Privacy Policy
Last Updated: 21 April 2026
This Privacy Policy explains how Omiga Pty Ltd (ACN 660 367 288) collects and uses personal information when you use ClauseLogic.
1. Who We Are
ClauseLogic is operated by Omiga Pty Ltd (ACN 660 367 288).
Contact: support@clauselogic.com.au
Omiga handles personal information in accordance with the Privacy Act 1988 (Cth).
2. What Information We Collect
| Category | Data | Source |
|---|---|---|
| Account | Email, hashed password, name, company | Account creation |
| Access Request | Name, email, company, role | Access request form |
| Project | Project name, address, client details, internal notes | Project creation |
| Client Portal | Client name, email, uploaded documents | Client portal uploads |
| Compliance | Building details, insulation values, glazing specs, NatHERS data | Submission form / PDF extraction |
| Uploaded Documents | BCA reports, NatHERS certificates, BASIX certificates, architectural plans, building specifications, and other project files | Direct upload / Client portal |
| Technical | IP address, browser, device type | Automatic collection |
| Behaviour Analytics | Page navigation, clicks, scroll behaviour | PostHog |
| Behaviour Analytics | Session recordings (screen + mouse interactions) | PostHog session replay |
3. Why We Collect It
Information is used to:
- Manage user accounts and authentication
- Create and manage projects, including client portal access
- Collect and organise documents from clients via the portal
- Run NCC 2022 compliance evaluations
- Extract structured data from uploaded PDFs using AI
- Generate compliance reports, audit summaries, and RFI packs
- Track plan usage and entitlements
- Send email notifications (client invitations, document status, report delivery)
- Improve the product via analytics
4. Cookies
ClauseLogic uses cookies for authentication, analytics, and session management.
- Authentication cookies (Supabase) — required for login sessions
- Analytics cookies (PostHog) — used to understand how users interact with the platform
5. Third-Party Services
| Service | Purpose | Data Sent | Location |
|---|---|---|---|
| Supabase | Database, storage, authentication | Account data, project data, uploaded files | Sydney |
| Anthropic | AI document extraction | Uploaded PDFs (BCA reports, NatHERS certificates, BASIX certificates, architectural plans, specifications) | United States |
| PostHog | Analytics + session replay | Behaviour data | EU (Frankfurt) |
| Google Maps | Address autocomplete | Partial address text | United States |
| Vercel | Hosting & CDN | Request logs | Global |
| Gmail SMTP | Transactional email | Recipient email, notification content | United States |
6. Cross-Border Data Transfers
Some services used by ClauseLogic process data outside Australia.
This includes processing in the United States and European Union.
By using ClauseLogic you consent to your data being transferred to and processed in these jurisdictions.
7. Client Portal Data
When a user shares a project portal link with a client:
- The client can view the project name and the list of documents requested by the user
- Documents uploaded by the client are stored in the project and visible to the user
- Client email addresses may be used to send document status notifications
- Portal access does not require a ClauseLogic account
Users are responsible for informing their clients about how uploaded documents will be stored and processed.
8. Session Recordings
ClauseLogic uses PostHog session replay which may record:
- Mouse movements
- Clicks
- Scroll behaviour
- Form interactions
Recordings are used for product improvement and troubleshooting.
Passwords are not recorded.
Users may request to opt out by contacting support.
9. Uploaded Documents
Uploaded documents (BCA reports, NatHERS certificates, BASIX certificates, architectural plans, specifications, and other project files):
- May be processed by Anthropic's API for data extraction when the user requests it
- Are stored securely in Supabase (Sydney)
- Are accessible to the project owner and via the client portal link
Documents are not used to train AI models.
10. Data Security
Data transmitted to ClauseLogic is encrypted in transit using TLS and stored encrypted at rest.
Access to stored data is restricted to authorised Omiga personnel.
Uploaded files are stored in private buckets accessible only via signed URLs with short expiry times.
11. Data Retention
| Data | Retention |
|---|---|
| Account data | Retained while account is active; deleted 12 months after deactivation |
| Project data | Retained while account is active; deleted with account |
| Uploaded documents | Retained while project exists; deleted when project is deleted |
| Access requests | Until deletion requested |
| Analytics data | Up to 12 months per PostHog retention policy |
12. Your Rights
Under the Privacy Act 1988, you may:
- Access your personal information
- Correct inaccurate information
- Request deletion of your account and data
- Lodge a complaint with the OAIC
13. Contact
Omiga Pty Ltd (ACN 660 367 288)
Email: support@clauselogic.com.au