Last updated January 2026
This Privacy Policy applies to all personal information collected by Qiri Pty Ltd (we, us or our) via the website located at www.qiri.ai (Website).
1. What information do we collect?
The kind of Personal Information that we collect from you will depend on how you use the website. The Personal Information which we collect and hold about you may include:
(a) User Credentials:
- Username and Password: When users log in, we store usernames and encrypted passwords to authenticate and manage access to the application. The encryption ensures that the actual passwords are never stored in plain text.
(b) Contact Information:
- Name: Collected when users submit feedback or interact with the application in ways that require personal identification.
- Email Address: Collected for contact preferences and feedback submission. This helps us reach out to users for support, feedback, and updates.
(c) Search Queries:
- Search History: We store users' search queries to improve the application’s performance and user experience. This data helps us understand user needs and optimize search results.
(d) Feedback:
- Feedback Messages: User-provided feedback is stored along with the user's name and email to address any issues or suggestions.
(e) Payment Details:
- Payment Methods: if you have recurring payments made to us, we may securely store your payment method information in a PCI-DSS compliant manner. If you provide one-off payments, we will not store your payment method information.
(f) User Content and Integrated Data
- Uploaded Content: Files, documents, text, and data you upload to the platform for processing.
- Connected Account Data: If you connect third-party accounts (e.g., Google Drive, Notion, Slack) via our API integrations, we collect the metadata and content necessary to generate your Knowledge Twins and search results.
- Knowledge Twin Profiles: If you create a "Knowledge Twin," we collect the profile information you associate with it, including display name, avatar, and expertise tags.
(g) Cookies and Analytics:
- We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. You can instruct your browser to refuse all cookies, but some parts of our Service may not function properly without them. Where required by law, we obtain your consent before placing non-essential cookies and provide you with the ability to manage your cookie preferences.
2. Types of information
The Privacy Act 1988 (Cth) (Privacy Act) defines different types of information, including Personal Information and Sensitive Information.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Information may still be Personal Information even if it does not include your name, where it can reasonably be linked to you (for example, through identifiers, account details, device information, or usage data).
Sensitive Information is a category of Personal Information and is defined in the Privacy Act to include information or an opinion about matters such as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, or health information.
We do not seek to collect Sensitive Information. Where we collect Sensitive Information, we will handle it in accordance with the Privacy Act, including only using or disclosing it where you have consented or where otherwise permitted or required by law.
3. How we collect your Personal Information
(a) We may collect Personal Information from you whenever you input such information into the Website, related app or provide it to Us in any other way.
(b) We may also collect cookies from your computer which enable us to tell when you use the Website and help customise your experience. While session cookies are generally anonymous, authentication cookies used when you are logged in will identify you to our servers to maintain your secure session.
(c) We generally don’t collect Sensitive Information, but when we do, we will comply with the preceding paragraph.
(d) Where reasonable and practicable we collect your Personal Information from you only. However, sometimes we may be given information from a third party, in cases like this we will take steps to make you aware of the information that was provided by a third party. In cases where we may receive personal information about you from third parties, including integrated services, payment providers, analytics providers, or other users who share content with you we will handle such information in accordance with this Privacy Policy and applicable law.
4. Purpose of collection
(a) We collect Personal Information to provide you with the best service experience possible on the Website and keep in touch with you about developments in our business.
(b) Knowledge Twin Visibility and Directory:
Public Twins: If you elect to make your Knowledge Twin "Public," you consent to the full disclosure of your Twin's profile and its AI responses to other users. Knowledge Twins are public by default unless you change your visibility settings
Private Twins: If you elect to make your Knowledge Twin "Private," its internal knowledge and AI responses remain hidden. However, you acknowledge that limited profile information (including your Display Name, Avatar, and Areas of Expertise) will still be visible in the Qiri directory to enable other users to discover you.
(c) We customarily only disclose Personal Information to our service providers who assist us in operating the Website. Your Personal Information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.
(d) By using our Website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from us. We do not use sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature, such as an unsubscribe button link.
(e) AI and Machine Learning Improvement: To develop, train, tune, and improve our artificial intelligence models and algorithms. We generally perform this using de-identified and aggregated data so that it does not identify any specific individual.
(f) Providing AI Outputs: To process your inputs through our AI models (and third-party AI providers) to generate the answers, summaries, and content you request.
