Privacy Policy

Pragmatix Advisory Portal

Last updated: February 2026

1. Introduction

Pragmatix ABN 69 297 089 181 ("Pragmatix", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Pragmatix Advisory Portal at portal.pragmatix.com.au ("Portal").

We handle your personal information in accordance with the Australian Privacy Principles ("APPs") contained in the Privacy Act 1988 (Cth) ("Privacy Act").

By registering for and using the Portal, you consent to the collection and use of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Name and display name
• Email address
• Password (stored in encrypted form)
• Organisation name (optional)

Conversation Data:

• Messages you send to AI advisors and the responses generated
• Documents and files you upload for AI analysis
• Conversation context and thread history

Payment Information (for paid tiers):

Subscription payments are processed by Stripe. We send your internal user identifier, selected subscription tier, and pricing information to Stripe. We do not collect, transmit, or store your credit card number, bank account details, or other financial information — this is handled entirely by Stripe's PCI-compliant infrastructure.

2.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time and duration of sessions
• Service usage data
• Subscription usage data

Technical Data:

• IP address
• Browser type and version
• Device type and operating system
• Referring website

Application Performance Data:

Function execution logs and error diagnostics collected through our cloud monitoring services. These logs may occasionally contain personal information such as email addresses in error messages.

Cookies and Similar Technologies:

• Session cookies (essential for Portal operation)
• Authentication tokens
• We do not use third-party advertising or tracking cookies

2.3 Consent

Your consent to this Privacy Policy is recorded at the time of registration, including a timestamp of when consent was provided.

3. How We Use Your Information

3.1 Provide and Improve the Service

• Operate and maintain the Portal
• Process your messages and provide AI-generated advisory responses
• Process file uploads for AI analysis and context
• Maintain conversation history so you can continue previous discussions
• Improve the quality and functionality of the Portal
• Develop new features and services

3.2 Communicate With You

• Send transactional emails (account verification, password resets, administrative notifications)
• Respond to your enquiries and support requests
• Send important updates about the Portal or these policies
• With your consent, send marketing communications

3.3 Ensure Security and Compliance

• Protect against unauthorised access and fraud
• Monitor for violations of our Terms of Use
• Comply with legal obligations

3.4 Business Operations

• Process subscription payments through Stripe
• Generate anonymised analytics and insights
• Administer your account

4. AI Processing and Your Data

4.1 How AI Processes Your Data

When you interact with our AI advisors:

• Your messages and uploaded files are sent to Microsoft Azure AI services for processing. These services are hosted in the Australia East region within Pragmatix's Azure tenant.
• Conversation context is maintained to provide coherent, contextual responses across a conversation thread.
• Your identity (email address, name) is not sent to the AI service.

4.2 What We Don't Do

• We do not use your conversations to train AI models. Your data is processed solely to generate responses.
• We do not share your conversations with other users
• We do not sell your data to third parties
• We do not use your data for advertising purposes

4.3 AI Knowledge Base

Our AI advisors have access to governance frameworks, standards, and best practices in their knowledge base. Your conversations do not become part of this knowledge base.

4.4 Important: Information You Share With AI Advisors

You are responsible for the information you include in your messages and file uploads. The Portal is designed for professional technology advisory queries. You should avoid including:

• Personal information about identifiable individuals (e.g. patient names, employee records, customer details)
• Highly sensitive or classified information that your organisation restricts from third-party platforms
• Information subject to specific regulatory controls (e.g. health records subject to state health records legislation) unless you have confirmed your organisation's policies permit this

Pragmatix cannot retrospectively remove specific information from AI conversation threads once submitted. If you inadvertently share sensitive information, please contact us immediately so we can take appropriate steps.

5. How We Share Your Information

5.1 Service Providers

We share information with third-party service providers who assist in operating the Portal:

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Data Residency

Your data is stored in Australia. All Azure infrastructure — including hosting, databases, AI processing, email services, and monitoring — is deployed to Microsoft Azure's Australia East (Sydney) data centre. This ensures your data remains within Australian jurisdiction.

