AskLoreSign in

Effective 13 April 2026

Privacy Policy

AskLore is operated by JD Technology Services Pty Ltd(ABN 32 682 813 305), a company incorporated in Victoria, Australia (“we”, “us”, “our”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use AskLore (“the Service”).

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). As a Victorian company we also recognise obligations under the Health Records Act 2001 (Vic) where applicable to our operations.

For any questions about this policy, contact us at privacy@asklore.com.au.

1. Who This Policy Covers

This policy applies to two types of people:

  • Account owners and team members: Businesses and individuals who create an AskLore account to build and manage a knowledge base. This is the primary audience for this policy.
  • Staff users:Employees or contractors of account owners who interact with an AskLore chat bot at chat.asklore.com.au. Staff do not create AskLore accounts. Their data is collected as part of providing the Service to account owners. Section 10 (Staff Data) explains how their information is handled.

2. Information We Collect

2.1 Account and business information

When you create an AskLore account, we collect:

  • Your email address
  • Your name (if provided via Google or Microsoft Sign-In)
  • Business name, industry, location, and team size (provided during onboarding)
  • Phone number (required — provided during onboarding)
  • ABN (optional — provided during onboarding; synced to your Stripe customer record so it appears on your tax invoices)

2.2 Knowledge base content

AskLore stores the documents, procedures, SOPs, quick answers, and other content you upload or create within the Service (“Knowledge Base Content”). This content is processed — split into text chunks and converted into vector embeddings — to generate answers to staff questions. You are responsible for ensuring you have the right to upload and process any content you add to AskLore.

2.3 Recording and video content

If you add video or audio recordings to your knowledge base — via uploaded files (.mp4, .mov, .mp3, .m4a) or via external links (YouTube, Loom, Vimeo, or similar platforms) — we process that content as follows:

  • Audio is extracted and sent to OpenAI for transcription via the Whisper model
  • For video files and links, visual frames are extracted (approximately one per 30 seconds) and described by a Claude AI model (Haiku)
  • The resulting transcript and visual descriptions are stored in your knowledge base as indexed knowledge sources; the original downloaded file is not retained after processing

2.4 Cloud integration content

If you connect a cloud storage service (Microsoft OneDrive, Microsoft SharePoint, or Google Drive), AskLore will periodically retrieve files from the folders you select and process them into your knowledge base. Only extracted text, chunks, and vector embeddings are retained in our systems; original files are not independently stored.

OAuth access tokens for cloud integrations are encrypted using AES-256-CBC before being stored in our database and are used solely to access the services you have authorised.

2.5 Staff interaction data

When staff use your AskLore chat bot, we record:

  • The questions staff ask and the answers Lore generates
  • The confidence level of each answer and any source documents referenced
  • Feedback submitted by staff (thumbs up/down, and reason text for negative feedback)
  • Session timestamp

Staff are not required to provide any personal information to use the chat interface. If a staff member voluntarily provides their name to personalise their session, that name is stored with the session data and is visible to account owners and administrators in your workspace. No staff email address or other identifying contact information is collected unless you explicitly include it in your Knowledge Base Content.

2.6 Billing and subscription data

We retain billing records including your subscription plan, invoice amounts, billing dates, and overage usage. Payment card details are stored and processed by Stripe; we do not store card numbers. Your ABN (if provided) is stored on your Stripe customer record.

2.7 Product usage analytics

We collect anonymous visitor data on our marketing website (getlore.com.au) and usage data on the owner portal (asklore.com.au) using Umami analytics, which we self-host on Australian infrastructure at analytics.asklore.com.au.

On the marketing website, we record page views, referrer sources, browser type, and country. No personal information is collected and no cookies are set without consent. This data is fully anonymous.

On the owner portal, we record pages visited and features used by account owners. This data is linked to your session and is used to understand how the Service is being used so we can improve it. It is not shared with third parties or used for advertising.

