Book a Free Assessment

PRIVACY POLICY – DR AI (AI PRODUCTS & SERVICES)

Effective Date: 06/11/2025
Owner/Operator: Dr Tharaka de Vass (ABN 42 630 296 718) trading as Dr AI (“Dr AI”, “we”, “us”, or “our”).
Domains Covered: dr-ai.online (including any subdomains or related services offered by Dr AI by Dr de Vass).

Dr AI is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-related products, services, and consulting offerings (collectively, the “Services”), such as our GrantFit platform and any other AI-powered tools or solutions we provide. It also outlines your rights and choices regarding your personal information.

By using our Sites or Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Services. We encourage you to read this policy carefully and contact us with any questions.

1. Introduction and Scope

This Privacy Policy is designed to be consistent with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). We also strive to adhere to other relevant data protection laws, such as the principles underlying the EU General Data Protection Regulation (GDPR), especially when serving users outside Australia. However, our primary compliance framework is Australian law. Nothing in this policy limits our obligations under any applicable law; to the extent of any inconsistency, applicable law will prevail.

Key Points Covered in this Policy:

  • What Information We Collect: We outline the types of personal information we collect (and what we do not collect, such as sensitive personal data we don’t need).
  • How We Collect Information: The methods by which we gather information (e.g., directly from you via forms, or automatically via our website).
  • Why We Collect it (Purposes): How we use your information to provide and improve our Services, and the consequences if you choose not to provide certain information.
  • Disclosure of Information: Who we share your information with (e.g., our service providers, some of which are overseas) and how we protect your data when doing so.
  • Data Security & Retention: How we protect your data and how long we keep it.
  • Your Rights: How you can access or correct your information, and make complaints if needed.
  • Contact Us & Updates: How to reach us with privacy questions, and how we will notify you of changes to this policy.

This Privacy Policy applies to all personal information we handle in the course of running our Services, whether you are a customer, a prospective customer, or just visiting our websites.

2. What Personal Information We Collect

We collect only the personal information that is reasonably necessary to provide our Services and operate our business. The types of personal information we may collect include:

  • Contact Details: Information that can identify or contact you directly, such as your full name, email address, phone number, and/or organisational details. For example, when you sign up for GrantFit or another service, we ask for an email to send your report or results, and your name or business name for incorporation into reports and correspondence.
  • Profile and Business Information: Details about your business or project that you provide through our questionnaires, quizzes, or consulting intake forms. For example, in the GrantFit service, we might collect information about your business size, industry, location, and eligibility criteria to match you with relevant grants. In other AI consulting contexts, we may collect a description of your goals, data or content samples you want us to analyze, or other context needed to deliver the service.
  • Service Usage Data: Information about how you interact with our Services. This includes:
    • Responses and inputs you provide when using our AI tools (e.g. answers to quiz questions, text you input for analysis or content generation, feedback you give on outputs).
    • The outputs we generate for you (which may be stored for your later access and for our internal analysis).
    • Log data about your usage of our websites, such as the date and time of access, pages viewed, and technical information about your browser or device. (Note: This type of data is typically collected via cookies or similar tracking technologies; see Section 7 on Cookies & Analytics.)
  • Communication Content: If you correspond with us (for example, by emailing a question to hello@dr-ai.online or by using a chat feature), we may keep the content of those communications and our responses, as they often contain personal information like your contact details and any additional info you choose to provide.

Sensitive Information: We do not actively collect any “sensitive information” about you, unless you explicitly choose to provide it and it is necessary for a specific service. Sensitive information under Australian law includes data like your health records, racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, and criminal background. Our Services are not designed to require such information. We ask that you do not provide sensitive personal data unless it is absolutely necessary for the Service and you consent to our handling of it. If you do provide us with unsolicited sensitive information, we will treat it in accordance with this policy and the law (including potentially deleting it if not needed).

Children’s Data: Our Services are generally intended for adults and business entities. We do not knowingly collect personal information from children under 13 (or a higher age threshold where required by applicable law) without verifiable parental consent. If you are a parent or guardian and believe we have collected personal information from your child inappropriately, please contact us so we can investigate and address it.

