Legal
Privacy Policy
Effective 12 July 2026 - Version 2026-07-12
What we collect
We may collect account and workspace details; organisation settings; connected-service identifiers, scopes and encrypted credentials; documents, emails, attachments, calendar information and other content you choose to process; drafts, approvals and execution records; support messages; device, IP, usage, error and security logs; and referral or campaign information when analytics is enabled. Customer Data may include information about employees, customers and suppliers. We do not sell personal information or Customer Data.
How we collect and use information
We collect information from you, authorised workspace users, connected services at your direction, service logs and support interactions. We use it to manage accounts, ingest approved sources, prepare reviewable drafts and proposed workflows, run approved actions, maintain audit records, operate integrations, secure and support NotchPath, improve reliability, understand website performance when enabled, and meet legal obligations.
Launch countries and eligibility
Public POC signup is currently available to business users who declare that their primary operating country is Australia or the United States. We record the selected country and acceptance time to administer launch eligibility. Users operating elsewhere are asked to contact us for country-specific review. We do not rely on IP geolocation as the sole eligibility check.
Google Workspace data
If you connect Gmail, Google Drive or Google Calendar, NotchPath accesses only the account information and content covered by the permissions shown during authorisation. It is used only for visible features you request, such as importing selected knowledge, drafting and reviewing replies, checking availability, preparing approved actions and keeping execution records. It is not used for advertising or to train general-purpose AI models.
NotchPath's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
You can revoke access in your Google Account. Revoking stops future retrieval but does not delete information already imported into NotchPath; contact us to request its deletion.
AI processing
NotchPath may send the minimum relevant portions of Customer Data to contracted AI providers for requested classification, extraction, drafting and validation tasks. We do not use Customer Data to train general-purpose AI models and do not permit contracted AI providers to use it for that purpose. AI output may be stored with review and audit context.
Service providers and overseas processing
Infrastructure, database, authentication, encrypted credential storage, AI, analytics, communications and connected-service providers process information only as needed to operate NotchPath. Processing may occur in Australia, the United States and other countries where those providers operate. We use reasonable contractual and technical safeguards and can provide current POC processing-location details on request.
Security, retention and deletion
We use access controls, encrypted transport, restricted service credentials, encrypted connector credentials, audit records and managed cloud infrastructure. No internet service can guarantee absolute security. We retain information while needed to operate and secure the workspace, provide support and meet legal obligations. After a verified deletion request, we delete or de-identify in-scope data from active systems without unreasonable delay; limited residual copies may remain through normal backup cycles or required legal, security and dispute periods.
Analytics and local storage
When configured, Google Analytics may use cookies and receive device, interaction and approximate-location information. We may store limited campaign attribution in browser local storage. This information is used to understand website and campaign performance, not for behavioural advertising. You can restrict cookies using your browser.
Access, correction and deletion
You may request access to or correction of your personal information, integration disconnection, or deletion of your account and imported data. NotchPath does not provide a general workspace-data export during the POC. Where required for data obtained through Google APIs, we will provide or enable a portable copy of equivalent Google-sourced data in accordance with Google's API terms and applicable law. Account deletion is handled manually during the POC. We verify identity and workspace authority, disconnect relevant integrations, remove in-scope active data without unreasonable delay and confirm the outcome.
United States privacy choices
United States users may ask to know, access, correct, export or delete personal information associated with their account and may appeal a refusal by replying to our response. We do not sell personal information or share it for cross-context behavioural or targeted advertising, and we will not discriminate against a user for making a privacy request. Additional rights and exceptions may apply under state law.
Contact and complaints
Use our privacy and data request form and identify the workspace and request type. We will acknowledge privacy complaints, investigate and respond within a reasonable period. If the Australian Privacy Act applies and you are not satisfied, you may contact the Office of the Australian Information Commissioner.
Changes
We will update this policy when our information-handling practices materially change. We will publish the new effective date and provide notice or seek new consent before using connected data for a materially different purpose where required.