Privacy Policy

Introduction

This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We are committed to safeguarding your privacy and ensuring that your personal information is protected.

Scope of this Policy

This Privacy Policy applies to all personal information collected by us, whether online or offline. It covers:

• All personal information collected through our website and services
• Information collected through direct communications
• Information received from third parties
• Information collected through our business operations

Data Collection

We collect personal information only by lawful and fair means. Where reasonable and practicable, we will collect personal information directly from you. If we receive unsolicited personal information and determine that we could not have collected it directly, we will destroy or de-identify the information as soon as practicable.

We collect and store the following types of data to provide and improve our services:

Account Information

• Email Address: Collected during registration or login, associated with your account.
• Password: If you register directly with our site or enable password authentication, your password is securely hashed using modern hashing algorithms and stored in our database.
• User Identifier: A randomly generated identifier associated with your account.

Interaction Data

Chat Component

• Date and Time (UTC): Recorded during each interaction.
• User Identifier: Associated with your account.
• Course and Category Chosen: To tailor the interaction.
• Messages: Both the message you typed and the AI's response.

Manage Courses Component

• Course Name, Short Name, and Description: Information you provide.
• User Identifier: Associated with your account.

Manage Topics Component

• Topic Name and Description: Information you provide.
• User Identifier: Associated with your account.

Manage Prompts Component

• Course and Topic Identifiers: To associate prompts with specific courses and topics.
• Prompt Text and AI Model: Information you provide.
• User Identifier: Associated with your account.

Manage Embeds Component

• Prompt Identifier and Embed Title: Information you provide.
• ZIP Archive and Files: Files you choose to upload.
• User Identifier: Associated with your account.

External Service Providers

When you interact with the "Chat" or "Embed" features, the following data may be sent to external service providers such as Google, OpenAI, Anthropic, or other AI service providers:

• File Contents and File Name: If interacting with the "Embed" feature.
• Chat Message: The message you supply to the "Chat" interface.

As of the date of this policy, 5th December 2024, these AI service providers do not use the data transmitted to them to further train their AI models. However, you should consult the relevant provider to learn more about their data collection and privacy policies. Some providers may store messages or interactions for a duration of time.

Use of Data

We use the data we collect for the following purposes:

• Service Provision: To authenticate and authorize access to different product features.
• Improvement: To enhance our products and services.
• Research: To conduct research using anonymised data not attributable back to any user of our service.
• Moderation and Investigation: To investigate misuse and ensure compliance with our terms of service.
• Legal Obligations: To comply with legal obligations, such as law enforcement requests or court orders.

Data Disclosure

• No Sale of Data: We do not sell your personal data to third parties.
• Legal Compliance: We may disclose your data when legally required to do so, such as in response to a court order or law enforcement request.

Cookies and Analytics

We use cookies and similar technologies to collect data about your interactions with our services. This data is used to analyze and improve our services. You can manage your cookie preferences through your browser settings.

Direct Marketing

If we use or disclose your personal information for direct marketing purposes, we will:

• Allow you to request not to receive direct marketing communications (opt-out)
• Comply with your request to opt-out within a reasonable timeframe
• Provide you with the source of the information upon request, unless it is impracticable or unreasonable to do so
• Only use sensitive information for direct marketing with your explicit consent

Quality of Personal Information

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant to our functions or activities.

Destruction or De-identification

When personal information is no longer needed for the purpose for which it was collected, we will take reasonable steps to destroy or permanently de-identify the information, unless we are required by law to retain it.

Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. These steps include:

• Encryption of data in transit and at rest
• Secure access controls and authentication mechanisms
• Regular security assessments and updates
• Staff training on privacy and data security
• Physical security measures for our premises and systems

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme.

Data Sovereignty

Your data is stored exclusively in Adelaide, Australia. However, it may be transmitted through our Content Delivery Network (CDN) provider, Cloudflare, Inc., which is not based in Australia. We ensure that any transmission of data complies with applicable data protection laws.

Overseas Disclosure

We may disclose personal information to overseas recipients, including to our service providers (such as Cloudflare, Inc. and AI service providers). Before disclosing any personal information to an overseas recipient, we take reasonable steps to ensure that the recipient complies with the APPs or similar privacy protections. By using our services, you consent to this overseas disclosure.

Anonymity and Pseudonymity

Where practicable, you will have the option of not identifying yourself or using a pseudonym when dealing with us. However, this may not be possible for all of our services, particularly where we need to verify your identity to provide specific services.

Government Identifiers

We do not adopt, use or disclose government related identifiers unless permitted by the Privacy Act.

Sensitive Information

We do not collect sensitive information (such as information about your health, religion, political beliefs, or biometric data) unless it is reasonably necessary for our functions and activities and we have your consent, or collection is required by law.

Your Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Know why your personal information is being collected, how it will be used, and who it will be disclosed to
• Access your personal information
• Stop receiving unwanted direct marketing
• Ask for your personal information to be corrected
• Make a complaint if you believe your privacy has been breached

Contact Details

For privacy-related queries, access requests, complaints or any other privacy matters, please contact our Privacy Officer:

• Email: privacy@ellie.sh

We will acknowledge your query or complaint within 7 days and aim to resolve it within 30 days. If we need more time, we will notify you of the reasons for the delay and indicate a new timeline for resolution.

Complaints

If you believe we have breached the Australian Privacy Principles, you can make a complaint by contacting our Privacy Officer at privacy@ellie.sh. We will acknowledge your complaint within 7 days and respond within 30 days. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

Further Information

For more information about privacy rights in Australia, visit the Office of the Australian Information Commissioner's website at www.oaic.gov.au.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will:

• Post the updated policy on our website
• Update the effective date
• Notify you of significant changes via prominent notice on our website
• Obtain your consent where required by law

Effective Date: 5th December 2024

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein. If you do not agree with this Privacy Policy, please do not use our services.