AI Resource Generator ("we", "us", "our") is committed to protecting the privacy of individuals who use our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
1. Information We Collect
1.1 Information you provide
- Account information: Name, email address, password (encrypted)
- Organisation details: RTO name, RTO number, CRICOS code, ABN, address, phone, website
- Branding assets: Organisation logo, brand colours, tagline
- Payment information: Processed securely by Stripe. We do not store credit card numbers.
1.2 Information collected automatically
- IP address and browser type
- Pages visited and actions taken within the platform
- Generation history (unit codes, document types, timestamps)
- Login timestamps and session data
1.3 Information from third parties
- training.gov.au: Unit competency data, qualification details, and packaging rules sourced from the Australian Government's national register
- Stripe: Payment confirmation and transaction status
2. How We Use Your Information
We use personal information for the following purposes:
- Providing and operating the AI Resource Generator platform
- Generating branded training resource documents with your organisation details
- Processing payments and managing credit balances
- Sending transactional emails (welcome, purchase confirmations, password resets)
- Providing customer support
- Improving the platform and fixing issues
- Complying with legal obligations
3. AI-Generated Content
Our platform uses artificial intelligence to generate training resource documents. When you use our generation features:
- Your organisation details (RTO name, number, logo, colours) are embedded into generated documents
- Unit competency data from training.gov.au is sent to one or more third-party large language model (LLM) services for content generation
- Course context (industry, job roles) you provide is used to tailor generated content
- Generated content is stored temporarily to enable the two-step generation process
- We do not use your generated content to train AI models
4. Third-Party Services
We share limited personal information with the following service providers:
- Large Language Model (LLM) and Generative AI Services: We use one or more third-party large language model and generative AI services to produce document content. The specific model or models used at any given time may include, without limitation, services and models offered by providers such as Anthropic (including Claude family models), OpenAI (including GPT family models), Google (including Gemini family models), xAI (including Grok family models), Mistral AI, Meta (including Llama family models), Cohere, Microsoft Azure OpenAI Service, Amazon Bedrock, Perplexity, DeepSeek, or other comparable third-party AI services. We reserve the right to add, remove, swap, or route between these models and providers at any time without prior notice as we evaluate quality, cost, latency, availability, and reliability. We send only the unit competency data, the course context you select, and any optional content you supply for generation. We do not send your authentication credentials, payment details, branding assets, or learner records to any LLM or AI service. Where available, we use enterprise API endpoints with contractual terms that prohibit the use of your content to train, fine-tune, or improve models, and we do not opt in to any data-retention or model-improvement programs that would use your content for training. By using the service, you consent to the processing of unit competency data and the optional context you supply by these third-party AI services for the sole purpose of generating your training resources.
- Stripe (Payment Processor): Receives email and organisation name for payment processing. Subject to Stripe's Privacy Policy. PCI DSS compliant.
- MongoDB Atlas (Database): Stores account and organisation data on encrypted cloud infrastructure. Data is stored in the Asia-Pacific region.
- Resend (Email): Receives email addresses for transactional email delivery.
5. Data Security
We implement appropriate technical and organisational measures to protect your personal information:
- Passwords are hashed using bcrypt with a cost factor of 12
- All data transmitted over HTTPS/TLS encryption
- JWT-based authentication with secure token handling
- Role-based access controls (super admin, org admin, user)
- Rate limiting on authentication and API endpoints
- Input validation and sanitisation to prevent injection attacks
- Audit logging of administrative actions
- Regular security updates and dependency monitoring
6. Data Retention
- Account data: Retained while your account is active. Deleted upon request or account closure.
- Generated content: Stored for the duration necessary to complete the generation process. Historical records of generation activity are retained.
- Transaction records: Retained for 7 years as required by Australian tax law.
- Audit logs: Retained for 2 years for security and compliance purposes.
- Server logs: Retained for 90 days, then automatically rotated.
7. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access your personal information held by us
- Correct inaccurate or outdated personal information
- Request deletion of your personal information (subject to legal retention requirements)
- Withdraw consent for marketing communications at any time
- Lodge a complaint about our handling of your personal information
To exercise any of these rights, contact us at privacy@airesourcegenerator.com.au
8. International Data Transfers
Some of our third-party service providers operate outside of Australia. When your data is transferred internationally, we ensure appropriate safeguards are in place, including contractual obligations for data protection consistent with Australian privacy standards.
9. Children's Privacy
Our platform is designed for use by adult professionals within Registered Training Organisations. We do not knowingly collect personal information from individuals under 18 years of age.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.
11. Complaints
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint by contacting us at privacy@airesourcegenerator.com.au. We will:
- Acknowledge your complaint within 2 business days
- Investigate and respond within 30 days
- If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
12. Contact Us
For any privacy-related inquiries:
AI Resource Generator
ABN: 57 467 878 621
Email: privacy@airesourcegenerator.com.au
Website: airesourcegenerator.com.au