Abilitix Privacy Policy

Last updated: 7 January 2026

1. About This Privacy Policy

Abilitix (“we”, “us”, “our”) is committed to safeguarding your privacy and the security of your data. This policy explains how we collect, use, store, disclose, and protect your personal information when you use our website and platform. We adhere to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and, where applicable, the General Data Protection Regulation (GDPR).

2. What Data Do We Collect?

  • Account information: Name, email address, company name, phone number, and login credentials.
  • Uploaded content: Documents, files, knowledge base entries, and metadata you provide for ingestion.
  • Usage data: How you interact with our platform, feature usage, device type, browser, and IP address.
  • Communications: Support requests, feedback, or any communications with us.
  • Cookies & analytics: As explained in our Cookie Policy.

3. How Do We Use Your Data?

  • To provide, operate, and maintain the Abilitix platform.
  • To manage your account, authentication, and support requests.
  • To analyze usage trends for product improvement and troubleshooting.
  • To communicate service updates, security alerts, and legal notices.
  • For billing and subscription management.

4. Who Has Access to Your Data?

  • Tenant Isolation: Your uploaded content is isolated to your tenant. It is not shared with other customers.
  • Staff Access: Only authorized Abilitix staff, contractors, and service providers with a strict need-to-know basis access data to perform their duties (e.g., technical support).
  • No Sale of Data: We do not sell or rent your data to third parties.
  • Subprocessors: We use trusted third-party service providers to support our infrastructure. A list of current subprocessors is available upon request.
  • Legal: Data may be disclosed if required by law or to protect our legal rights.

5. Where Is Your Data Stored?

Your data is stored on secure cloud infrastructure provided by trusted vendors (including AWS-based providers such as Supabase), primarily located in Australia. Some processing may occur in other jurisdictions via trusted subprocessors, subject to contractual privacy safeguards. We use industry-standard encryption to protect your data both in transit and at rest.

6. PII Handling & Redaction

Our platform includes features designed to automatically detect and redact Personally Identifiable Information (PII) such as phone numbers and financial data before ingestion into the Knowledge Base. While we strive to minimize PII retention, we cannot guarantee the removal of all unstructured PII embedded in your uploaded documents. Customers remain responsible for ensuring they do not upload sensitive personal data unless required for their use case.

7. Data Retention and Deletion

We retain personal and uploaded data only as long as necessary to fulfill the purposes outlined in this policy or as required by law.

  • Deletion: You can request deletion of your data at any time by contacting us at privacy@abilitix.com.au.
  • Termination: Upon account termination, your tenant data will be securely deleted or anonymized within 30 days, subject to legal retention obligations.

8. Your Rights

  • The right to access, update, or correct your information.
  • The right to request deletion of your personal data.
  • The right to object to or restrict certain processing.
  • The right to data portability (export of Q&A or uploaded documents).
  • Complaints: You have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local data protection authority.

9. Legal Bases for Processing

We process data based on: (a) your consent, (b) performance of a contract (delivering the service), (c) compliance with legal obligations, and (d) legitimate interests (improving services and security).

10. Use of AI Models

When you interact with Ask Abilitix, your content is processed by Large Language Models (LLMs) via enterprise APIs.

  • Zero Training: These providers do not use your data to train their public models.
  • Logs: We log system interactions for debugging and quality assurance. Logs are limited to operational metadata and do not intentionally store full document contents or sensitive personal data. These logs are retained for a limited period and accessible only to engineering staff for troubleshooting.

11. Cookies and Tracking

We use cookies and tracking tools to enhance your user experience. Please refer to our Cookie Policy for details.

12. Data Security

We implement industry-standard security measures, including encryption, secure access controls (RBAC), and regular vulnerability assessments. In the unlikely event of a data breach, we will notify affected users and regulators (including the OAIC where applicable) within legally required timeframes (typically 72 hours).

13. Children’s Data

Our services are B2B and not directed to children under 16. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this policy from time to time. Material changes will be notified to you via email or dashboard notification.

15. Contact Us

If you have any questions, requests, or complaints about your privacy, please email privacy@abilitix.com.au. For security concerns, please email security@abilitix.com.au.

Connect With Us
Connect With Us