Option to Anonymize: Where possible, you may have the option to interact with us anonymously or under a pseudonym (for example, making a general inquiry without providing your name). However, for most of our Services (like generating a personalized AI report or conducting a consultation), we need certain identifying details to deliver results and communicate with you. If you choose not to provide necessary personal information, we will inform you (at the time of collection or soon after) what consequences this may have. Typically, the consequence is that we may not be able to provide you with the full Service or respond effectively to your request. For instance, if you don’t provide an email address, we cannot send you a GrantFit report; if you omit key profile information, the report or advice we give might be incomplete or inaccurate.

3. How We Collect Personal Information

We collect personal information in the following ways:

Directly from You: The majority of data we collect is provided directly by you. You may submit information by filling out forms on our websites (such as our grant quiz, signup forms, or contact request forms), by entering information into our interactive AI tools, or by communicating with us via email, phone, or other channels. For example, when you use GrantFit, you directly input your business profile answers. If you engage us for consulting or other AI services, you will likely provide details about your needs in writing or during calls.

Through Automated Means: When you interact with our websites or online services, we use cookies, scripts, and similar technologies to automatically collect technical data. This can include your IP address, browser type, device information, and browsing actions (like the pages or screens you view and the dates/times of access). We also may record certain usage events (for instance, which buttons you click in a web form, or whether you encountered any errors). This information helps us deliver the pages correctly, maintain security, and analyze usage to improve the user experience.

From Third Parties (rarely): In general, we obtain personal information directly from you. We do not purchase marketing lists or extensive personal data from third parties. However, there are limited situations where we might receive information about you from others:

  • If someone refers you to our Services (e.g., a colleague thinks GrantFit could help you and provides us with your name and email to send an invite), we would collect that referral information. We would treat it as if you provided it, and we would give you an opportunity to opt-out of further contact.
  • If we partner with another organization on an event or joint service, and you sign up through them, they might pass your details to us for follow-up (subject to them having authority to do so). In such cases, we will handle your information per this policy from the moment we receive it.
  • Public Sources: On occasion, for business clients, we might confirm basic business identity information from public registers (like an ABN lookup) or company websites for due diligence. This is generally business information, not personal, except where they overlap for sole traders.

In all collection situations, we aim to collect information fairly and lawfully. We will not collect personal data by deceptive or intrusive means. When we ask you for information, we will usually point you to this Privacy Policy and may provide a brief “collection notice” (see Section 4) to ensure you are aware of why we are collecting the information and how we will use it.

4. Why We Collect Personal Information (Purposes)

We collect and use your personal information for the following primary purposes:

To Provide Our Services: This is the main reason we collect information. We use the details you give us (and the data our systems generate) to deliver the product or service you’ve requested. For example:

  • Using your questionnaire responses to generate a tailored GrantFit grant report for you.
  • Processing an input through our AI tools to produce an output (like a draft document, analysis, or recommendation) and delivering that output to you.
  • Scheduling and conducting consulting calls or meetings, where we may use your provided information to prepare for the session.
  • Managing user accounts if applicable (such as storing your information so you can log in and retrieve past reports or use saved settings).

To Communicate with You: We use contact information (like email or phone) to send service-related communications. This includes:

  • Delivering reports, notifications, or results from our Services.
  • Responding to inquiries or requests you make.
  • Sending confirmations, technical notices, updates, security alerts, or administrative messages.
  • If you are using a paid service, sending you receipts or invoices.
  • In some cases, we might also send informational or promotional communications about new features or related services, but we will do so in compliance with anti-spam laws (see Direct Marketing below).

To Improve and Develop Our Services: We continually seek to refine our AI models, tools, and content offerings. The information you provide (and how you use the service) can help us improve:

  • We may analyze user inputs and outputs in aggregate to tweak our algorithms for better accuracy or relevance. For example, if many users indicate a certain recommendation was off-target, we learn to adjust our model. These improvements are generally done using de-identified or aggregated data, and we do not publish your personal information in this context.
  • We track usage patterns (through analytics) to understand what features are most used, where users encounter problems, and what user flows are successful. This guides UI/UX improvements and feature development.
  • We may use feedback you provide (such as error reports or suggestions) to troubleshoot issues and enhance functionality.

To Ensure Quality and Ethical Use of AI: As part of responsible AI practice, we might review certain interactions (which could include your inputs and the AI’s outputs) to ensure our systems are working as intended and not producing harmful or biased results. If our staff or contractors review any such data, we do so in accordance with this Privacy Policy and only use it to make our Service better and uphold our ethical standards (for instance, improving prompt phrasing to avoid sensitive topics).

