Legal

Privacy Policy

📅 Last updated: 1 April 2025 ✅ Effective: 1 April 2025 🇦🇺 Privacy Act 1988 (Cth) Compliant
Table of Contents
  1. Data Controller
  2. Personal Information We Collect
  3. How We Use Your Information
  4. Disclosure to Third Parties
  5. Overseas Transfers
  6. Data Retention
  7. Security
  8. Your Privacy Rights
  9. Cookies & Tracking
  10. Children's Privacy
  11. Changes to this Policy
  12. Complaints & Contact
🛡️
Australian Privacy Act Compliance

This Privacy Policy is prepared in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. We are committed to protecting your personal information and upholding your rights as an individual.

01 Data Controller

ClearAd Pty Ltd is the entity responsible for the personal information collected through this platform.

Privacy Officer: [email protected]

02 Personal Information We Collect

We collect personal information that is reasonably necessary to provide the Service (APP 3 — Collection of Solicited Personal Information):

2.1 Account Information

  • Full name and email address (required for registration)
  • Password (stored as bcrypt hash — never in plain text)
  • Business / clinic name and health specialty (optional)

2.2 Transactional Information

  • Subscription plan and billing history (processed by Paddle; we never store card numbers)
  • Check usage records (type, timestamp, risk score — no raw content retained)

2.3 Technical Information

  • IP address, browser type, and device type (security and fraud prevention)
  • Session tokens (browser localStorage only — no persistent tracking cookies)

2.4 Uploaded Content

Images, videos, text, or URLs submitted for compliance checking are processed in memory by the AI engine and permanently deleted immediately after analysis. This content is not stored, indexed, or used for AI model training without your explicit consent.

03 How We Use Your Information

Under APP 6 (Use or Disclosure of Personal Information), we use personal information only for the purposes for which it was collected or for directly related purposes:

PurposeLegal Basis (APP)
Account creation and authenticationAPP 3 — Collection; Consent
Providing AI compliance checking serviceAPP 6 — Primary purpose of collection
Processing subscription paymentsAPP 6 — Directly related purpose
Sending transactional emails (receipts, verification)APP 6 — Directly related purpose
Service improvement via aggregated analyticsAPP 6 — Legitimate interests (anonymised)
Fraud detection and abuse preventionAPP 6 — Legitimate interests / Legal obligation
Compliance with court orders or regulatory requestsAPP 6 — Required or authorised by law

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

04 Disclosure to Third Parties

We disclose personal information to the following third-party service providers who assist in delivering the Service (APP 6):

Cloudflare (Pages / D1)
Privacy Policy ↗
Platform hosting and database storage
📍 Global CDN; data stored in Asia-Pacific region
OpenAI API
Privacy Policy ↗
AI-powered compliance analysis engine
📍 United States (SOC 2 Type II certified)
Paddle.com Market Limited
Privacy Policy ↗
Payment processing and subscription management
📍 United Kingdom (UK GDPR compliant)
Resend
Privacy Policy ↗
Transactional email delivery
📍 United States

We do not disclose your personal information to any other third party except where required by Australian law or court order.

05 Overseas Transfers

Under APP 8, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that recipient does not breach the APPs. Our service providers listed above either:

  • Operate under frameworks that provide substantially similar protection to the APPs (e.g., EU GDPR, UK GDPR, SOC 2); or
  • Are contractually bound to protect your information in accordance with the APPs.

By using our Service, you consent to the overseas transfer of your personal information as described above.

06 Data Retention

Data TypeRetention Period
Account informationDuration of account + 7 years (tax records)
Check usage records (type, timestamp, score)Duration of account + 3 years
Uploaded content (images, video, text, URL)Deleted immediately after analysis
Payment records7 years (Australian tax law requirement)
Security logs (IP, access events)90 days rolling

Upon account deletion, all personal information is permanently purged within 30 days, except where retention is required by law.

07 Security

We implement reasonable technical and organisational measures to protect your personal information (APP 11):

  • Passwords stored as bcrypt hashes (never plain text)
  • All data in transit encrypted via TLS 1.3
  • Database access restricted to application layer only
  • Session tokens stored in browser localStorage with no server-side persistence
  • Regular security reviews and vulnerability assessments

In the event of an eligible data breach, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

08 Your Privacy Rights

🔍
Right of Access (APP 12)
Request access to personal information we hold about you. We will respond within 30 days.
✏️
Right to Correction (APP 13)
Request correction of inaccurate, incomplete, or outdated personal information.
🗑️
Right to Deletion
Request deletion of your account and associated personal information (subject to legal retention requirements).
📦
Data Portability
Request a copy of your account data in a structured, machine-readable format (CSV or JSON).
🚫
Opt-Out of Marketing
Unsubscribe from marketing emails at any time via the link in any marketing email or by contacting us.
⚠️
Restrict Processing
Request that we restrict processing of your data in certain circumstances while a complaint is under review.

To exercise any of these rights, contact [email protected]. We may require identity verification before processing your request.

09 Cookies & Tracking

We do not use persistent tracking cookies or third-party advertising cookies. We use only:

  • localStorage — for session tokens and user preferences (client-side only)
  • Cloudflare analytics — aggregated, anonymised page-view data (no personal identification)

No cross-site tracking, behavioural advertising, or sale of browsing data occurs on this platform.

10 Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information to us, contact [email protected] and we will promptly delete that information.

11 Changes to this Policy

We may update this Privacy Policy periodically. For material changes, we will notify you via email or in-app notification at least 14 days before the changes take effect. The date at the top of this page reflects the most recent revision.

12 Complaints & Contact

If you have concerns about how we handle your personal information, please:

  1. Contact our Privacy Officer at [email protected] — we will respond within 30 days;
  2. If your concern is not resolved, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

ClearAd Pty Ltd
Sydney, New South Wales, Australia
Privacy Officer: [email protected]

Terms of Service → Refund Policy → Contact Us →