Privacy Policy

Last Updated: 15/02/2026

1. Introduction

Australia Natural Science Foundation Pty Ltd (ACN: 692 784 599, ABN: 43 692 784 599) ("we", "us", or "our") operates the 国自然写作助手 service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and applicable NDIS data handling requirements, including the NDIS Code of Conduct's requirement to respect privacy.

By using our Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

Collection Notice: We collect personal information directly from you. We will take reasonable steps to notify you of the purposes for collection at or before the time of collection (e.g., via this Policy or in-Service notices). This section explains what information we collect and why.

2.1 Information You Provide

• Account Information: Email address and password when you register
• Session Notes: The raw notes you input for AI processing, which may contain sensitive health information about NDIS participants
• Payment Information: Processed securely by Stripe; we do not store your card details on our servers
• Communication Data: Any correspondence you send to us

2.2 Automatically Collected Information

• Usage Data: How you interact with the Service, features used, timestamps
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies necessary for the Service to function

3. Sensitive Health Information

Important: The session notes you input may contain sensitive health information about NDIS participants. We treat all such information as strictly confidential.

Sensitive information (including health information) is only collected with your consent (implied by your submission for legitimate NDIS documentation purposes) or as otherwise authorised by law under the Privacy Act 1988.

By using this Service, you confirm that:

• You are authorised to process the participant information you input
• You have obtained any necessary consents from participants (where required)
• You will comply with your own privacy obligations under the NDIS Code of Conduct

4. How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Process your AI draft generation requests
• Manage your account and credits
• Process payments and prevent fraud
• Send important service notifications
• Improve and optimise the Service
• Respond to your enquiries and support requests
• Comply with legal obligations

We do not use your personal data or session notes to train AI models.

5. Data Processing and AI

5.1 AI Processing

When you submit notes for processing:

• Your input is sent to Amazon Web Services (AWS) Bedrock AI service
• Processing occurs in the AWS Asia Pacific (Sydney) region within Australia
• We do not use your data to train AI models
• Generated drafts are delivered to you and are not permanently stored on our servers

5.2 Data Storage Location

Your data is processed and stored within Australia (AWS Sydney region, ap-southeast-2). We do not transfer your personal data or session notes outside of Australia unless required by law or with your explicit consent.

5.3 Data Retention

• Account Data: Retained while your account is active and for a reasonable period thereafter
• Session Notes: Temporarily processed and not retained after output delivery
• Usage Logs: Retained for 12 months for analytics and security purposes
• Transaction Records: Retained for 7 years as required by Australian tax law

6. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

• Service Providers: AWS (AI processing, Sydney region), Stripe (payment processing), and essential hosting services—all bound by confidentiality obligations
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice to you)

7. Data Security

We implement appropriate technical and organisational measures to protect your information:

• Encrypted data transmission (HTTPS/TLS)
• Secure password hashing
• Access controls and authentication
• Regular security assessments
• AWS infrastructure security (ISO 27001 certified)

Important: While we employ industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Data Breach Notification: In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988.

8. Your Rights

Under Australian privacy law, you have the right to:

• Access: Request access to your personal information we hold
• Correction: Request correction of inaccurate or outdated information
• Deletion: Request deletion of your account and associated data
• Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

We will delete your personal information upon request where possible, except where retention is required by law (e.g., tax records for 7 years) or for legitimate business purposes (e.g., fraud prevention).

To exercise these rights, please contact us at privacy@ansf.com.au. We will respond to your request within 30 days.

9. Cookies

We use essential cookies for:

• Session management and authentication
• Security and fraud prevention
• Remembering your preferences

These cookies are necessary for the Service to function and cannot be disabled. We do not use tracking or advertising cookies.

10. Third-Party Services

Our Service integrates with:

• Amazon Web Services (AWS): Cloud infrastructure and AI services, data processed in Sydney region. AWS Privacy Policy
• Stripe: Payment processing. Stripe Privacy Policy
• Google: Optional sign-in authentication. Google Privacy Policy

11. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. NDIS Compliance

If you are an NDIS registered provider, you have your own privacy obligations under the NDIS Code of Conduct and Privacy Act. Our Service is a tool to assist you, but you remain responsible for:

• Ensuring you have appropriate authority to input participant information
• Reviewing and verifying all generated drafts before use
• Complying with your own privacy policies and NDIS requirements
• Maintaining appropriate records as required by NDIS

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service. The "Last Updated" date at the top indicates when the policy was last revised. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related enquiries or to exercise your rights:

Privacy Officer
Australia Natural Science Foundation Pty Ltd
ACN: 692 784 599 | ABN: 43 692 784 599
Address: 470 St Kilda Road, Melbourne VIC 3004, Australia
Email: privacy@ansf.com.au
Website: https://ndis.ansf.com.au

15. Complaints

If you are not satisfied with our response to a privacy concern, you may contact:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Address: GPO Box 5218, Sydney NSW 2001