Start free
LEGAL

Privacy Policy.

Last updated · 1 May 2026 · Certant Pty Ltd · ABN 00 000 000 000
CONTENTS
  1. Who we are
  2. What we collect
  3. How we use it
  4. Customer data
  5. Where data lives
  6. Sub-processors
  7. Your rights
  8. Contact

1. Who we are

Certant Pty Ltd ("Certant", "we", "us") is an Australian company headquartered in Melbourne. We build the Certant platform — a knowledge-graph-grounded AI system used by regulated organisations to ground language models on their own documents and data.

This policy covers our marketing site (certant.ai), the Certant product, and any data we process on your behalf.

2. What we collect

2.1 From visitors to certant.ai

  • Standard server logs (IP, user agent, referrer, page).
  • Anonymous, aggregate analytics — page views, navigation paths. No third-party trackers.
  • Anything you submit through our forms — name, email, organisation, message body.

2.2 From product users

  • Account profile — name, email, organisation, role, region.
  • Authentication metadata — last sign-in, IP, session token.
  • Audit log — who did what, when, against which document or agent.

3. How we use it

We use the data above to:

  • Run the Certant product — authenticate you, route requests, write the audit log.
  • Reply to enquiries you send us.
  • Detect and prevent abuse of the platform.
  • Improve the product. We do not train foundation models on your data. We do not use customer documents to train shared models, ever.

4. Customer data

The documents and structured records you bring into Certant are your data. We process it on your behalf as a data processor. You retain all rights, title and interest. We do not sell, share, or use it for any purpose outside operating the platform for you.

You can export or delete your data at any time. Deletion is propagated to all replicas within 30 days.

5. Where data lives

By default, Certant Cloud customer data is stored in Australia (AWS ap-southeast-2, Sydney). Sovereign customers may elect a specific region — UAE (Dubai), EU (Frankfurt), or a customer-controlled environment. See architecture for details.

6. Sub-processors

We use a small set of carefully scoped sub-processors. The current list is published on the security page. We give 30 days' notice before adding a new sub-processor.

7. Your rights

Under the Australian Privacy Principles and equivalent regimes, you have the right to:

  • Access your personal information we hold.
  • Correct anything inaccurate.
  • Request deletion (subject to retention obligations).
  • Withdraw consent for marketing communications.

Email [email protected] to exercise any of these. We respond within 30 days.

8. Contact

Questions? Complaints? Requests under section 7?

Email: [email protected]
Post: Privacy Officer, Certant Pty Ltd, Melbourne, Victoria 3000, Australia

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.