To Handle Transactions: If you make a purchase or engage paid services, we use necessary personal information (like your name, email, and payment details) to process the transaction. (Note: Payment card details are handled by our payment processor, not stored directly by us – see Section 5).

To Comply with Legal Obligations: We may need to use or disclose your information to comply with laws, regulations, court orders, or other legal processes. For example, maintaining proper records for tax purposes, or responding to lawful requests by public authorities.

For Security and Fraud Prevention: To protect our business and other users, we may monitor and analyze data to detect and prevent fraud, security breaches, or other potentially illegal or undesirable activities. For instance, we might log and review IP addresses to prevent automated attacks, or use CAPTCHA and similar tools which process some data to ensure a real person is using the site.

Direct Marketing (Limited): We generally rely on your interest in our Services to drive engagement, and we don’t bombard users with marketing. However, if you have an ongoing relationship with us (e.g., you signed up for a service or downloaded content), we might occasionally send you information about related products or updates that we think might interest you (for example, news about new features of Dr AI, new AI tools, or upcoming events). We will always give you a clear option to opt out of such communications in every message (except for essential service or transactional messages). If you tell us you don’t want marketing messages, we will respect that. We do not sell or share your personal information with third parties for their own direct marketing.

Consequences of Not Providing Information: Where we request information, you do not have to provide it. However, as noted above, not providing certain information may prevent us from offering you the Service. We will make clear (either at collection or via context) which information is optional and which is required for the particular activity. If you have concerns about providing some details, contact us and we will try to accommodate alternate arrangements if possible.

We will not use your personal information for purposes unrelated to our business functions or the reason you provided it, unless we obtain your consent or are required/authorized by law. We do not engage in automated decision-making that produces legal or similarly significant effects without human review; our AI generates content and suggestions, but any impactful decisions (like approving a grant application) are made by you or a third-party grant provider, not by us.

5. Disclosure of Personal Information

We treat your personal information with care and do not sell your personal details to third-party marketers. However, in the course of running our business, we do share personal information with certain third parties, as detailed below, and in some cases, these parties may be located overseas. Whenever we disclose information, we take steps to ensure the recipient will handle it in accordance with this policy, the Australian Privacy Principles, and other relevant laws.

5.1 Disclosure to Service Providers (“Data Processors”)

We use reputable third-party companies to support our operations and deliver the Services to you. These third parties perform functions such as data hosting, payment processing, email delivery, AI processing, and customer relationship management. They may have access to personal information as needed to perform their services, but they are not permitted to use it for their own purposes. Key service providers we currently use include:

  • 💾 Data Storage (Airtable): We use Airtable (a cloud database service) to store and organize the information you provide (e.g., your quiz responses and report data). Airtable’s servers are primarily located in the United States.
  • 🔗 Workflow Automation (Make/Integromat): We use Make (formerly Integromat) to automate data flow between our forms, databases, and email systems. It helps ensure that when you submit information, it triggers the necessary processes to generate your outputs and communications. Make’s infrastructure is based in the EU (Czech Republic) but also connects to our other services which may be global.
  • 💳 Payments (Stripe): For handling online payments, we rely on Stripe. When you enter your payment details, they go directly to Stripe. Stripe may store your card info for billing, but we only see summary information (like card type and last 4 digits). Stripe is a global company (with servers in the US and elsewhere) and is PCI-DSS compliant for security.
  • 🤖 AI Engine (OpenAI): Some of our AI-driven features use OpenAI’s platform to process prompts and generate text. For example, when GrantFit composes outline suggestions or when we draft content, we may send limited data to OpenAI’s API and get back generated content. OpenAI’s servers are primarily in the United States. We don’t share your identity with OpenAI, but content you provide might be processed by them to generate results.
  • ✉️ Email Service (SendGrid): We use SendGrid to send emails (such as delivering your reports, notifications, or any newsletters you’ve subscribed to). SendGrid’s infrastructure is also mainly US-based. It handles the email dispatch and tracking (e.g., if an email bounces), but the content of emails and your address are used only to send the messages.

