Privacy policy:

We value and respect your privacy, and we are committed to protecting it. We recognise that you are likely to provide or wish to discuss sensitive, confidential, or personal information with us, and we are committed to maintaining the confidentiality of this information.

Squirrel Ventures Pty Ltd (ABN: 98 674 325 654) provides these services. This privacy policy takes effect from 17 February, 2025, and it governs all of your interactions with our services.

Basis for your access:

• We advise you that this is a private, limited beta in an early stage of development
• We advise you that no external parties have reviewed or audited the system's security
• You acknowledge that you are accessing this service to participate in its development
• You acknowledge that our systems for collecting, protecting, and storing data are in early development and may contain security vulnerabilities
• You agree not to transmit any information to the service that, if obtained by third parties, may cause reasonably foreseeable detriment to you
• You agree, to the maximum extent permissible by law, to waive any rights that arise in respect of and indemnify us against any liability that arises in relation to the collection, storage, or unauthorised access to your data

Data that we collect:

• We collect the personal information that you provide when you subscribe to the service (your name, phone number, email address, date of birth, and timezone)
• We collect all information you provide during your use of the service
• We collect only information that you directly and voluntarily provide to us
• We do not collect information through tracking, purchases of data from third parties, or any other indirect means
• We allow you to use a pseudonym to subscribe to and use the service, but you must provide a valid phone number and valid payment details

Our use of your data:

• We collect and process your data only to provide services to you, to improve the services that we provide to you, and for our reasonable corporate needs
• We use your data, during the course of your interactions with the service, to store and recall information that you discuss with us (such as recording then remembering a topic that you have discussed)
• We use your data to perform automated analytics to improve the service for you (such as organising your information for recall, or adapting the behaviour of Liora to you)
• We use your data to collect and share with third parties (such as investors) anonymised metrics and analytical data (such as costs, activity, user satisfaction etc), where the data that we share is not personally identifiable with you and where the purpose of sharing and transmitting that data is otherwise consistent with the provisions of this policy and relates to our reasonable corporate purposes
• We will never review or access your data, other than is required to provide you with the services, or with your explicit permission (for example, to review an error)
• We will never sell or use your data, other than is required to provide you with the services
• We will never use your data for commercial purposes other than as described in this policy
• We will never use your data for marketing purposes or to contact you (other than in the course of providing you with the services)

Our protection of your data:

• We encrypt all information that you transmit to us using end-to-end encryption (HTTPS while in transit, and via volume encryption when stored)
• We provide access to your data only to those members of our team who need to access your data so that they may develop or provide you the services
• We have implemented strict access controls, to reduce the risk that your account is compromised
• We require you to use a complex password and unique password, to minimise the risk that your account is compromised
• You agree not to transmit any information to the service that, if obtained by third parties, may cause reasonably foreseeable detriment to you

Transmission of your data:

• We will never transmit your data to third-party providers, other than as is necessary to provide the service (e.g. for payments, to interact with an LLM, to process and store your information by a cloud hosting provider, or to generate or transcribe audio)
• We will always use encryption-in-transit when we transmit your data to third-party providers
• We will, where possible and where it is not intrinsic to the service that the third-party provider provides, prevent those third-party providers from storing your data
• We will, when we transmit data to a third-party provider, transmit all data that you provide during that conversation (e.g. to allow either the processing of the conversation by an LLM, or to store the conversation with a cloud-hosting provider)
• When we transmit your data to a third-party provider, it will be processed and stored in the locations in which that provider operates
• We will select reputable, industry-leading providers (such as Amazon, OpenAI, or Anthropic) but we will not independently validate their data collection, protection, and privacy practices
• We advise you that those recipients may not be bound by the Australian Privacy Principles
• We advise you that the third-party providers will process and store your data in globally-distributed locations
• We will select reputable, industry-leading providers (such as Amazon, OpenAI, or Anthropic) but we will not independently validate their data collection, protection, and privacy practices

Our retention of your data:

• We retain your data for as long as you retain an active account with us
• We will disable your account and delete data that is associated with your account after six months of inactivity
• You may at any time request the termination of your account or otherwise request that your data is deleted

Our use of cookies:

• We set only the cookies that are required to provide you with access to the service (i.e. your credentials, to log in to the system)
• We set HTTP-only cookies that are specific to our domains and which cannot be read by any other domains
• We do not and will not attempt to read any other cookies on any of your devices
• We do not track you using cookies (or by any other means), and we do not attempt to track or analyse your activity other than in using the services

Your right to access or delete your data:

• You may request a copy from us of your data at any time, and we will provide it within 72 hours of your request
• You have a right to export your information, but you do not have a right to data portability (as the service is not compatible or interchangeable with any other similar services)
• You may ask Liora at any time to forget or delete a topic that you have discussed with her, and it will be erased from your account
• You may delete all information that we have stored at any time, and we will do so within 24 hours of your request

Your right to revise your data:

• You may revise any component of your personal details at any time by accessing the account interface and providing the revised information
• You may revise any component of the information that you have provided as part of use of the service and which we have stored (for example, information that pertains to a topic that you have discussed) by accessing that information through the service and providing instructions to revise or delete it

Your age:

• You must be at least 21 years of age to use the service
• You agree that you will not use the service if you are not at least 21 years of age

Conditions on our ability to revise this policy:

• We will only make a material revision to this policy (that substantially changes our use or storage of your data) with your explicit consent
• We will notify you at least 30 days in advance of the effective date of a requested change to the policy, and we will give you the option to retain your account (and accept the new policy) or terminate your account (and delete all personally-identifiable information that we have collected)

Our contact information:

• You may at any time contact our data protection officer at privacy@meandliora.com

Process for complaints and notification of breaches:

• You may contact us directly if you believe that we have breached this policy or the Australian Privacy Principles
• You agree to provide us with a period of 30 days in which you respond and resolve your concerns
• You may lodge, after the expiry of that period, a complaint with the Office of the Australian Information Commissioner if you are not satisfied with our response
• We will notify you immediately of any suspected or actual breaches of our systems or access to your data