Trellis Data Logo

PRIVACY POLICY

PRIVACY POLICY

Updated 28 April 2026

We at Trellis Data are passionate about keeping your information safe and respecting your ownership of it. This privacy policy explains how we collect, use, store and protect the data you share with us in line with the Australian Privacy Principles (APPs) and, where applicable, the EU GDPR.

We are committed to protecting your privacy. We provide this privacy policy under the Privacy Act 1988 (Cth) to provide you with details about our practices in relation to the collection, use, disclosure and handling of Personal Information.

1. Privacy Policy

1.1 This Privacy Policy is governed by the Australian Privacy Principles under the Privacy Act 1988 (Cth) and where we obtain Personal Information from a citizen of a member state of the European Union, the EU General Data Protection Regulation (Regulation (EU) 2016/679).

2. Collection of Personal Information

2.1 We collect Personal Information when you:

  • (a) subscribe to our mailing list;
  • (b) enter our competitions or promotions; or
  • (c) apply for positions with us, or when you act as a contractor for us.

2.2 For your AI-powered platform we also collect:

  • (a) User prompts you type into the system;
  • (b) AI-generated responses returned to you;
  • (c) Documents you upload to the platform; and
  • (d) Documents and other outputs you create using our tools.

These items are treated as Customer Data and are covered by the same protections outlined below.

2.3 We collect Personal Information to:

  • (a) improve our products and services;
  • (b) deliver the AI product and/or service you have subscribed to or otherwise consume;
  • (c) communicate with you;
  • (d) offer you promotional product or market our product that you are interested in;
  • (e) keep a record of your order for refund or exchange;
  • (f) maintain our customer database;
  • (g) investigate complaints or potential breaches of our terms;
  • (h) verify your identity;
  • (i) comply with the law; and
  • (l) any other purposes that are reasonably related to the above.

2.4 We collect and hold the following types of Personal Information:

  • (a) Contact details (name, business name, phone number, address, email)
  • (b) Optional demographic information that you consent to provide (including interests, gender, age); and
  • (c) Survey responses that you submit voluntarily.

2.5 We will only collect your Personal Information using fair and lawful means.

2.6 We do not collect an individual's payment information for any reason.

2.7 If we receive unsolicited Personal Information, we may destroy it or ensure that it is de-identified if it is lawful and reasonable to do so.

3. Consent, Withdrawal, and Right to Erasure

3.1 Providing your Personal Information is required to deliver the goods and services you request.

3.2 You may withdraw consent or request erasure at any time by contacting us.

  • (a) Withdrawal of consent limits further processing but does not delete existing data until the request is acted on.
  • (b) A request for erasure (the "Right to be Forgotten") will be honoured when any of the following conditions are met:
    • (i) the Personal Information provided is no longer necessary in relation to the purpose of collection;
    • (ii) you have withdrawn your consent for us to hold your Personal Information;
    • (iii) the legal retention period for holding your Personal Information has expired;
    • (iv) you object to the use of your Personal Information; or
    • (v) the processing of your Personal Information was not in accordance with the EU GDPR.

3.3 We will mark the relevant records as "restricted" while your request is being processed and will complete the action as soon as practicable.

4. Not Used

5. Cookies

5.1 We may, from time to time, use 'cookies' which are small data files placed on your machine or device to store information.

5.2 We use cookies in many ways including:

  • (a) authentication cookies that monitor whether you are logged in or not;
  • (b) session cookies that allow you to remain logged in and keep track of your activities until the browser shuts down;
  • (c) persistent cookies that help us monitor our services by recording your browser activities and they do not expire upon browser shut down; and
  • (d) flash cookies to personalise your experience.

5.3 We use cookies for many reasons including but not limited to:

  • (a) improve the performance by reporting any errors that occur;
  • (b) provide statistics about how the Website is used;
  • (c) remember settings that you used on our Website;
  • (d) identify that you are logged into the Website;
  • (e) link to social networks like Facebook and Twitter; and
  • (f) provide ads that are tailored to you.

