HeritageCheck AI

Legal

Privacy Policy

Last updated: 16 April 2026

Jilinya Pty Ltd(“we”, “us”) operates HeritageCheck AI and takes your privacy seriously. This policy explains what personal information we collect, why we collect it, and how we handle it under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

1. Information We Collect

Account information — name, email, organisation, role, and password (stored hashed).

Heritage check data — the addresses, coordinates, tenements, and lot numbers you submit for analysis.

Uploaded documents — heritage surveys, management plans, and consultation records you upload for Document Review (Professional tier).

Usage data — pages visited, features used, approximate location (from IP), device and browser type.

Billing data — handled by our payment processor (Stripe); we never store your full card number.

2. How We Use Your Information

  • Provide heritage compliance checks, alerts, and due diligence records.
  • Maintain your account, authenticate access, and process payments.
  • Improve our AI models (only with anonymised, aggregated data unless you opt in).
  • Send service notifications and, with consent, marketing updates.
  • Meet our legal obligations, including record-keeping for audit trails.

3. Aboriginal Heritage Sensitivity

We recognise the cultural significance of heritage site data. We do not publish, sell, or disclose specific site coordinates to any third party. Location data you submit is processed in memory and used only to return a compliance assessment to you. Aggregated, non-identifying statistics may be used internally to improve accuracy.

4. Data Sharing

We share personal information only with:

  • Infrastructure providers hosting our servers and databases (Supabase, AWS — Sydney region).
  • AI providers who process your queries (Anthropic, OpenAI) under strict data-processing agreements; inputs are not used to train third-party models.
  • Stripe for payment processing.
  • Regulatory authorities where legally compelled.

5. Data Storage and Security

Your data is stored in Australia (AWS Sydney ap-southeast-2). We encrypt data in transit (TLS 1.3) and at rest (AES-256). Access is restricted via role-based permissions and multi-factor authentication for staff.

6. Data Retention

We retain heritage check results and DD records for as long as your account is active, plus 7 years — this aligns with typical audit-trail requirements under the AHA 1972. You can delete your account at any time from Settings; deletion is permanent after a 30-day recovery window.

7. Your Rights

Under the Australian Privacy Principles you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion (subject to legal retention requirements).
  • Opt out of marketing communications at any time.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

8. Cookies

We use essential cookies for authentication and session management, and privacy-preserving analytics cookies (Plausible). We do not use third-party advertising cookies.

9. Children

HeritageCheck AI is not intended for users under 16. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this policy to reflect legal or operational changes. Material changes will be announced via email at least 14 days before taking effect.

11. Contact Us

For privacy questions or access requests, email our Privacy Officer at hello@heritagecheck.ai or write to Jilinya Pty Ltd, Perth, Western Australia.