you request) is sent to GovScanner's MCP server. These queries are logged in the same way as direct API or dashboard queries, subject to our 12-month retention policy.
• Government data returned: GovScanner returns publicly available Western Australian government records (Hansard, gazette notices, bills, question-on-notice answers, etc.) to the AI assistant for use in your conversation. This data is sourced from official government publications and contains no subscriber personal information.
• Data shared with AI providers: The content of your conversation with the AI assistant — including any GovScanner data it returns — is subject to the privacy policy of that AI provider (OpenAI, Anthropic, Perplexity, etc.). GovScanner has no control over how AI providers handle conversation data.
• No additional data collection: MCP connections do not result in GovScanner collecting any additional personal information beyond what is described in this policy. Usage is attributed to your account and counts toward your plan quota.

You can disconnect an AI assistant integration at any time from your GovScanner dashboard. Disconnecting revokes the access token for that assistant.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or by posting a notice on our website. The “Last updated” date at the top of this policy indicates when it was last revised.

12. Contact us

For any privacy-related questions or requests, contact:

Purple Ghost trading as GovScanner
ABN 60 923 627 375
Email: [email protected]
Western Australia