5.4 Although cookies may contain an IP address, we treat the address as pseudonymous and store it only in aggregated form for analytics.

5.5 Where tracking cookies are used, we will obtain your informed consent before setting them, except where a cookie is strictly necessary for the delivery of the service.

5.6 You may disable and delete cookies in your browser if you do not want us to use cookies but doing so may detract from your enjoyment of our Website.

Use of Google Analytics & Google Signals

5.7 Our website uses Google Analytics 4, including Google Signals, to help us understand how visitors use our site and to deliver more relevant advertising.

5.8 Google Signals enables Google Analytics to collect additional information from users who are signed into their Google accounts and have turned on ad personalisation. This may include cross-device data, demographics, and interests information.

5.9 Data collected through Google Analytics may be used by Google to personalise ads for you on Google services. We do not receive any personally identifiable information from Google.

5.10 You can opt out of Google Analytics advertising features, including Google Signals, by adjusting your Google Ads settings or installing the Google Analytics opt-out browser add-on.

6. Security

6.1 All Customer Data – including prompts, AI responses, uploaded and generated documents – is encrypted at rest and in transit with US Defence-Grade (AES-256 GCM) encryption leveraging cryptographic modules at the level of FIPS 140-3.

6.2 Our infrastructure is hosted solely in Australia, giving the data Australian sovereign control and ensuring it is subject to Australian privacy and data-governance laws.

6.3 We employ firewalls, antivirus, intrusion-detection, regular security-audit hardening and continuous monitoring to safeguard the confidentiality, integrity and availability of your information.

7. Anonymity and Pseudonymity

7.1 You may interact anonymously or by using a pseudonym, for example when you:

  • (a) call us;
  • (b) use our online forms;
  • (c) email us,

and you may refuse to give your details.

7.2 You must provide your Personal Information when you:

  • (a) sign up for a mailing list;
  • (b) lodge a complaint; and
  • (c) are required to provide Personal Information under the law.

8. Disclosure of Personal Information

8.1 We only disclose Personal Information where the purpose is reasonably related to our business.

8.2 We never sell, licence or otherwise commercialise any Customer Data (refer to section 15 for more details).

8.3 We may share Personal Information with third-party service providers (e.g. cloud hosting, backup, monitoring) solely to operate the platform. These providers are bound by contracts that reflect the APPs and GDPR.

8.4 We may also disclose your Personal Information:

  • (a) to provide the service you have requested;
  • (b) comply with legal obligations or protect our legal rights; or
  • (c) with your explicit consent.

8.5 Any overseas disclosure is subject to comparable privacy safeguards.

9. Retention of Personal Information and Customer Data

9.1 Personal Information held by us is retained until:

  • (a) such time as we deem this Personal Information to no longer be active, timely or correct (Inactive Personal Information); or
  • (b) you withdraw your consent to us holding your Personal Information.

9.2 Personal Information held by us may undergo review to ascertain whether Personal Information can be classified as Inactive Personal Information. This type of review will take place from time to time, at our reasonable discretion.

9.3 Inactive Personal Information is then deleted after it is no longer required/necessary to be held. Personal Information that is relevant to a pending complaint or breach investigation shall not be deleted until the matter is resolved, but will be deleted as soon as practical after resolution of any outstanding matters.

9.4 Other types of information (i.e. order number, order date etc) relating to a transaction with us is kept for the statutory required period of time for record keeping.

9.5 Your Customer Data remains with us as long as you hold an active subscription, contract or other pre-agreed arrangement with us. Refer to clause 15 for additional information.

9.6 When you request deletion of Customer Data, we permanently erase the data from our live systems and do not retain backup copies.

9.7 Inactive or obsolete Customer Data that is no longer required for any purpose is removed in accordance with your instructions or the statutory retention periods for transaction records.

