Privacy Policy
Last updated: May 2026
AIKURA is operated by AIKURA Pty Ltd (ABN 38 399 557 552), an Australian company headquartered in Melbourne. This Privacy Policy explains how we collect, hold, use, and disclose personal information in connection with the AIKURA platform and website. AIKURA is a business-to-business platform; the personal information we handle is largely incidental to our customers' use of the platform for construction procurement purposes. We are bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Scope of this policy
This policy covers the AIKURA platform, the AIKURA website at aikura.net, and any related services. It distinguishes between personal information AIKURA collects directly (covered by this policy) and customer data uploaded to the platform by AIKURA's business customers (governed by our Terms of Service and any signed Data Processing Terms). For customer-uploaded project documents, AIKURA acts as a data processor on behalf of the customer; the customer remains the data controller.
Information we collect
We collect the following categories of information:
- Account information: name, work email, job title, company, phone number
- Authentication data: hashed passwords, multi-factor authentication tokens, single sign-on identifiers
- Usage data: pages visited, features used, queries submitted, timestamps, IP address, browser and device data
- Communications: emails, support tickets, walkthrough requests, demo bookings
- Billing information: handled via third-party payment processors; AIKURA does not store full payment card details
- Incidental personal information contained within customer-uploaded documents (such as subcontractor contact details or signatories)
- Cookie and analytics data as described below
How we collect personal information
We collect personal information directly when you create an account, request a walkthrough, contact us, or use the platform; automatically via cookies, server logs, and platform telemetry; and incidentally from documents uploaded to the platform by our customers.
Why we collect personal information
We use personal information to: provide and operate the AIKURA platform; authenticate users and protect account security; respond to support requests; improve, secure, and develop the platform; send service updates and security notices; send marketing communications (only with consent and with opt-out available); meet legal, regulatory, audit, and contractual obligations; and detect, prevent, and respond to fraud, abuse, or security incidents.
AI processing and customer data
This section is important and we want it stated plainly.
The AIKURA platform uses third-party large language model providers to process queries and generate outputs. Customer-uploaded documents and queries may be transmitted to these providers via secure API for the sole purpose of generating outputs requested by the customer. AIKURA maintains contractual zero-retention or limited-retention arrangements with these providers wherever available.
AIKURA does not use customer data to train AI models — neither our own models nor those of our third-party providers. This commitment is contractual, not aspirational.
AI-generated outputs are not legal, financial, contractual, or commercial advice. Outputs are decision-support tools intended to assist qualified human users. Outputs must be reviewed and approved by qualified personnel before being acted upon. AIKURA disclaims responsibility for decisions made based on unreviewed AI outputs. This position is reinforced in our Terms of Service.
Who we share personal information with
We share personal information only with:
- Service providers necessary to operate the platform, including cloud hosting (AWS, Australian regions where available), database providers, payment processors, email providers, analytics providers, and AI model providers
- Professional advisors including lawyers, accountants, and auditors
- Acquirers or successors in the event of a sale, merger, or business transfer
- Government authorities, regulators, or courts where legally required
We do not sell personal information.
International disclosure
Personal information is primarily stored and processed within Australia. Some service providers — particularly AI model providers and certain cloud services — may process data in other countries, including the United States and other OECD jurisdictions. We take reasonable steps to ensure overseas recipients handle personal information consistently with the Australian Privacy Principles, and rely on relevant APP 8 exceptions or consent where required.
How we store and secure personal information
We use enterprise cloud infrastructure with encryption at rest (AES-256) and in transit (TLS 1.3), tenant isolation, role-based access control, multi-factor authentication, regular security review, and documented incident response procedures. No system is completely secure and we cannot guarantee absolute security. Where an eligible data breach occurs, we will comply with the Notifiable Data Breaches Scheme under the Privacy Act and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.
Data retention
We retain account data while the account is active and for a defined period after termination. Billing and audit records are retained for up to seven years to meet legal and tax obligations. Customer-uploaded project documents are retained according to customer instruction and contractual terms, and are deleted on request or on contract termination, subject to legal hold requirements. Aggregate, de-identified data may be retained indefinitely for product analytics and research purposes. Backups are retained according to our backup retention schedule.
Cookies and analytics
We use essential cookies for authentication and platform function, and privacy-respecting analytics to understand platform and website usage. Marketing cookies are only used with consent. You can manage cookies via your browser settings.
Your rights
Under the Privacy Act and Australian Privacy Principles, you have the right to access personal information we hold about you, request correction of inaccurate personal information, opt out of marketing communications, and lodge a complaint about how we handle personal information.
To exercise these rights, email legal@aikura.net. We respond within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at oaic.gov.au.
Children's data
AIKURA is a business-to-business platform not intended for use by individuals under 18. We do not knowingly collect personal information from minors.
Changes to this policy
We may update this policy from time to time. Material changes will be notified via the platform or by email. The "Last updated" date at the top of this policy reflects when changes were last made. Continued use of the platform after notification constitutes acceptance.
Governing law
This Privacy Policy is governed by the laws of Victoria, Australia.
Contact us
Privacy queries: legal@aikura.net
For complaints to the regulator: Office of the Australian Information Commissioner, oaic.gov.au