We ensure that each service provider is bound by appropriate confidentiality and data protection obligations. For instance, we have data processing agreements where relevant, and we only share the minimum data necessary for the task.

5.2 Other Disclosures

Apart from our service providers, we will only share your personal information in a few specific scenarios:

  • With Your Consent or At Your Direction: If you explicitly request or consent to us sharing information with a third party, we will do so. For example, if as part of a consulting engagement you want us to work with another advisor or use a specific tool that requires your information, we would share data as instructed by you.
  • Legal Requirements and Protection: We may disclose information to courts, law enforcement, regulatory bodies, or other competent authorities when we believe disclosure is required by law or necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We will attempt to notify you of such disclosure, if permitted by law and practicable.
  • Business Transfers: If we (or substantially all of our assets) are acquired by or merged with another entity, or if we undergo a corporate reorganization, your personal information would likely be among the transferred assets. We would ensure the new entity is bound to respect this privacy policy (or one with equivalent protections), and we would notify you of the change and any choices you may have (for example, to discontinue use of the Services if you do not wish to transfer your data to the new owner).
  • Enforcing Our Rights: If necessary, we may share information in connection with enforcing our Terms of Service or other agreements, or asserting legal claims. This might include sharing data with debt collection agencies for unpaid fees or with legal counsel for contract enforcement.

5.3 Cross-Border Data Transfer and Storage

As mentioned, some of our service providers are located outside of Australia (for example, in the United States and Europe). This means that personal information may be stored or processed on servers in other countries. When your information is sent to or accessed from overseas jurisdictions, it may be subject to the laws of those jurisdictions (including any rights of government to access information).

Our Commitment: Before disclosing personal information overseas, we take reasonable steps to ensure that the recipient will handle your information in a way that is consistent with Australian privacy law and this policy. This may include:

  • Selecting providers that are certified under privacy frameworks (e.g., those participating in the EU-U.S. data transfer mechanisms or that have robust privacy policies).
  • Contractual arrangements (like Data Processing Addendums) that require the recipient to comply with certain privacy safeguards and use the information only for our specified purposes.
  • Due diligence on the provider’s reputation and past performance on data protection.

By using our Services or providing us with your information, you consent to this transfer, storing, and processing of your information in overseas facilities as described.

5.4 No Warranties for Third-Party Policies

While we aim to work with trusted partners, this Privacy Policy does not cover how these third-party providers handle your information beyond how they provide services for us. The third parties have their own privacy policies (for example, Stripe’s privacy policy or OpenAI’s data usage policy). We encourage you to review the privacy policies of any third-party services that you access through our Services. However, if you have concerns about any of our providers, please contact us and we can provide more detail about how your data is handled.

In summary, we disclose personal information only on a need-to-know basis and primarily to service providers integral to our operations. We do not share your personal information with unrelated third parties for their own use without your consent.

6. Data Security and Retention

6.1 Data Security: We take reasonable precautions to protect the personal information we hold from misuse, interference, loss, and unauthorized access, modification, or disclosure. Our approach to security includes:

  • Technical Safeguards: We use modern security technologies and practices. For instance, our websites and online forms are encrypted using SSL/TLS (you’ll see a padlock in your browser indicating a secure connection). We store data in cloud services that implement robust security measures (firewalls, encryption at rest, regular security audits). Access to our databases and systems is restricted through access controls (e.g., password protection, multi-factor authentication for administrative access, API keys and secrets for system integrations).
  • Organizational Measures: We limit access to personal information to Dr AI personnel and trusted contractors who need to know that information in order to operate, develop, or improve our Services. All such personnel are bound by confidentiality obligations. We provide training and guidance to our team about data privacy and security best practices.
  • Monitoring and Testing: We monitor our systems for possible vulnerabilities and attacks, and we carry out testing on our infrastructure (and encourage our service providers to do the same). We maintain logs of system access and have alerting for unusual activities.
  • Data Segmentation: Personal data and content you provide for different clients are segregated, ensuring that one client’s data is not accessible to another. For example, if we use AI to generate a report for you, that data remains associated with your account or case and isn’t open for other clients to see.
  • Incident Response: Despite best efforts, no method of data transmission or storage is 100% secure. We have a data breach response plan in place. In the unlikely event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law, and take steps to mitigate any damage.