2.8 Technical and operational data

We collect standard server logs including IP addresses, browser type, and request timestamps for security monitoring, debugging, and abuse prevention. These logs are not used for behavioural profiling.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the AskLore Service
  • Generate AI-powered answers to your staff's questions using your Knowledge Base Content
  • Process payments, manage your subscription, and issue tax invoices including ABN matching
  • Send transactional communications — account setup, billing receipts, usage alerts (80%/100% question limits), trial reminders, cancellation notices, and notifications about your knowledge base. These communications are essential to your account and cannot be unsubscribed from.
  • Send optional digest emails and product updates. You can opt out at any time by contacting us at privacy@asklore.com.au.
  • Identify knowledge gaps in your knowledge base and alert you to them
  • Comply with our legal obligations
  • Investigate and respond to security incidents or abuse reports

We do not sell your personal information to third parties. We do not use your personal information or Knowledge Base Content for advertising purposes.

4. Third-Party Service Providers

We use the following third-party services to operate AskLore. Each provider processes data only to the extent necessary to deliver the service described.

ProviderPurposeData handledLocation
Supabase Inc.Database, file storage, and authenticationAll account data, Knowledge Base Content, staff interaction dataSydney, Australia (ap-southeast-2)
BinaryLaneApplication server and background worker hostingAll data processed by the applicationAustralia
Stripe, Inc.Payment processing and subscription billingEmail address, business name, ABN, payment card details, billing historyUnited States
Anthropic, PBCAI language models (Claude) — generates answers to staff questions, extracts and describes content from PDF documents and images, describes video frames, generates SOPs and gap analysisKnowledge Base Content, staff questions, document images, video framesUnited States
OpenAI, LLCVector embeddings for semantic search (text-embedding-3-large); audio transcription of uploaded recordings and linked video content (Whisper)Knowledge Base Content, audio extracted from recordings and videoUnited States
Resend, Inc.Transactional email deliveryYour email address, name, and email contentUnited States
Umami (self-hosted)Analytics — anonymous visitor data on getlore.com.au; owner portal usage patterns on asklore.com.auAnonymous page view data (marketing site); pages visited and features used (owner portal)Australia (analytics.asklore.com.au)
Google LLC(1) Optional OAuth sign-in via Google account;
(2) Enterprise plan only: Google Drive file sync — retrieves file content from folders you select in Google Drive		Email address (sign-in); file content from selected Google Drive foldersUnited States
Microsoft Corporation(1) Optional OAuth sign-in via Microsoft account;
(2) Business and Enterprise plans: OneDrive file sync — retrieves file content from folders you select in OneDrive;
(3) Enterprise plan only:SharePoint file sync — retrieves file content from document libraries you select, using application-level permissions (see Section 5.3)		Email address (sign-in); file content from selected OneDrive and SharePoint folders; Microsoft 365 tenant access tokens (encrypted)United States

5. Cloud Integration Data

5.1 What we access

When you connect a cloud integration, you explicitly select the folders or drives you want to sync. AskLore only retrieves files from those selected locations. We do not browse, index, or access any other content in your cloud storage.

5.2 How we process cloud files

Files retrieved from cloud integrations are processed in-memory. We extract text content, split it into retrieval chunks, and generate vector embeddings. Only the extracted chunks and embeddings are stored in your Supabase knowledge base. Original files are not independently copied to our storage.

5.3 Microsoft SharePoint — Application permissions

SharePoint integration uses Microsoft Application (service-to-service) permissions that require a one-time consent from your Microsoft 365 Global Administrator. This consent grants AskLore read access to all SharePoint sites and files within your Microsoft 365 tenant (permission scopes: Sites.Read.All and Files.Read.All). Despite this broad scope, AskLore only retrieves content from the specific document libraries and folders you select in the integration settings. We do not access, store, or process any other content in your tenant.

If you are concerned about this permission scope, please review Microsoft's documentation on application permissions before connecting SharePoint. You may disconnect SharePoint at any time to revoke this access.

5.4 Token security

OAuth access tokens for all three integrations are encrypted using AES-256-CBC with an application-level key before being stored in our database. Tokens are never transmitted to any party other than the relevant cloud provider (Microsoft or Google).

5.5 Disconnecting an integration

You may disconnect a cloud integration at any time from your knowledge page. When you disconnect, your stored OAuth token is immediately and permanently deleted. Existing text chunks and embeddings already indexed from that integration remain in your knowledge base until you choose to delete them.

