Back to Home

Privacy Policy

Last updated: April 2026

AskThePlans ("we", "us", "our") is committed to protecting the privacy of individuals who use our platform. We operate in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in that Act.

This Privacy Policy explains what personal information and project information we collect, why we collect it, how we use and disclose it, how we protect it, and what rights and choices you have.

By using AskThePlans, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the service.

This Privacy Policy applies to AskThePlans customers, authorised team members, and visitors to asktheplans.com.

1. Information We Collect

We collect information that is reasonably necessary to provide the AskThePlans service. The categories of information we may collect include:

Account and Identity Information

Name, email address, phone number, company name, role or job title, account credentials (username and hashed password), and subscription or billing details. This is collected when you register or update your account.

Project and Document Information

Construction plans, architectural drawings, engineering specifications, approvals, schedules, material lists, notes, photographs, and any other documents or files you upload or connect to AskThePlans. This is "Customer Content" — you own it, and we process it solely to deliver the service to you (see Section 4).

Query and Conversation Data

Questions you ask (typed or submitted via voice transcription), AI-generated responses, follow-up questions, agent selections, and conversation history. This data is associated with your project workspace and account.

Usage and Interaction Data

Features accessed, pages visited within the platform, buttons clicked, session duration, search queries within the app, and product usage patterns. We use this to understand how the service is used and to improve it.

Technical and Device Data

IP address, browser type and version, operating system, device type and model, referral URLs, log data (including timestamps and error events), and diagnostic information. Collected automatically when you access the service.

Communications and Support Data

Content of emails, support tickets, feedback forms, and any other communications you send us. Used to respond to your enquiries and improve our service.

Team Member Data

Where you invite other team members (tradies, supervisors, certifiers, clients), we collect their name and email address to create their account or invite them to your workspace. You are responsible for ensuring you have the right to provide us with their information and that they are aware of this Privacy Policy.

2. How We Collect Information

We collect information in the following ways:

  • Directly from you — when you register, sign in, upload documents, submit queries, fill in forms, or contact us.
  • Automatically — via cookies, analytics scripts, application logs, and telemetry when you use the web app or iOS app.
  • From your device — when you use voice query features, your device's speech recognition processes audio locally or via Apple's servers (see Section 5).
  • From authorised team members — when they upload documents, send messages, or use the platform within your workspace.

We will take reasonable steps to notify you at or near the time of collection of the purposes for which we are collecting your personal information, as required by APP 5.

3. How We Use Your Information

We use personal information only for the purposes for which it was collected or a purpose you would reasonably expect, consistent with APP 6. These purposes include:

  • providing, operating, and maintaining the AskThePlans platform
  • creating and managing user accounts and workspaces
  • processing and indexing uploaded project documents to generate AI responses
  • maintaining your conversation history and project memory
  • monitoring and improving platform performance, reliability, and security
  • providing onboarding, customer support, and responding to your requests
  • processing billing and managing subscriptions (where applicable)
  • detecting and preventing fraud, abuse, or unauthorised access
  • sending transactional and service-related notifications (account activity, system updates, security alerts)
  • sending marketing and promotional communications where you have opted in or where permitted under applicable law (with opt-out available in every message)
  • complying with legal obligations, court orders, and regulatory requirements

We do not use your personal information for purposes unrelated to the operation of AskThePlans without your consent.

4. AI Processing and Your Project Data

You own your content

You retain full ownership of all documents, drawings, specifications, and other content you upload to AskThePlans ("Customer Content"). We do not claim any intellectual property rights over your Customer Content.

How AI processing works

When you upload documents, we index them into a vector store to enable semantic search and question answering. When you submit a query, the relevant portions of your documents are retrieved and sent — together with your question — to our AI provider (OpenAI) to generate a source-backed response. The response is returned to you and saved to your conversation history.

We do not use your data to train AI models

Your Customer Content — including uploaded documents, queries, and AI responses — is never used to train, fine-tune, or improve any AI model, including OpenAI's models or any internal AskThePlans models. Data sent to OpenAI's API is processed solely to generate your answer and is subject to OpenAI's API data usage policy, which prohibits using API inputs to train OpenAI models without explicit consent.

AI service improvements

We may use anonymised and aggregated usage statistics (e.g., response quality ratings, feature usage patterns) — from which no individual or project can be identified — to improve AskThePlans as a product. We will never use identifiable Customer Content for this purpose without your explicit consent.

AI answers are advisory

AskThePlans AI responses are generated to assist decision-making by referencing your uploaded documents and supported reference materials. They are not a substitute for professional, licensed advice from engineers, certifiers, or other qualified practitioners. Every response includes a source citation so you can independently verify the answer.