6.2 Data Retention: We keep personal information only for as long as it is needed for the purposes described in this policy (or as required by law). This means:

  • If you are a customer, we will retain your information for as long as your account is active or as needed to provide you services. Even after you stop using a service or your account is closed, we may retain your data for a period of time in our archives in case you return, to maintain records for our own legal and financial accounting (for example, transaction records for seven years as required by tax laws), or to resolve disputes or enforce agreements.
  • We regularly review the data we hold. If information is identified that is no longer needed, we will either securely delete it or de-identify it (so it no longer can be associated with you).
  • For AI model improvement and analytics, as noted, we primarily use aggregated or anonymized data. If we have any raw data that is not needed (e.g., an uploaded document for analysis that we’ve finished processing and returned results to you), we typically either delete it after a certain period or anonymize it for limited retention. If you have questions about how long a particular type of data is kept, feel free to ask.
  • Backup and Recovery: Our systems may keep backup copies of data for reliability purposes. These backups are stored securely and are only retained for a limited time and accessed if needed for disaster recovery. When data is deleted from our active systems, it may still persist in backups for a period until those backups cycle out.

6.3 Your Role in Security: We also encourage you to play a role in keeping your information secure. For instance, if you create an account with us, choose a strong password and keep it confidential. Be aware of phishing attempts — we will never ask for your password via email, and you should verify emails claiming to be from us. If you suspect any unauthorized access or encounter any security issues with our Service, please notify us immediately at hello@dr-ai.online.

7. Cookies and Analytics

Our websites use cookies and similar tracking technologies to improve user experience and analyze how our Services are used.

What Are Cookies: Cookies are small text files that a website saves on your device when you visit. They allow the website to remember your actions or preferences over time. We use cookies for various reasons:

  • Essential Cookies: These are necessary for our site to function properly. For example, if our service has a login feature, an essential cookie might keep you logged in as you navigate.
  • Analytics Cookies: We use these to collect information about how visitors use our site. For instance, we might use Google Analytics or a similar tool to see which pages are popular, how long users stay, and where they come from. This data is generally aggregated and doesn’t directly identify individuals. It helps us understand usage patterns and improve our content and layout.
  • Preference Cookies: If applicable, these remember your settings and preferences (like language or region selection) so you get a customized experience.
  • Third-Party Cookies: Some of our embedded content or service providers may set their own cookies. For example, when we send emails via SendGrid, and you click a link, SendGrid might use a tracking mechanism to tell us that you opened the email or clicked through (which helps us gauge engagement). Our site itself might not have many third-party plugins beyond our own content, but it’s something to be aware of.

You can control or delete cookies as you wish. Most browsers allow you to refuse all or some cookies, or to delete cookies after you finish visiting a site. Keep in mind that if you disable cookies, some features of our site might not function as intended (for example, forms might not remember your inputs across pages, or you might have to re-login more frequently).

Other Tracking Technologies: We may use other technologies like web beacons (tiny graphic images in emails or on web pages that indicate a view or interaction) to count users or understand behavior. These are mostly used in conjunction with cookies or in emails to improve our offerings.

Analytics and Do-Not-Track: If you want to opt-out of Google Analytics, Google provides a browser add-on for that. If your browser supports a Do-Not-Track (DNT) signal, note that our websites currently do not respond to DNT signals, but you can still control cookies as described above.

No Targeted Ads (at this time): We do not currently use your data to retarget you with ads on other platforms, and we do not use advertising cookies on our sites. Should this ever change, we would update this policy and seek any necessary consents.

By using our site without adjusting your browser settings to refuse cookies, you consent to our use of cookies as described here. There will typically be a cookie notice on our site when you first visit, which you can read and accept or adjust your settings from.

8. Accessing and Correcting Your Personal Information

8.1 Access Rights: You have the right to request access to the personal information we hold about you. This is in line with APP 12 (Access to Personal Information) and similar rights under other regulations (like the “right of access” under GDPR for EU individuals). To make an access request, please contact us at hello@dr-ai.online.

