Privacy Policy

Last updated: March 2026

Your privacy matters to us. Learn how we collect, use, and protect your information when you use our regulatory compliance platform.

Our Privacy Commitment

AuditDSS is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also respect the rights of individuals under the GDPR, CCPA, and other applicable international privacy regulations. We treat your business information with the highest level of care and confidentiality.

No Data Selling

We never sell your personal or business information to third parties.

Encrypted & Secure

All data encrypted in transit (TLS 1.3) and at rest (AES-256).

Your Control

Access, correct, or delete your data at any time.

1. About Us

AuditDSS is a product name and brand of QuestFeed Pty Ltd. It is not a separately registered business or trademark. This privacy policy is issued by, and all data protection obligations are held by:

Company Name

QuestFeed Pty Ltd

ABN

58 632 013 855

Entity Type

Australian Private Company

Location

Queensland, Australia

2. Information We Collect

Information You Provide

Account Information

Email address, name, company name, password

Compliance Documents

AML/CTF programs, policies, and procedures you upload for assessment

Payment Information

Billing details processed securely via Stripe

Communication

Messages, support requests, and feedback you send us

Automatically Collected During Assessment

Assessment Results

Compliance gap analysis, obligation coverage scores, risk ratings, and remediation guidance generated by our platform

Document Metadata

File type, size, page count, and structural features extracted during document processing

Usage Analytics

How you interact with the platform — pages visited, features used, assessment frequency — to improve our service

Important: Your uploaded documents are processed for compliance analysis only. We do not share, sell, or use your documents for any other purpose. Documents are stored encrypted and can be deleted at any time via your account settings.

3. How We Use Your Information

  • Perform compliance assessments on documents you upload
  • Generate gap analysis reports, risk scores, and remediation guidance
  • Map your document coverage against regulatory obligation graphs
  • Deliver assessment results, alerts, and notifications
  • Process payments and manage your subscription
  • Improve our AI models, scoring accuracy, and platform features
  • Provide customer support and respond to your inquiries
  • Comply with legal obligations and enforce our terms
  • Send service-related communications (assessment completions, regulatory updates)

4. What We Do NOT Do

We will NEVER:

  • Sell your personal or business information to third parties
  • Share your compliance documents or assessment results with your competitors
  • Use your uploaded documents for purposes other than your compliance assessment
  • Use your information for advertising without your explicit consent
  • Disclose your compliance findings to unauthorized third parties
  • Store payment card details on our servers (handled by Stripe PCI-DSS Level 1)

5. Data Security

Encryption

TLS 1.3 in transit, AES-256 at rest. All documents, assessment data, and reports encrypted end-to-end.

Access Controls

Role-based access, least-privilege principles for all internal access. Your data is isolated per tenant.

Infrastructure

AWS and Cloudflare infrastructure. Isolated processing environments. All data stored in AWS us-east-1.

Incident Response

Documented incident response procedures. Mandatory breach notification within 72 hours per GDPR/NDB scheme.

Monitoring

Continuous security monitoring and logging on all platform infrastructure.

Regular Audits

Periodic security assessments of our own infrastructure and application code.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy:

Information Type Retention Period
Assessment results & reports Duration of active subscription + 90 days after cancellation
Uploaded documents Deleted within 30 days of assessment completion (or on user request)
Account information Duration of active account + 2 years after deletion
Payment records 7 years (as required by Australian tax law)
Usage analytics 26 months (aggregated and anonymized)
Support communications 3 years from date of resolution

You may request deletion of your data at any time. We will process deletion requests within 30 days, subject to legal retention requirements.

7. Your Rights

Under the Australian Privacy Principles and applicable international regulations (including GDPR and CCPA), you have the right to:

Access

Request a copy of personal information we hold about you

Correction

Request correction of inaccurate or outdated information

Deletion

Request deletion of your personal information ("right to be forgotten")

Data Portability

Receive your data in a structured, machine-readable format

Restrict Processing

Request limitation of how we process your data

Withdraw Consent

Withdraw consent for data processing at any time

How to Exercise Your Rights

To exercise any of these rights, contact us at:

hello@auditdss.com

We will respond within 30 days. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local data protection authority.

8. Cookies and Tracking

We use cookies and similar technologies to improve your experience:

Type Purpose Required
Essential Authentication, session management, security Yes
Functional Remember your preferences and settings No
Analytics Understand usage patterns to improve our service No

You can manage cookies through your browser settings. Disabling essential cookies may affect platform functionality. We do not use advertising or tracking cookies.

9. International Data Transfers

AuditDSS operates from Australia with infrastructure in the United States. Your data may be processed in:

  • — United States (AWS infrastructure, primary data storage)
  • — Australia (company operations)
  • — Cloudflare CDN (global edge network)

Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU data transfers and compliance with the Australian Privacy Act cross-border disclosure requirements (APP 8).

10. Third-Party Services

We use the following third-party services to operate our platform:

Stripe

Payment processing (PCI-DSS Level 1 certified)

AWS

Cloud infrastructure, data storage, and serverless compute

Cloudflare

CDN, DDoS protection, and frontend hosting

Anthropic / xAI

AI models for document analysis and compliance assessment

We do not share your compliance documents or assessment results with any third-party service beyond what is necessary for document processing. AI model providers receive document text for analysis only — they do not retain or train on your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email (for registered users) or by posting a prominent notice on our platform. Your continued use of AuditDSS after changes constitutes acceptance of the updated policy.

Contact Our Privacy Team

For questions about this Privacy Policy or to exercise your privacy rights:

QuestFeed Pty Ltd

ABN: 58 632 013 855

Email: hello@auditdss.com

Web: auditdss.com

Location: Queensland, Australia

Document Version: 1.0 | Effective: March 2026