Cenaris Privacy Policy

Last updated: 29/12/2025

This Privacy Policy applies to all users of the Cenaris platform ("Platform"), which is operated by Cenaris Pty Ltd ("we", "our", "us").

1. Our Commitment to Privacy

Cenaris is committed to protecting personal information in accordance with:

  • the Privacy Act 1988 (Cth); and
  • the Australian Privacy Principles (APPs).

We take privacy seriously and aim to ensure that your information is handled with care, transparency, and in compliance with Australian law.

2. Information We Collect

We collect personal and organisational information required to operate and improve our Platform. This may include:

  • Account details: name, email address, organisation, role, and contact preferences
  • Uploaded documents and associated metadata
  • Usage data: IP address, browser type, login activity, and system logs
  • Support interactions and user feedback

Sensitive information:
We do not actively request or process health or other sensitive personal information. However, such information may be uploaded by users in documents or inputs. Where this occurs, we treat it in accordance with this policy and applicable laws.

3. How We Use Information

We use personal information to:

  • Provide and maintain access to the Platform
  • Process documents and perform automated analysis at your direction
  • Respond to support requests and technical issues
  • Monitor system performance, improve functionality, and ensure security
  • Comply with legal, regulatory, or contractual obligations

4. AI and Automated Processing

Cenaris uses automated tools, including AI-assisted algorithms, to support document review and compliance analysis. These tools:

  • Assist with classification, scoring, and gap analysis
  • Operate under user direction
  • Do not make binding or legal decisions
  • Are not a substitute for professional or regulatory judgement

5. Data Storage and Security

Your data is stored on secure Australian cloud infrastructure with:

  • Encryption at rest and in transit
  • Role-based access controls
  • Audit logging and intrusion detection

We take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure.

6. Data Location and Transfers

Cenaris prioritises hosting and processing within Australia (primarily Sydney).

If we engage third-party service providers (e.g., infrastructure or analytics tools), we ensure they:

  • Operate under contractual and technical safeguards, and
  • Comply with Australian privacy law or equivalent protections

We do not transfer data outside of Australia unless explicitly permitted or required by law.

7. Disclosure of Information

We do not sell or rent personal information.

We may disclose information:

  • To trusted service providers who assist in Platform delivery (e.g., cloud hosting, security providers)
  • If required by law, court order, or legal process
  • With your explicit consent or under your instruction

All third-party disclosures are subject to confidentiality and data protection obligations.

8. Access and Correction

You may request access to personal information we hold about you, or request correction of inaccurate or outdated information.

Contact us at: info@cenaris.com.au

We will respond within a reasonable timeframe, usually within 30 days.

9. Data Retention

We retain personal and organisational data:

  • Only as long as needed to deliver the Platform and meet legal obligations
  • After this, information is securely deleted or de-identified using industry-standard practices

Retention periods may vary based on data type, risk level, and legal or contractual requirements.

10. Complaints and Contact

If you have concerns about how your data is handled, you may contact us in writing at:

info@cenaris.com.au

We will investigate and respond to all complaints in a timely manner.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) via www.oaic.gov.au.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

If material changes are made, we will notify users via the Platform or registered contact details.

Continued use of the Platform after changes are published constitutes acceptance of the revised policy.

Related documents: Terms and Conditions · Disclaimer