  • Process: To protect your privacy, we may need to verify your identity before releasing information (for example, we might ask you to confirm some details we have on file or provide identification). Once verified, we will provide you with the information in a suitable format (usually electronically via email or a secure portal).
  • Timeframe: We aim to respond to access requests within a reasonable time, typically within 14 days for straightforward requests. If the request is complex or involves a large volume of information, we will let you know if we need more time (but it would rarely exceed 30 days unless there’s a specific issue).
  • Cost: In most cases, we will provide access free of charge. However, if your request is unusually extensive and would incur significant time or resources, we may charge a reasonable fee to cover those costs, in accordance with the Privacy Act. We will inform you of any potential fee and obtain your agreement before proceeding.
  • Exceptions: There are some circumstances under the law where we may refuse access (either fully or partially). For example, if providing access would unreasonably impact someone else’s privacy, or if it relates to legal proceedings or enforcement activities, or if it is frivolous or vexatious. If we refuse access, we will provide you with a written explanation of the reasons (unless it’s unreasonable to do so) and inform you of any available review or complaint mechanisms.

8.2 Correction Rights: We take reasonable steps to ensure the personal information we hold is accurate, up-to-date, and complete. If you believe that any information we have about you is incorrect, incomplete, or outdated, you have the right to request that we correct it (APP 13 – Correction of Personal Information).

  • Contact us at hello@dr-ai.online with details of the information you believe needs correction, and what the accurate or updated information is. Be as specific as possible about which records are affected.
  • We will process correction requests promptly, usually within 14 days as well. If we make the correction, we will confirm with you that it’s been done.
  • In some cases, we might refuse a correction request (for instance, if we disagree that the information is inaccurate and there’s a legal reason to keep the record as is, or if we simply do not have that information anymore). If we refuse to correct, we’ll give you a written notice stating the reason (to the extent reasonable and permitted by law) and inform you of how you can complain about the refusal.
  • If we refuse correction and you still contest the accuracy, you can ask us to attach a statement to the record stating that you believe the information is not correct. We will take reasonable steps to do that such that anyone accessing the information sees the statement.
  • We will not charge you for requesting a correction, and if a correction is made, we do not charge to notify any third parties who received the incorrect information from us (if it was practical and necessary to notify them).

8.3 Self-Service Access: If we provide any self-service portals or accounts where you can directly view or download your personal information (such as your profile or past reports), we encourage you to utilize those, as they can be the fastest way to get your information. This does not replace your right to contact us for access as described above.

8.4 Additional Rights for International Users: If you are based in certain jurisdictions (like the European Economic Area, UK, or California), you may have additional rights regarding your personal data, such as the right to deletion/erasure, the right to restrict processing, or the right to data portability. We are an Australian business, but we will honor these rights for users as applicable:

  • Deletion: You may request that we delete personal information we hold about you. Note that this right is not absolute—if we have a lawful reason to retain data (e.g., legal obligations, ongoing contractual relations, or legitimate interests under applicable law), we will inform you and only delete what we can. Our practice is to delete or de-identify data that we no longer need, as stated in Section 6.2; if you explicitly request deletion, we will target any data not required to be kept.
  • Restriction: You can ask us to pause or limit the processing of certain data if, for example, you contest its accuracy or have objected to processing (in such cases, we’ll restrict processing while we review your objection).
  • Portability: Where feasible, if you request it, we can provide a copy of personal data you gave us in a structured, commonly used, machine-readable format (for example, a CSV file of information).
  • Objection to Processing: You have the right to object to certain types of processing (like for direct marketing or in some cases where we process on legitimate interests). For direct marketing, you can always opt-out as noted. For other cases, if you object, we will review and comply unless we have compelling legitimate grounds to continue or a legal obligation that overrides your objection.

To exercise any of these rights, please contact us. We will explain any applicable conditions or limitations and assist you accordingly.

9. Complaints and Contact Details

9.1 How to Contact Us with Privacy Questions or Concerns: If you have any questions about this Privacy Policy or how we handle your personal information, or if you wish to make a complaint about a possible breach of privacy laws, please contact us:

Email: hello@dr-ai.online
Postal Mail: Privacy Officer, Dr AI – (Mailing address available on request via email, as our operations are primarily online-based.)

Please provide as much detail as possible about your question or concern. For complaints, specifically outline the circumstances and the privacy principle or aspect you believe has been breached.