6. International Data Transfers

Several of our service providers are located outside Australia, primarily in the United States. These include Stripe (billing), Anthropic (AI answers), OpenAI (embeddings and transcription), Resend (email), Google (sign-in; Google Drive sync for Enterprise), and Microsoft (sign-in; OneDrive sync for Business/Enterprise; SharePoint sync for Enterprise).

When we disclose personal information to overseas recipients, we take reasonable steps — including reviewing their privacy and security practices and their adherence to relevant data protection standards — to ensure they handle your information consistently with the Australian Privacy Principles.

By using AskLore, you consent to your personal information and Knowledge Base Content being transferred to and processed in the United States and other jurisdictions for the purposes described in this policy.

7. AI Processing — How Your Content Is Used

Plain English summary: Your knowledge base content and staff questions are sent to Anthropic (Claude) and OpenAI to generate answers, create embeddings, and transcribe audio. Neither provider uses this data to train their AI models. Your content stays yours.

AskLore uses AI to answer staff questions, process documents, generate knowledge, and analyse gaps. Content is processed as follows:

  • Your Knowledge Base Content and the staff member's question are sent to Anthropic (Claude Sonnet) to generate an answer
  • Images embedded in PDF and Word documents are described by Claude Haiku to preserve inline context during extraction
  • Visual frames extracted from video recordings are described by Claude Haiku
  • Your Knowledge Base Content is sent to OpenAI (text-embedding-3-large) to generate vector embeddings that enable semantic search
  • Audio extracted from your video files or linked video URLs is transcribed by OpenAI Whisper

Neither Anthropic nor OpenAI trains their AI models on content processed via their APIs.Anthropic's commercial terms explicitly prohibit training on customer content. OpenAI's API policy excludes customer data from model training by default. Your content is processed solely to deliver the Service.

AI-generated answers may occasionally be inaccurate, incomplete, or misleading. You should not rely solely on Lore's answers for critical operational decisions and should periodically review the accuracy of your Knowledge Base Content.

8. AskLore Is a General Business Tool

AskLore is designed to hold operational procedures, policies, training materials, and business knowledge. It is not a medical records system, a clinical decision support tool, a legal advice system, or a financial advice platform.

We strongly recommend that you do not upload identifiable client or patient records, sensitive personal information about customers, or any data that your business is required to protect under sector-specific legislation.

If you operate in a regulated industry, you are responsible for ensuring your use of AskLore complies with the specific obligations that apply to your sector, including (without limitation):

  • HealthcarePrivacy Act 1988 (Cth) health records provisions, Health Records Act 2001 (Vic), and applicable state and territory health records legislation
  • Aged careAged Care Act 1997 (Cth) and associated quality standards
  • Childcare and education — relevant state and territory child safety and information privacy legislation
  • Disability services — NDIS Quality and Safeguarding Framework
  • Financial services — ASIC licensing requirements and applicable financial services laws

We make no representation that AskLore, on its own, satisfies any industry-specific regulatory requirement.

9. Staff Data

Staff members who use your AskLore chat bot are third parties — they have not entered into any agreement with us directly and do not have AskLore accounts.

What we collect about staff

  • Questions asked via the chat interface and the answers Lore generated
  • Confidence level of each answer and source documents referenced
  • Session timestamp
  • Optional name (if the staff member voluntarily provides it)
  • Feedback submitted — thumbs up/down and reason text for negative feedback

Who can see staff data

  • Account owners and team members (admin accounts) in your workspace can view all chat sessions, questions asked, and feedback submitted by your staff via the owner portal dashboard and analytics
  • AskLore internal staff can access this data via our admin panel for support and troubleshooting purposes (see Section 11)

Your obligations to your staff

As the account owner deploying Lore to your employees, you are responsible for:

  • Ensuring your staff are aware that their chat interactions are recorded and visible to account owners and administrators in your workspace
  • Complying with applicable workplace laws, enterprise agreements, and privacy obligations (including the Privacy Act 1988) regarding monitoring of staff communications
  • Providing any notices or disclosures required by law

How staff can exercise their privacy rights

Staff members wishing to access, correct, or request deletion of their personal information may contact us directly at privacy@asklore.com.au. We will work with the relevant account owner to facilitate the request where appropriate.

