Privacy Policy

This Privacy Policy explains how Odontiq — operated by Scott Rogers (ABN 97 245 817 101), a sole trader based in New South Wales, Australia (“we”, “us”, “our”) — handles your personal information when you use odontiq.com.au and our app (the “Service”). We are committed to handling personal information in accordance with the principles of the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

1. Information we collect

We collect:

• Account information — your full name, email address, mobile number, and password (stored encrypted by our authentication provider).
• User content — information you choose to provide through the Service, such as your AI Tutor conversations, feedback and support messages.
• Usage & performance data — your quiz and mock-exam answers, scores, study activity, streaks and readiness metrics.
• Payment information — handled by our payment provider, Stripe. We do not store your full card details; we receive limited billing data such as subscription status and invoices.
• Technical & analytics data — device, browser, approximate location and product-usage events, collected to operate and improve the Service.
• Communications — messages you send us and your contact preferences.

2. How we use your information

We use your information to:

• provide, personalise and improve the Service (including your performance analytics and readiness predictions);
• create and manage your account and authenticate you;
• process subscriptions, payments and refunds;
• send transactional emails (welcome, billing, subscription and account notices) and, where you have not opted out, occasional product updates;
• provide support and respond to enquiries; and
• maintain security and comply with our legal obligations.

We may use de-identified and aggregated usage data to improve the Service, including its educational content, recommendations and AI-assisted features.

3. Who we share it with

We do not sell your personal information. We share it with trusted service providers who process it on our behalf, only as needed to run the Service:

• Supabase — database, authentication and storage;
• Vercel — application hosting;
• Stripe — payment processing;
• Resend — transactional email delivery;
• PostHog — product analytics;
• Anthropic — AI model that powers the AI Tutor;
• Google — authentication services where users choose to sign in with Google, and our email infrastructure.

We may also disclose information where required by law, or to protect our rights, users or the Service.

4. Overseas disclosure

Some of our service providers store or process data outside Australia, including in the United States. By using the Service from outside Australia, you acknowledge that your information may be transferred to and processed in Australia and other countries where our service providers operate. We take reasonable steps to ensure providers protect your information consistently with the APPs.

5. AI Tutor & AI training

When you use AI features, the text of your questions and the relevant study context are sent to our AI provider (Anthropic) to generate a response. Please do not enter confidential patient information or personal health information into the AI Tutor.

We do not permit our AI providers to use your AI Tutor conversations to train their general-purpose AI models. See our AI Usage Policy for more detail.

6. Cookies & analytics

We use cookies and similar technologies for authentication, to remember preferences, and for product analytics (via PostHog). You can control cookies through your browser settings, though some features may not work without them.

7. Data security

We take reasonable technical and organisational measures to protect your information, including encryption in transit, access controls and row-level security on our database. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data retention & deletion

We retain your information for as long as your account is active and as needed to provide the Service and meet our legal, accounting and reporting obligations.

Where deletion is requested, we will take reasonable steps to delete or de-identify personal information within a reasonable period, unless retention is required by law or for legitimate business purposes such as fraud prevention, dispute resolution or financial record-keeping.

9. Your privacy rights

You may request access to, or correction of, the personal information we hold about you. You may delete your account and associated data at any time from your account settings or via our account-deletion page, subject to the retention requirements above. To make any other request, contact privacy@odontiq.com.au.

10. Data breaches

If we become aware of a data breach that is likely to result in serious harm, we will comply with our obligations under applicable privacy laws, including notifying affected individuals and regulators where required.

11. Business transfers

If Odontiq is sold, merged, reorganised or otherwise transferred, personal information may be transferred as part of that transaction, subject to applicable privacy laws.

12. Children

The Service is intended for users aged 18 and over and is not directed at children. We do not knowingly collect personal information from anyone under 18.

13. Marketing

We only send marketing communications where permitted, and every marketing email includes an unsubscribe link. Transactional and account emails are part of the Service and are not marketing.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and, where changes are material, take reasonable steps to notify you.

15. Contact & complaints

For privacy questions or complaints, contact privacy@odontiq.com.au (or hello@odontiq.com.au). If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.