9.2 Our Process for Handling Complaints: We take privacy complaints seriously and have a procedure to ensure they are addressed promptly and fairly:

  • We will acknowledge your complaint within a reasonable time (usually within 5 business days) to confirm we’ve received it.
  • Our Privacy Officer (or a designated representative) will review the complaint and may reach out to you for further information or clarification if needed.
  • We will investigate the matter, which might involve reviewing relevant records, speaking to staff involved, and assessing the processes in question.
  • You will receive a written response within a reasonable timeframe, typically within 30 days of our acknowledgement. This response will outline the outcome of our investigation, any steps we have taken or will take to address the issue, and any remedies we propose (if applicable). If we need more time to resolve the issue (due to complexity or external dependencies), we will keep you informed of the delay and likely resolution date.
  • If the complaint reveals a systemic issue or an opportunity for us to improve, we will take action to correct that (such as changing a procedure or providing additional training to staff).

9.3 If You’re Not Satisfied: If you are not satisfied with our response to a privacy complaint, you have the right to escalate the matter. Under Australian law, you can contact the Office of the Australian Information Commissioner (OAIC). The OAIC can investigate privacy complaints and has the authority to resolve them. Contact details for the OAIC are:

Website: https://www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au (for general inquiries)

If you are in a jurisdiction outside Australia, you may have the right to lodge a complaint with your local data protection authority as well (for example, a Data Protection Authority in the EU, or the ICO in the UK). We would appreciate the chance to address your concerns first, but you are within your rights to seek help from regulators at any time.

10. Updates to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in our practices, legal obligations, or the features of our Services. We will not reduce your rights under this Privacy Policy without your consent (where required under law), and we expect most changes will be minor. However, we will highlight any significant changes.

How we notify you of changes:

  • Posting on this Page: We will post the updated Privacy Policy on our website at the same URL. The “Effective Date” at the top will change to the date when the new policy becomes effective.
  • Additional Notice for Material Changes: If we make material changes (for example, we start collecting new types of personal data or we change how we share data in a significant way), we will provide a more prominent notice. This could be an email notification to our registered users or a banner/pop-up on our site informing you of the change. We may also prompt you to review and accept the updated policy if appropriate given the nature of the changes and legal requirements.
  • Your Continued Use: By continuing to use our Services after the Privacy Policy changes take effect, you will be deemed to have accepted the updated terms, unless you inform us otherwise. If you do not agree with a change, you should stop using the Services and can request us to delete your personal information per Section 8.4 (subject to our retention rights). We always provide a way for you to express concerns or ask questions about changes if you need clarification.

We encourage you to check this Privacy Policy periodically to stay informed about how we are protecting your information. For significant changes, we will do our best to bring them to your attention via the methods described.

11. Additional Information

11.1 Third-Party Links: Our website or communications may occasionally contain links to third-party websites or services (for example, an official government site for a grant, or a blog post on AI ethics). This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of external sites. We encourage you to read the privacy policies of any site you visit that collects personal information.

11.2 International Users: As noted, while this Policy is based on Australian law, we aim to uphold high standards globally. If you are using our Services from outside Australia, you consent to your information being handled as described in this policy. We recognize that privacy laws may differ in other countries. We welcome inquiries from users in other jurisdictions so we can clarify our practices and accommodate local requirements as feasible.

11.3 No Guarantee of Error-Free Performance: While we strive to comply with this Privacy Policy and applicable law at all times, human and technical errors can occur. We might inadvertently do something that violates this policy (e.g., send an email reveal that should have been cc’d as bcc’d, etc.). In such cases, we will act as soon as we become aware to correct the error, mitigate any harm, and inform affected parties in line with our obligations. Your understanding and patience are appreciated, and we encourage you to notify us of any potential lapses you notice.

11.4 Relationship to Terms of Service: This Privacy Policy is a separate document from our Terms of Service (ToS). However, they are related. For example, our ToS limit certain liabilities and explain the service-related terms under which we collect and use data. If you’re interested in the contractual terms of using our Services (beyond privacy), please refer to the Terms of Service on our site. In case of a discrepancy regarding data usage or privacy, this Privacy Policy will generally govern how we handle personal information, while the ToS will govern anything not specifically about personal information.

Contact & Acknowledgment: By using Dr AI’s Services or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. We value the trust you place in us to handle your information appropriately. If you have any questions or concerns, the Dr AI Privacy Officer can be reached at hello@dr-ai.online, and is here to help. Thank you for taking the time to acquaint yourself with our privacy practices.