Retention

Staff interaction data is retained for as long as the relevant account is active and is deleted as part of the 90-day data purge following account cancellation (see Section 12).

10. AskLore Internal Access

AskLore internal staff may access your account data via our internal admin panel (admin.asklore.com.au) for the following purposes only:

  • Customer support and troubleshooting
  • Responding to security incidents
  • Compliance investigations

Internal access is limited to read-only viewing of knowledge sources, chat sessions, gap data, bot settings, and account information. Internal staff cannot edit or delete your Knowledge Base Content via the admin panel.

Access to the admin panel requires multi-factor authentication (TOTP) and is restricted to an approved IP address allowlist. All admin panel access events are logged in an audit trail.

11. Data Retention

11.1 Active accounts

We retain your data for as long as your account is active.

11.2 After cancellation

If you cancel your subscription, your bot goes offline at the end of your billing period. Your data — knowledge base content, chat history, staff interaction records, bot configuration, and account information — is retained securely for 90 days from the cancellation date. You will receive email notices before permanent deletion. After 90 days, all of your data is permanently and irreversibly deleted from our systems and those of our storage providers.

11.3 Early deletion

You may request early deletion of your account data at any time by contacting privacy@asklore.com.au. We will process the deletion promptly.

11.4 Legal retention obligations

Certain records are retained beyond account deletion where required by law. Billing and invoice records (plan details, amounts, dates — not Knowledge Base Content) may be retained for up to 7 years for taxation compliance purposes under Australian law.

12. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • All data in transit encrypted via TLS
  • All data at rest encrypted by our hosting providers (Supabase, BinaryLane)
  • Row-level security on all database tables — your data is strictly isolated from other customers' data at the database level
  • OAuth access tokens for cloud integrations encrypted using AES-256-CBC
  • Passwordless authentication for account owners — no passwords stored
  • Multi-factor authentication (TOTP) required for all internal staff who access the admin panel
  • Admin panel restricted to an approved IP address allowlist
  • Rate limiting on all public endpoints (chat and PIN verification) to protect against brute-force attempts
  • API keys and secrets stored as environment variables, never in source code

No security measure is perfect. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

13. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Correct personal information that is inaccurate, out of date, or incomplete
  • Request deletion of your personal information (subject to our legal retention obligations)
  • Opt out of optional marketing and digest emails by contacting us at privacy@asklore.com.au
  • Make a complaint about how we handle your personal information

To exercise any of these rights, contact us at privacy@asklore.com.au. We will respond within 30 days.

14. Cookies and Tracking

AskLore uses the following cookies:

CookiePurposeDuration
sb-* (Supabase session cookies)Maintains your authenticated login state as an account ownerSession — cleared on sign-out
lore_active_orgRecords which workspace you have selected when you manage multiple workspaces under one login1 year
asklore_inviteMaintains your team invitation through the sign-in and acceptance flowShort-lived — deleted after use
gd_oauth_stateCSRF protection during Google Drive OAuth connection~10 minutes — deleted after OAuth callback
od_oauth_stateCSRF protection during OneDrive OAuth connection~10 minutes — deleted after OAuth callback
sp_oauth_stateCSRF protection during SharePoint OAuth connection~10 minutes — deleted after OAuth callback

The Umami analytics system may set a session identifier cookie on the owner portal (asklore.com.au). No cookies are set on the marketing website (getlore.com.au) — visitor data there is collected without cookies using anonymised request data only. Umami cookies are used solely to measure portal usage patterns and are not shared with third parties or used for advertising.

We do not use advertising cookies, cross-site tracking technologies, or any cookies that track your behaviour outside of AskLore.

15. Children

AskLore is a business tool intended for use by adults operating businesses. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has provided us with personal information, contact us at privacy@asklore.com.au and we will delete it promptly.

16. Complaints

If you believe we have not handled your personal information in accordance with the Australian Privacy Principles, you may:

  1. Contact us first at privacy@asklore.com.au. We will investigate and respond within 30 days.
  2. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by updating the effective date at the top of this page. Continued use of the Service after a material change constitutes acceptance of the updated policy.

18. Contact

For any privacy-related enquiries:
JD Technology Services Pty Ltd
Email: privacy@asklore.com.au