We hold your information in trust.

Ardenna is operated by Aeth8er (ABN 11 662 898 642). We handle personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth). This policy explains, in plain language, what we collect, why we collect it, how we use and store it, and the choices you have.

Where this policy and the APPs would differ in your favour, the APPs prevail.

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether it is recorded in a material form or not.

In the course of running Ardenna we may collect personal information including names, contact details (email, phone, postal address), professional information (job title, employer, role), the content of communications you send us, and technical information collected when you use our website or platform (described further below).

We collect personal information directly from you when you:

• contact us through the forms on our website, by email, or by phone
• request a demonstration or trial of our products
• subscribe to updates or marketing communications
• engage with us under a customer or supplier agreement
• apply for a role with us

We may also collect personal information from third parties where you have authorised them to share it with us, or where the information is publicly available (for example, professional information from a company website).

Where Ardenna is deployed for a customer, that customer is the controller of the data inside their environment. Ardenna acts as the processor: we host, secure, and operate the platform on their behalf, but the customer decides what is collected, who can see it, and how long it is kept.

If you are a user of a customer-hosted Ardenna environment and you have questions about your data inside it, contact the customer organisation that operates the environment in the first instance. We can help where the customer asks us to.

When you visit our website we automatically collect technical information such as your IP address, browser and device type, referring URL, pages visited, and approximate location derived from IP. We use this information to operate and improve the site and to detect and respond to abuse.

We use only the cookies and similar storage technologies needed to run the site. We do not run third-party advertising trackers, and we do not sell visitor data.

We use personal information to:

• respond to enquiries and provide the products and services you have requested
• deliver, maintain, and improve our products, including security and reliability
• communicate with you about your account, our products, and changes to our terms
• send you updates and marketing communications where you have agreed to receive them
• comply with our legal and regulatory obligations
• investigate, prevent, and respond to misuse, fraud, or security incidents

Ardenna includes assistive features that summarise, structure, and connect information you put into the platform. These features run only over data you have already provided into the environment, under your customer organisation’s direction.

We do not train shared or public models on customer data. We do not sell, share, or repurpose customer content for any use outside of operating the platform for the customer.

We may disclose personal information to:

• service providers we use to operate Ardenna (for example, hosting, error monitoring, email delivery), under contracts that bind them to confidentiality and to handle data consistently with this policy
• our professional advisers (legal, accounting, audit) where strictly necessary
• a successor entity in connection with a sale, merger, or restructure of our business, with appropriate protections
• government or law enforcement bodies where we are required or permitted by law

We do not sell personal information. We do not disclose personal information to advertisers or data brokers.

Some of the service providers we rely on to operate Ardenna are based overseas or use overseas infrastructure (including, at present, providers operating in the United States and the European Union). Where customer-hosted environments require Australian data residency, we configure those environments to run in Australian regions.

Before disclosing personal information to an overseas recipient we take reasonable steps to ensure that recipient handles the information consistently with the APPs.

We hold personal information in systems protected by access controls, encryption in transit and at rest, monitoring, and routine review. Access is restricted to people who need it to do their job, and access is logged.

We keep personal information for as long as we need it to provide the relevant product or service, to meet our legal obligations, or to resolve disputes. When we no longer need it, we delete it or de-identify it.

We maintain an incident-response process for suspected or actual data breaches. Where a breach is likely to result in serious harm to an individual, we notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

You can ask us for a copy of the personal information we hold about you, or ask us to correct it if you think it is wrong. Contact us at remember@aeth8er.com and we will respond within a reasonable period (generally within 30 days).

We may need to verify your identity before responding. If we decline a request — for example because it would unreasonably affect another person’s privacy — we will explain why.

We will only send you marketing communications where you have given us permission to do so, or where we are otherwise permitted to under the Spam Act. Every marketing email contains an unsubscribe link; you can also email us at any time and we will remove you from our marketing list.

Our website and product may link to third-party websites and services. We are not responsible for the privacy practices of those third parties; their use of your information is governed by their own policies.

If you believe we have breached the Australian Privacy Principles or this policy, write to us at remember@aeth8er.com describing the complaint. We will acknowledge receipt within a reasonable period, investigate, and let you know the outcome.

If you are not satisfied with our response you can contact the Office of the Australian Information Commissioner at oaic.gov.au.

We may update this policy from time to time. The effective date at the top of the policy reflects the most recent change. Where a change is material we will give reasonable notice before it takes effect.

For any questions about this policy or how we handle personal information, contact us at remember@aeth8er.com. You can also write to us care of Aeth8er, ABN 11 662 898 642.