5. Voice Queries and Voice Data

AskThePlans includes voice query functionality via the iOS app and Siri Shortcuts. Voice data is classified as sensitive information under the Privacy Act because it may constitute biometric information. We take the following approach:

In-app voice queries

When you use in-app voice input on the iOS app, audio is captured on your device and processed using Apple's on-device or server-based speech recognition (Apple's Speech Recognition service via the iOS Speech framework). The audio recording is transcribed to text on your device or by Apple. The audio itself is not transmitted to AskThePlans servers or to OpenAI. Only the transcribed text is sent to AskThePlans for processing.

Siri Shortcuts

Voice commands submitted via Siri Shortcuts are processed by Apple's Siri service on Apple's infrastructure before being relayed to AskThePlans as text. Apple's handling of Siri data is governed by Apple's Privacy Policy.

Text-to-speech responses

AI responses can be read aloud using text-to-speech functionality. The text of the AI response is sent to OpenAI's text-to-speech API to generate audio, which is played on your device and not stored by AskThePlans.

By enabling voice features, you consent to the processing of voice input as described above. You can use AskThePlans without voice features at any time.

6. Cookies and Analytics

We use cookies and similar technologies on asktheplans.com and within the AskThePlans platform. A cookie is a small text file placed on your device to help the site function correctly and understand how it is used.

Types of cookies we use

Essential cookies

Required for the service to function — keeping you signed in, maintaining session state, and securing the application. These cannot be disabled.

Analytics cookies

We use Google Analytics and Vercel Analytics to understand how visitors use our website. These tools collect anonymised data including page views, session duration, referral sources, and browser/device information. Data is transferred to Google LLC (United States) and Vercel Inc. (United States). You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout.

Performance and telemetry

We use Microsoft Azure Application Insights for application error tracking, performance monitoring, and diagnostic logging within the platform. This helps us identify and resolve technical issues. Data is processed by Microsoft Corporation (United States/international Azure regions).

You can control cookies through your browser settings. Note that disabling essential cookies will affect your ability to use the platform.

7. When We Disclose Information

We do not sell, rent, or trade your personal information to third parties.

We may disclose personal information in the following limited circumstances, consistent with APP 6:

  • Service providers and subprocessors — companies that help us deliver the platform, including AI processing, cloud storage, email delivery, and analytics (see Section 8 for the full list). These providers access only the information necessary to perform their services and are contractually bound not to use it for other purposes.
  • Professional advisers — legal, accounting, audit, or insurance advisers where reasonably necessary for our operations or legal obligations.
  • Legal requirements — where required by law, regulation, court order, subpoena, or lawful government or regulatory request.
  • Protection of rights and safety — where disclosure is reasonably necessary to protect the rights, property, or safety of AskThePlans, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, asset sale, or restructuring. We will notify you before your personal information becomes subject to a different privacy policy as a result.
  • With your consent — for any other purpose where you have provided explicit consent.

8. Overseas Disclosure and Third-Party Providers

AskThePlans uses third-party service providers to operate the platform. Some of these providers are located outside Australia, which means your personal information may be disclosed to overseas recipients as required by APP 8.

We take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with the Australian Privacy Principles, including through contractual data processing agreements. However, by using AskThePlans, you acknowledge that once information is disclosed to an overseas recipient, we may not always be able to control how it is handled beyond our contractual safeguards.

Our key third-party subprocessors include:

ProviderPurposeData TransferredCountry
OpenAI, Inc.AI response generation, text-to-speech, document embeddingsQuery text, document excerpts (not full files), response textUnited States
Microsoft AzureCloud storage for uploaded project files, application monitoringUploaded documents, application logsAustralia (primary); may include other Azure regions
Twilio SendGridTransactional and notification email deliveryName, email address, email contentUnited States
Google LLCWebsite analytics (Google Analytics)Anonymised usage data, IP address (anonymised)United States
Vercel Inc.Website hosting, web analyticsAnonymised web traffic dataUnited States
Apple Inc.Speech recognition for voice queries (on-device / Apple servers)Voice audio (for transcription only; not stored by AskThePlans)United States; governed by Apple's Privacy Policy

We review our subprocessors periodically and update this list when providers change. If you require an up-to-date list or copies of our data processing agreements, contact us using the address below.

9. Data Retention

We retain personal information for as long as reasonably necessary for the purposes for which it was collected and to comply with our legal obligations. Specific retention periods:

Data TypeRetention Period
Account informationFor the lifetime of your account, plus 12 months after closure (or longer if required by law)
Uploaded project documentsFor the lifetime of your project/workspace. Deleted within 30 days of account closure or your deletion request, unless retention is required by law.
Query and conversation historyFor the lifetime of the project, then deleted within 30 days of project deletion or account closure
Application logs and telemetryUp to 90 days for operational logs; up to 12 months for security and audit logs
Billing and financial records7 years from the date of the transaction, as required by Australian tax law
Support and communication records3 years from the date of the last communication
Website analytics dataUp to 26 months (Google Analytics default retention)

When information is no longer required, we will take reasonable steps to destroy or permanently de-identify it, as required by APP 11.2.