(g) Qiri does not use automated decision-making that produces legal or similarly significant effects on individuals within the meaning of Article 22 of the GDPR.
5. Security, Access and correction
(a) Retention: We keep your Personal Information only as long as necessary. User Content: Deleted from active systems approximately 60 days after the termination of your service, subject to our backup cycles. Financial/Legal Records: Retained for up to 7 years to fulfill our legal record-keeping obligations (e.g., for the ATO).
(b) Authentication and Security: User credentials are used to authenticate users and secure access to the application.
(c) Encrypted Storage: All user credentials are stored in an encrypted format to ensure security and confidentiality.
(d) Feedback Data: Feedback data is stored in secure databases. Access to this data is restricted to authorized personnel only for the purpose of product improvement.
(e) Third-Party AI Processors: To provide the Service, we may transmit your input data to trusted third-party artificial intelligence providers (e.g., Large Language Model providers) for processing. We ensure these providers adhere to strict confidentiality and security standards and do not use your data to train their public models without your consent.
(f) The Australian Privacy Principles:
(i)permit you to obtain access to the Personal Information we hold about you in certain circumstances (Australian Privacy Principle 12); and
(ii) allow you to correct inaccurate Personal Information subject to certain exceptions (Australian Privacy Principle 13).
(g) Where you would like to obtain such access, please contact us in writing on the contact details set out at the bottom of this privacy policy.
(h) In the event of a data breach that is likely to result in serious harm, we will comply with our obligations under the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), including notifying affected individuals and the Office of the Australian Information Commissioner where required.
6. Complaint procedure
If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us as on the contact details set out at the bottom of this policy. All complaints will be considered by an Executive of Qiri responsible for complaints and privacy compliance and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.
7. Overseas transfer
To provide the AI services, your Personal Information and User Content may be transferred to and processed in countries outside of Australia (including the United States) where our third-party AI model providers and cloud servers are located.
While these jurisdictions may have different privacy laws, we take reasonable steps to ensure your data remains protected, including by entering into Data Processing Agreements (DPAs) with our sub-processors that align with Australian privacy standards. By using the Services, you consent to this necessary transfer.
8. GDPR
In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. Where this is the case, there may be additional rights and remedies available to you under the GDPR if your Personal Information is handled in a manner inconsistent with that law.
Where the GDPR applies, we process personal information only where we have a lawful basis to do so. Depending on the circumstances, this may include:
(a) Performance of a contract – where processing is necessary to provide the Qiri services or perform obligations under our Software User Terms;
(b) Consent – where you have given explicit consent, including for optional features, communications, or participation in research and testing;
(c)Legitimate interests – where processing is necessary for our legitimate business interests (such as improving the platform, security, analytics, and fraud prevention), provided those interests do not override your rights; and
(d) Legal obligations – where processing is required to comply with applicable laws or regulatory requirements.
9. Your rights under GDPR
If you are located in the European Economic Area, United Kingdom, or another jurisdiction with similar data protection laws, you have the right to:
(a) Request access to personal information we hold about you;
(b) Request correction of inaccurate or incomplete personal information;
(c) Request deletion of your personal information, subject to legal obligations;
(d) Object to or request restriction of certain processing activities;
(e) Request data portability in a structured, commonly used format;
(f) Withdraw consent at any time where processing is based on consent; and
(g) Lodge a complaint with a relevant data protection authority.
You may exercise these rights by contacting us using the details set out below. We may need to verify your identity before responding.
10. Children's Privacy
Our Services are not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we take steps to remove that information from our servers.
11. Enterprise / Workplace Accounts
Where you access Qiri through an organisation, that organisation may be the ‘controller’ of your Personal Information and Qiri may act as a ‘processor’ on its instructions, in accordance with applicable agreements. In such cases, requests to access, correct, or delete Personal Information should be directed to your organisation.
Except where Qiri acts as a processor on behalf of an organisation, Qiri Pty Ltd is the controller of personal information collected through the Services.
12. Changes to this Privacy Policy
We may make changes to this Privacy Policy from time to time. Notice of such changes will be communicated to you by the login page or other communication methods. When we do, we will update the “Last Updated” date.
13. How to contact us about privacy
If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: hello@qiri.ai.
