Privacy Policy

1. Introduction

Verteq Pty Ltd (trading as Anchor Compliance) (ABN 27 657 435 615) ("Anchor", "we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered marketing compliance platform (the "Service").

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy should be read in conjunction with our Terms of Service.

By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using the Service, including:

• Account Information: Name, email address, password, and other registration details
• Organisation Information: Business name, industry, website URL, team size, and business contact details
• Content for Analysis: Marketing content, including text, images, PDFs, and website URLs submitted for compliance checking
• Brand Information: Brand assets, logos, colour schemes, tone of voice guidelines, and other brand kit materials
• Payment Information: Billing details and payment card information (processed securely by our payment provider)
• Communications: Messages, feedback, and correspondence with our support team
• Survey Responses: Responses to surveys, feedback forms, and questionnaires

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical information:

• Device Information: Device type, operating system, browser type and version, screen resolution
• Usage Data: Features used, actions taken, time spent, compliance checks performed, content generated
• Log Data: IP address, access times, pages viewed, referring URLs, error logs
• Cookies and Tracking: Information collected through cookies, pixels, and similar technologies (see Section 9)
• Location Data: Approximate location based on IP address (country/region level)

2.3 Information from Third Parties

We may receive information about you from third-party sources:

• Authentication Providers: If you sign in using a third-party service
• Business Partners: Referral information from partners or affiliates
• Public Sources: Information from publicly available business registries or websites
• Integration Partners: Information from connected services (e.g., Canva, marketing platforms) with your consent

3. How We Use Your Information

We use your information for the following purposes:

3.1 Providing and Operating the Service

• Creating and managing your account
• Processing your marketing content for compliance analysis
• Generating compliance reports and suggestions
• Providing AI-powered content generation and correction features
• Enabling team collaboration and organisation management
• Processing payments and managing subscriptions

3.2 Improving and Developing the Service

• Analysing usage patterns to improve features and user experience
• Training and improving our AI models (see Section 4)
• Developing new features and services
• Conducting research and analytics
• Testing and troubleshooting

3.3 Communication

• Sending service-related notifications and updates
• Responding to your enquiries and support requests
• Sending marketing communications (with your consent)
• Providing product updates and announcements

3.4 Safety and Compliance

• Detecting, preventing, and addressing fraud, abuse, or security issues
• Enforcing our Terms of Service
• Complying with legal obligations
• Protecting our rights and the rights of others

4. AI Processing and Data Use

Our Service uses artificial intelligence to analyse your marketing content and provide compliance insights. It is important you understand how your data is processed by our AI systems.

4.1 How AI Processes Your Content

When you submit content for compliance analysis, our AI systems process this content to:

• Identify potential compliance issues with applicable regulations
• Generate suggestions for compliant alternatives
• Assess risk levels and provide compliance scores
• Create compliant content based on your inputs

4.2 Third-Party AI Services

We use third-party AI services (including OpenAI, Google, and other providers) to power certain features of the Service. When your content is processed by these services:

• Content is transmitted securely using encryption
• We have data processing agreements with these providers
• Content may be processed in servers located outside Australia (see Section 7)
• These providers have their own privacy policies governing data use

4.3 Model Training

We may use aggregated and de-identified data derived from your use of the Service to improve our AI models and algorithms. This aggregated data cannot be used to identify you or your organisation.

We do not use your raw content or personal information to train third-party AI models without your explicit consent.

5. How We Share Your Information

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Cloud Hosting: Supabase (database and authentication), Vercel (hosting)
• AI Processing: OpenAI, Google Cloud AI services
• Payment Processing: Lemon Squeezy (payment gateway)
• Email Services: Resend (transactional emails)
• Analytics: Vercel Analytics, PostHog
• Error Monitoring: Sentry
• Integrations: Canva, Brand.dev, and other connected services

These providers are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

5.2 Organisation Members

If you are part of an organisation account, your information (including name, email, and activity) may be visible to organisation administrators and other team members as necessary for collaboration.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders, subpoenas, or legal process
• Requests from government authorities or law enforcement
• To protect our rights, privacy, safety, or property
• To protect the rights of others or the public
• To enforce our Terms of Service

5.4 Business Transfers

In connection with a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your information may be transferred to a successor entity. We will notify you of any such change and any choices you may have.

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including:

• Account Data: Retained while your account is active and for a reasonable period after account deletion to comply with legal obligations
• Content Analysed: Compliance check results are retained according to your organisation's settings. Raw content may be retained for a limited period to provide the Service
• Usage Data: Retained for analytics purposes, typically for 2 years
• Financial Records: Retained for 7 years as required by Australian tax law
• Audit Logs: Retained for compliance and security purposes as required

After the retention period, we will securely delete or de-identify your information unless retention is required by law.

7. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than Australia, including the United States, where our service providers maintain facilities.

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Contractual protections with service providers (Standard Contractual Clauses or equivalent)
• Using providers that participate in recognised data protection frameworks
• Implementing technical security measures for data in transit and at rest
• Conducting due diligence on provider security practices

By using the Service, you consent to the transfer of your information to countries outside Australia. We will take reasonable steps to ensure your information receives an equivalent level of protection.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction:

• Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls and authentication requirements
• Infrastructure Security: Secure cloud infrastructure with regular security assessments
• Monitoring: Security monitoring and incident detection systems
• Employee Training: Regular security awareness training for staff
• Data Isolation: Multi-tenant data separation and Row Level Security

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small data files stored on your device when you visit a website. We use cookies and similar technologies (pixels, local storage) to provide and improve the Service.

9.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security, preferences)
• Analytics Cookies: Help us understand how you use the Service (page views, feature usage)
• Functional Cookies: Remember your preferences and settings
• Performance Cookies: Monitor Service performance and errors

9.3 Managing Cookies

Most browsers allow you to control cookies through settings. You can refuse or delete cookies, but some features of the Service may not function properly without them.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

10. Your Privacy Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have certain rights regarding your personal information:

10.1 Access

You have the right to request access to the personal information we hold about you. We will provide this information within a reasonable timeframe, subject to any exceptions under the Privacy Act.

10.2 Correction

You have the right to request correction of any inaccurate, incomplete, out-of-date, or misleading personal information we hold about you.

10.3 Erasure

You may request deletion of your personal information, subject to our legal obligations to retain certain data. You can delete your account through your account settings or by contacting us.

10.4 Data Portability

You may request a copy of your personal information in a structured, commonly used, machine-readable format.

10.5 Opt-Out of Marketing

You can opt out of receiving marketing communications by:

• Clicking the "unsubscribe" link in our emails
• Adjusting your notification preferences in account settings
• Contacting us directly

10.6 Exercising Your Rights

To exercise any of these rights, please contact us at support@anchorcompliance.com.au. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you believe we may have collected information from a child under 18, please contact us immediately.

12. Do Not Track

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. The Service does not currently respond to DNT signals, as there is no industry-standard approach to DNT.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Complaints

If you believe we have breached the Australian Privacy Principles or have concerns about our privacy practices, you may lodge a complaint with us.

To lodge a complaint:

1. Contact our Privacy Officer at support@anchorcompliance.com.au
2. Provide details of your complaint
3. We will investigate and respond within 30 days

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

16. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us: