Privacy Policy

This Privacy Policy explains how Demiton Pty Ltd ("we," "us," or "our") collects, uses, and protects information when you use the Demiton memory layer for Australian civil construction. Demiton structures your workforce, project, financial, and operational data so you can query it through Claude or ChatGPT.

We operate as a Data Processor; you (the Customer) retain the role of Data Controller for all data you bring into the platform. This policy is written in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

We collect data in two ways: data you actively provide, and data we receive from your connected systems via our adapter layer.

Identity & Account Data

• Name, email address, and organisational role of authorised platform users.
• Microsoft Entra ID identity tokens used for authentication (OAuth 2.0 / OIDC). We store an immutable object identifier (OID) and tenant identifier, not passwords.
• Multi-factor authentication status and session metadata.

Workforce & HR Data

• Worker names, roles, employment status, and skill records sourced from connected workforce management systems (e.g., Assignar).
• Timesheet entries, leave requests, and payroll data sourced from connected payroll systems (e.g., KeyPay).
• Induction and qualification records required for site access compliance.

Project & Financial Data

• Project financial records, cost codes, budgets, and variance data sourced from connected ERP systems (e.g., Microsoft Dynamics 365 Business Central).
• Scheduling, allocation, and resource-demand data from connected project management systems.
• Vendor profiles, procurement history, and purchase order data.
• Estimating and opportunity data where connected.

Infrastructure Credentials

• API keys, OAuth tokens, and connection credentials required to authenticate with your connected systems. These are encrypted at rest using AES-256 and are never logged in plaintext (Ghost Protocol).

AI Interaction & Memory Data

• Prompts and responses generated within the AI Studio interface. These may be retained as Memory Records to provide contextual continuity across sessions.
• Memory records are scoped to your organisation and are never shared with other customers.

Telemetry

• Technical logs covering API performance, workflow execution outcomes, adapter connectivity, and system health. Telemetry does not include the content of financial payloads.
• Analytics events (page views, feature interactions) collected only with your explicit consent via our cookie banner, in accordance with the Australian Privacy Act 2026.

We use your data solely to provide, maintain, and improve the Service:

• Workflow Execution: To run workflows that fetch, transform, and deliver data between your connected systems at your direction.
• AI Orchestration: To provide contextually aware responses in the AI Studio by grounding prompts with data from your connected systems.
• Audit & Governance: To maintain an immutable, append-only audit trail of all workflow executions and data movements for your internal compliance.
• Memory & Continuity: To persist business-object-bound memory records that allow the AI layer to retain context across sessions within your organisation.
• Support & Diagnostics: To diagnose connectivity issues, workflow failures, and adapter errors with your connected systems.
• Billing: To calculate usage, process subscription payments, and generate invoices.

We do not use your data to train public AI models, benchmark our platform against your competitors, or derive insights for sale to third parties.

We do not sell your personal information or Customer Data. We share information only in the following operational contexts:

Your Connected Systems

At your explicit direction, Demiton transmits data to and from the external systems you connect (ERP, payroll, workforce management, document storage, etc.). You control which systems are connected and what workflows operate against them.

Implementation Partners

If you are onboarded or supported by a certified Demiton implementation partner, they may have access to your configuration and workflow logs to provide that support. Partners are bound by confidentiality obligations equivalent to those in your Master Services Agreement.

Sub-processors

We engage the following sub-processors to operate the platform. All are contractually bound to process data only on our instructions and to appropriate security standards:

Customer operational data (workforce, project, financial) is processed exclusively within Australia East (Sydney) and does not transit to sub-processors outside Australia except for Stripe (billing metadata only, no operational payload) and error/tracing sub-processors (sanitised stack traces only - no financial or workforce payload content).

Customers on the Enterprise plan may optionally participate in anonymised industry benchmarking. This feature is strictly opt-in and requires explicit written consent before activation.

• What is shared: Anonymised, aggregated performance metrics (e.g., cost-per-unit benchmarks). No personally identifiable information, worker records, or project-level financials are included in the pool.
• Consent: You must actively complete the benchmarking consent flow within the platform, which captures your consent timestamp and nominated data-sharing jurisdiction. This cannot be enabled by Demiton on your behalf.
• Withdrawal: Consent may be withdrawn at any time by contacting privacy@demiton.io. Withdrawal takes effect within 30 days and applies to future pooling cycles; previously contributed aggregate data cannot be retroactively removed from historical benchmarks.
• Audit rights: Participating customers may request a written summary of what anonymised data has been contributed to the pool in the preceding 12 months.

Customers who do not opt in are not affected by this feature. The Public, Insights, and Connected tiers do not participate in data pooling.

We implement a defence-in-depth security architecture designed for operational data in critical infrastructure:

• Encryption at rest: AES-256 for all stored data, including credentials and workflow payloads.
• Encryption in transit: TLS 1.3 for all API and web traffic; SFTP / FTPS for file-based adapter transports; RSA-4096 for external key exchanges.
• Ghost Protocol: Sensitive credential payloads exist in memory only during execution and are never written to disk in plaintext or included in logs.
• Identity-first access: Every workflow action is bound to an authenticated user or system identity. Audit trails record the identity alongside every execution event.
• Just-in-Time (JIT) access: Internal Demiton staff access to production infrastructure requires JIT approval and MFA. No standing access to customer data.
• Simulation before production: All write-capable adapters support a dry-run mode. Workflows can be validated without committing changes to connected systems.
• Append-only audit trails: Workflow execution and data movement logs are immutable and retained for a minimum of seven years.

This residency commitment aligns with APRA CPG 235 guidelines for operational data held by entities in the financial services supply chain, and with the Australian Privacy Principles under the Privacy Act 1988.

Customers requiring a multi-region deployment (e.g., for disaster recovery in a nominated jurisdiction) must configure this explicitly and accept an updated Data Processing Agreement (DPA) that reflects the extended residency scope.

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

• Access: Request a copy of personal information we hold about you (Data Subject Access Request - DSAR).
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of personal information where we have no lawful basis for continued retention, subject to our seven-year audit retention obligation.
• Objection: Object to processing of your personal information for purposes beyond those required to deliver the Service.
• Data portability: Request an export of your organisation's data in a machine-readable format.
• Withdraw consent: Withdraw consent for optional data processing (analytics, Enterprise benchmarking) at any time without affecting your access to the Service.

To exercise any of these rights, contact us at privacy@demiton.io. We will respond within 30 days. Where a request is complex or numerous, we may extend this period by a further 60 days with written notice.

For privacy inquiries, Data Subject Access Requests (DSAR), Enterprise benchmarking audit requests, or to report a security concern, contact our Data Protection Officer:

Email: privacy@demiton.io
Address: Demiton Pty Ltd, Brisbane, QLD, Australia.

This policy was last updated on 8 May 2026. Material changes will be communicated to account holders by email at least 30 days before taking effect. The previous version (effective 12 December 2025) is available on request.