Privacy Policy

We collect the following categories of personal information:

• Account information — facilitator email address, account identifier, and authentication metadata used to sign in and manage workshops.
• Workshop content — live transcripts of what is spoken in the room while a session is active, including utterances attributed to participants and to the AI participant.
• Derived content — interim notes and the structured nine-section synthesis the service generates from the transcript.
• Consent records — confirmation that the consent notice was read aloud, that no participant objected, and the time and identity of the facilitator who confirmed it.
• Audit and usage data — an append-only log of significant events (session start, deletion requests, AI invocations, cost) and basic technical data such as timestamps.

Nothing in the room is transcribed or recorded before the facilitator confirms, on the server-enforced consent gate, that the consent notice was read aloud and no participant objected.

We use personal information only to provide and improve the service, specifically to:

• Authenticate facilitators and secure their accounts.
• Produce live captions, invited spoken contributions, interim sensemaking, and the final synthesis for a workshop.
• Maintain an immutable audit trail for transparency, accountability, and cost control.
• Meet our legal, compliance, and dispute-resolution obligations.

We do not sell personal information, and we do not use workshop content for advertising.

To generate contributions, notes, and synthesis, transcript content is sent to our AI model providers for processing through secure API connections. These providers process the content on our behalf to return a result and under our instructions. Transcript content is treated as data, not instructions, and the service is hardened against prompt-injection attempts.

We also rely on infrastructure and database providers (including hosting and managed Postgres) to store and serve the service. We choose providers that offer appropriate security and contractual protections.

Personal information is stored in a managed database with access controls, and access is restricted to authenticated facilitators for their own workshops and to authorised administrators. We apply reasonable technical and organisational measures to protect information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Some data may be processed or stored outside Australia by our service providers. Where this occurs we take reasonable steps to ensure it is handled consistently with the APPs.

We keep workshop content and derived content for as long as your account is active or as needed to provide the service, subject to the retention settings configured for your workshops. When you request deletion, workshop content is removed and the workshop record is marked deleted.

Audit log entries are retained for seven (7) years to meet legal and accountability requirements, even after related workshop content is deleted.

You may request access to the personal information we hold about you and request that we correct it if it is inaccurate, out of date, or incomplete. Signed-in facilitators can:

• Export their personal information in a portable format. We respond within 30 days, at no charge for reasonable requests.
• Delete a specific workshop or their entire account. Deletion is processed within 5 business days; audit logs are retained for 7 years as described above.

These tools are available from your account. If you are a workshop participant rather than a facilitator and want to access or correct information about you, contact us using the details below and we will respond in line with the APPs.

If you believe we have breached the APPs, contact us first using the details below and we will investigate and respond. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We may update this policy from time to time to reflect changes in our practices or legal obligations. The current version, with its effective date, will always be available on this page.

For privacy questions, access or correction requests, or complaints, contact our Privacy Officer: