Privacy Policy

We collect the following categories of personal information:

• Account and contact details (name, business email, organisation, role).
• Content our customers upload or connect, including emails, chat exports, audit logs, cloud records, documents, screenshots processed with optical character recognition (OCR), transcripts and datasets.
• Open-source and publicly available information (OSINT) that customers ingest into a matter.
• Technical and usage data generated when you use the platform (device, browser, IP address, log events).

This material may include sensitive information (such as health, criminal record, biometric information derived from images, and racial or ethnic information) and personal information about people who are not our customers, such as investigation subjects.

We use personal information to:

• Provide the platform, including entity mapping, timelines and evidence briefings.
• Support customers and respond to enquiries.
• Secure, monitor and improve the service.
• Meet legal and regulatory obligations.

We use automated processing and artificial intelligence to generate entity maps, timelines and risk indicators. Outputs are investigative aids, may be incomplete or inaccurate, and are intended to be reviewed by a person before any decision or disclosure. See our AI Transparency Statement.

Customers who upload information about third parties warrant that they have a lawful basis to do so. In many investigation contexts, direct collection from, or notice to, the individuals concerned is unreasonable or impracticable. We rely on customers to comply with Australian Privacy Principle (APP) 3 (collection of personal information) and APP 5 (notification of collection) at the point of collection, and to deal with related individual access requests.

We require customers to use OSINT material in line with our Acceptable Use Policy.

We disclose personal information to service providers and sub-processors who help us run the platform (for example, cloud hosting, email delivery and customer support tooling), and where required or authorised by law. We do not sell personal information.

We store and process personal information in Australia. We do not currently disclose personal information to recipients located outside Australia. If in the future we engage overseas service providers, we will take reasonable steps under Australian Privacy Principle 8 to ensure they handle personal information consistently with the Australian Privacy Principles, we will remain accountable for them under section 16C of the Privacy Act 1988 (Cth), and we will update this policy to identify the relevant countries.

We take reasonable steps under APP 10 and APP 11 to ensure personal information is accurate, up to date and protected against misuse, interference, loss, unauthorised access, modification or disclosure. We destroy or de-identify personal information when no longer needed. See our Data Retention and Security and Trust pages for more detail.

You may request access to, or correction of, personal information we hold about you (APP 12 and APP 13). You also have the right to deal with us anonymously or by pseudonym where it is lawful and practicable to do so (APP 2). We may refuse some requests, particularly those about investigation data held on behalf of a customer, on lawful grounds and will provide written reasons.

To make a request, contact us at privacy@setara.com.au.

We comply with the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988 (Cth). We will assess suspected eligible data breaches promptly and notify the Office of the Australian Information Commissioner (OAIC) and affected individuals where required.

If you are in the UK or California, additional rights and disclosures apply. See our UK Privacy Notice and California Privacy Notice.

To contact us about this policy, email privacy@setara.com.au or write to Level 3, 320 Pitt Street, Sydney NSW 2000.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at oaic.gov.au.