10. Direct Marketing to You

10.1 We will not send you unsolicited commercial electronic messages in contravention of the Spam Act 2003 (Cth).

10.2 We may use the non-sensitive information you gave us for the purpose of promoting and marketing our products and services to you if we:

  • (a) use the information that you reasonably expected us to use for promoting and marketing our products and services to you; and
  • (b) provide you a simple method to opt-out.

10.3 We will not contact you to promote or market our products and services if you requested us not to.

11. Accessing and Correcting Your Personal Information

Accessing Your Personal Information

11.1 You may request access to your Personal Information that we hold and we will:

  • (a) verify your identity;
  • (b) may charge a reasonable fee to cover the direct costs of providing access, in accordance with the APP. No fee will be charged for the request itself; and
  • (c) within a reasonable period of time, comply with your request.

11.2 We may refuse to allow you to access your Personal Information if we are not required to do so under the Australian Privacy Principles.

Correcting Your Information

11.3 You may request to correct your Personal Information that we hold and we will update your Personal Information so that it is up-to-date, accurate, complete, relevant and not misleading.

11.4 Members of our Website may change their details online.

How to Contact Us

11.5 If you would like to access or correct your Personal Information, please contact us by email: [email protected]

12. Complaints

12.1 If you believe we breached the Australian Privacy Principles under the Privacy Act 1988 (Cth) or a registered Australian Privacy Principles Code, or the EU GDPR you may lodge a complaint as follows:

  • (a) firstly, contact us in writing to the email or postal address in clause 11.5 and include the following in your complaint:
    • (i) your contact details;
    • (ii) section or provision of the Australian Privacy Principles or Code or EU GDPR that you believe we breached; and
    • (iii) our practice or policy that you believe breaches the relevant Australian Privacy Principle or Code,
  • (b) and you must allow us a reasonable time (up to 30 days) to reply to your complaint; and
  • (c) secondly, you may complain to the Office of the Australian Information Commissioner if:
    • (i) you are not satisfied with our response; or
    • (ii) we do not respond to you within a reasonable time without sufficient explanation.

13. Personal Information Breach

13.1 In the unlikely event of a breach of privacy:

  • (a) we employ practices to notify the relevant bodies under the Privacy Act 1988 (Cth) and the EU GDPR within the required timeframes.
  • (b) We will notify you as soon as practicable (no later than 30 days) if the breach is likely to result in serious harm to you.

14. Definitions and Interpretation

14.1 Unless contrary intention appears:

  • (a) Australian Privacy Principles means the principles under Schedule 1 of the Privacy Act 1988 (Cth).
  • (b) Customer Data is a subset of Personal Information specific to the AI platform. It is defined in detail in section 2.2.
  • (c) Personal Information means personal information as defined under Privacy Act 1988 (Cth).
  • (d) Sensitive Information means sensitive information as defined under Privacy Act 1988 (Cth).
  • (e) We (whether in capitals or not) means Trellis Data Pty Ltd.
  • (f) Website means any current or future websites we create, which may be amended from time to time.
  • (g) You (whether in capitals or not) means the user of our Website and Products, and Your and Yours have corresponding meanings.

14.2 The word 'include' is used without any limitation.

15. Key AI-Specific Guarantees

15.1 No Use of Customer Data for AI Training – We never use any Customer Data (prompts, responses, uploaded or generated documents) to train, improve or fine-tune our underlying AI models. When using our Internal Protected Models, you can be assured your data will not be added to a future AI model.

15.2 No Human Viewing of Customer Data – Our staff do not view, access, copy, or otherwise act upon your data unless you explicitly request assistance (e.g., support tickets). In such cases, access is logged, limited in scope and performed under strict confidentiality.

15.3 Data Ownership – All Customer Data remains your property. We act only as a processor on your behalf, following your instructions regarding storage, retention and deletion.

15.4 No Backups Retained After Deletion – When you delete data, both the primary store and any temporary backup copies are permanently removed as soon as practical (usually within 24 hours).

15.5 Sovereign Australian Hosting – All AI services and Customer Data are hosted on Australia-based data centres that comply with Australian Government-Level security standards.

Questions? Please email [email protected]