Skip to main content

Privacy Policy

Last updated: 31 March 2026

1. Overview

Acera Labs Pty Ltd ("we", "us") is committed to protecting the privacy of our users and their customers' data. This policy explains how we collect, use, store, and protect personal information in compliance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

2. Information We Collect

Account Information

Name, email address, company name, and billing information provided during registration.

Customer Data (Uploaded by You)

Transaction records, customer profiles, marketing performance data, and other datasets you upload for analysis. This data remains your property.

Usage Data

Log data, feature usage, API call volumes, and session information to improve our service.

3. How We Use Your Information

  • To provide and improve the Platform services
  • To train and run AI models on your data (within your tenant only)
  • To send transactional emails (password resets, alerts, reports)
  • To monitor platform health and security
  • To comply with legal obligations

4. Data Isolation

All customer data is isolated using PostgreSQL Row-Level Security (RLS). Each tenant's data is cryptographically separated. No tenant can access another tenant's data. AI models are trained per-tenant and never share data across tenants.

5. Data Storage and Security

  • All data encrypted at rest using AES-256-GCM with tenant-specific keys
  • All data encrypted in transit using TLS 1.3
  • Infrastructure hosted in Australian data centres where available
  • JWT RS256 authentication with httpOnly secure cookies
  • Full audit trail of all data access and modifications

6. Third-Party Services

We use the following third-party services:

  • Anthropic (Claude API) — for AI agent reasoning. Your data may be sent to Claude for analysis. Anthropic does not train on API inputs.
  • Railway — infrastructure hosting
  • Sentry — error monitoring (no customer data sent)

7. Data Retention

We retain your data for the duration of your subscription plus 30 days. After account closure, all data is permanently deleted within 30 days. Audit logs are retained for 7 years for compliance purposes.

8. Your Rights

Under the Privacy Act 1988, you have the right to:

  • Access your personal information
  • Request correction of inaccurate information
  • Request deletion of your data
  • Export your data in machine-readable format
  • Lodge a complaint with the OAIC

9. Cookies

We use cookies for authentication and analytics. See our Cookie Policy for details.

10. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We will notify you of material changes via email at least 14 days before they take effect.

12. Contact Us

Privacy Officer: privacy@aceralabs.com.au

Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au

Legal Pages

Terms of ServicePrivacy PolicyCookie PolicyAI DisclaimerAcceptable UseAccessibilitySubprocessorsIP & Data OwnershipData Processing AgreementWebsite Terms