10. Data Security

We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure, as required by APP 11.

Our security measures include:

  • encryption of data in transit (TLS/HTTPS) and at rest (Azure Blob Storage encryption)
  • secure authentication using JSON Web Tokens (JWT) with appropriate expiry
  • access controls limiting employee access to personal information to those who need it
  • application monitoring and intrusion detection via Azure Application Insights
  • regular review of security practices and third-party provider security certifications

No system is perfectly secure. Despite our efforts, we cannot guarantee absolute security. You are responsible for keeping your login credentials secure and for controlling who has access to your AskThePlans workspace.

If you believe your account has been compromised or you are aware of a security issue, contact us immediately using the address below.

11. Your Rights — Access, Correction and Deletion

Under the Australian Privacy Principles, you have the following rights regarding your personal information:

Access (APP 12)

You may request access to the personal information we hold about you. We will respond to access requests within 30 days. We may need to verify your identity before granting access. In limited circumstances (e.g., legal privilege, third-party confidentiality), access may be refused; we will explain why.

Correction (APP 13)

You may request correction of inaccurate, incomplete, or out-of-date personal information. We will take reasonable steps to correct it and, where we have disclosed the incorrect information to a third party, notify them of the correction where practicable.

Deletion

You may request deletion of your personal information or your account. We will process deletion requests subject to any legal retention obligations (e.g., financial records). Deletion of your account will result in the deletion of your uploaded documents and conversation history within 30 days.

Opt-out of marketing

You may opt out of marketing communications at any time by clicking "Unsubscribe" in any marketing email or by contacting us. Opting out does not affect transactional or service notifications.

Data portability

You may request a copy of your personal information and Customer Content in a commonly used format to transfer to another service. We will respond to portability requests within 30 days.

To exercise any of these rights, contact us using the address below with the subject line "Privacy Request" and a description of your request.

12. Automated Decision-Making

AskThePlans uses AI systems that assist in generating answers to your questions. We disclose the following about how automated processing is used in our service:

AI-assisted answers

When you submit a query, an automated AI system (powered by OpenAI) retrieves relevant excerpts from your uploaded documents and generates a text response. This is not a final decision — it is an advisory output that you and your team use to inform your own decisions.

Specialised AI agents

AskThePlans offers multiple AI agents (Tradie, Builder, Certifier, Architect, Client) that respond to the same question with different framings suited to each role. The agent is selected by you; the response is generated by the AI system using your document context. No AI agent makes autonomous decisions that affect your legal rights or entitlements.

Personal information used in automated processing

The automated systems process the text of your queries, the content of your uploaded project documents (which may include names of team members, project addresses, and other personal information embedded in construction documents), and your conversation history within a project.

We will update this section as required by legislative changes, including requirements under the Privacy and Other Legislation Amendment Act 2024 that take effect from December 2026 regarding automated decision-making transparency.

13. Notifiable Data Breaches

AskThePlans is bound by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth).

If we become aware of a suspected eligible data breach — meaning unauthorised access to, disclosure of, or loss of personal information that is likely to result in serious harm to affected individuals — we will:

  • conduct an assessment within 30 days of becoming aware of the suspected breach
  • if the breach is confirmed and remedial action has not prevented the risk of serious harm, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable
  • include in our notification a description of the breach, the kinds of information involved, and recommended steps affected individuals should take

If you suspect a data breach or security incident involving AskThePlans, please notify us immediately using the address below.

14. Complaints

If you have a concern or complaint about how we have handled your personal information, you may:

Step 1 — Contact us directly

Send your complaint to the address below with the subject line "Privacy Complaint". We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If we need more time, we will notify you.

Step 2 — Escalate to the OAIC

If you are not satisfied with our response, or if your complaint has not been resolved within 30 days, you may refer the matter to the Office of the Australian Information Commissioner (OAIC):

Website: oaic.gov.au/privacy/privacy-complaints

Phone: 1300 363 992

Post: GPO Box 5218, Sydney NSW 2001

15. Children

AskThePlans is intended for business and professional use by adults (18 years and over). It is not directed at children. We do not knowingly collect personal information from individuals under 18. If you believe we have inadvertently collected such information, please contact us using the address below and we will promptly delete it.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • update the "Last updated" date at the top of this policy
  • notify you by email (to the address associated with your account) for changes that materially affect how we use your personal information
  • in some cases, request your renewed consent where required by law

Continued use of AskThePlans after a policy update constitutes your acceptance of the revised policy, subject to any cases where renewed consent is required.

17. Contact Us

For all privacy enquiries, access requests, corrections, complaints, or questions about this policy:

AskThePlans

info@asktheplans.com

We will acknowledge privacy requests within 5 business days and aim to resolve them within 30 days.