The exception is payment processing: Stripe processes subscription billing information in the United States and globally. Stripe does not receive your email address, conversation content, or any Portal usage data — only your internal user identifier, subscription tier, and pricing. This overseas disclosure is made in accordance with APP 8.

5.3 Legal Requirements

We may disclose your information if required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from government authorities
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Use

5.4 Business Transfers

If Pragmatix is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

• Encryption in transit: All connections use HTTPS/TLS.
• Authentication: Secure authentication with encrypted password storage.
• Access controls: Role-based access with data isolated per user.
• Input validation: Industry-standard protections against common web application vulnerabilities.
• Administrative access: Restricted to authorised Pragmatix personnel, with all access logged.

While we take reasonable steps to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

7. Data Retention

7.1 Account Data

We retain your account information for as long as your account is active or as needed to provide services. If you do not log in for 12 consecutive months, we may contact you to confirm whether you wish to retain your account.

7.2 Conversation Data

• Conversation history is retained for the duration of your account to allow you to access and continue previous discussions.
• Uploaded files are retained within our AI processing infrastructure for the duration of the conversation thread.

7.3 On Account Deletion

When you request account deletion:

• Your account data and conversation history will be deleted from our databases within 90 days.
• We will request deletion of associated AI conversation threads, although we cannot guarantee the exact timing of deletion within our cloud provider's infrastructure.
• Anonymised usage data may be retained for analytics purposes. This data cannot be used to identify you.
• Payment transaction records are retained by Stripe in accordance with their privacy policy and applicable financial record-keeping requirements.

7.4 Technical and Usage Data

Anonymised usage data and application performance telemetry are retained for analytics and diagnostic purposes. This data cannot be used to identify you.

8. Your Rights

Under the Australian Privacy Principles, you have the following rights:

8.1 Access

You can access your conversation history directly through the Portal. You may also request access to other personal information we hold about you. We will respond within 30 days.

8.2 Correction

If you believe any information we hold about you is inaccurate, incomplete, or out of date, you can request correction. You can update your display name and account details directly through the Portal.

8.3 Data Export

You may request an export of your personal information and conversation history by contacting us at info@pragmatix.com.au. We are actively developing self-service data export features within the Portal.

8.4 Deletion

You may request deletion of your account and associated data by contacting us at info@pragmatix.com.au. We will process deletion requests within 90 days. We are actively developing a self-service account deletion feature within the Portal.

8.5 Complaints

If you believe we have breached the APPs, you can lodge a complaint with us. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC).

8.6 Opt-Out

You can opt out of marketing communications at any time by:

• Clicking "unsubscribe" in marketing emails
• Updating your account preferences
• Contacting us directly

9. Cookies

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and understand how you use the site.

9.2 How We Use Cookies

We do not use:

• Third-party advertising cookies
• Cross-site tracking cookies
• Social media tracking pixels

9.3 Managing Cookies

Most browsers allow you to refuse or delete cookies through their settings. Note that disabling essential cookies may prevent you from using the Portal.

10. Third-Party Links

The Portal may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

11. Children's Privacy

The Portal is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

12. International Users

The Portal is operated from Australia and is intended for users in Australia. If you access the Portal from outside Australia, you consent to the transfer of your information to Australia, where data protection laws may differ from those in your country.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on the Portal
• Updating the "Last updated" date
• Sending notice to your registered email address for material changes

Your continued use of the Portal after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Pragmatix

• Website: www.pragmatix.com.au
• Email: info@pragmatix.com.au
• Phone: +61 7 3236 7079

Office of the Australian Information Commissioner (OAIC)

If you are not satisfied with our response to a privacy complaint, you may contact the OAIC:

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Post: GPO Box 5218, Sydney NSW 2001

End of Privacy Policy