Privacy Policy

1. Introduction

Welcome to Centred ("we," "our," or "us"). Centred is our registered trading name. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information in accordance with the Australian Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs").

This Privacy Policy explains our practices regarding the collection, use, disclosure, and management of personal information when you use our platform for hackathons, innovation challenges, and collaborative activities. By using our services, you consent to the collection, use, and disclosure of your personal information in accordance with this Privacy Policy and the Privacy Act.

If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when you:

• Create an account (name, email address, company affiliation, profile photo)
• Participate in activities, challenges, or hackathons
• Submit ideas, projects, or content through our platform
• Communicate with us or other users
• Complete surveys or provide feedback
• Register for events or activities
• Subscribe to a paid plan or make a purchase (billing name, billing address; payment card details are collected and processed directly by our payment provider, Stripe, and are not stored on our servers)
• Interact with AI-powered features (prompts, inputs, and context you provide)

2.2 Automatically Collected Information

When you use our platform, we automatically collect certain information, including:

• Device information (browser type, operating system, device identifiers)
• Usage data (pages visited, features used, time spent)
• IP address and approximate location
• Cookies and similar tracking technologies
• Log files and analytics data

2.3 Information from Third Parties

We may receive information about you from third-party services, such as authentication providers (e.g., Google, GitHub) if you choose to sign in using these services.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your registrations and manage your account
• Facilitate participation in activities, challenges, and hackathons
• Enable collaboration and communication between participants
• Display your contributions, submissions, and achievements
• Send you important updates, notifications, and communications
• Respond to your inquiries and provide customer support
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues or security threats
• Power AI-assisted features such as content generation, personas, and suggestions (see Section 7A)
• Process payments and manage billing through our payment provider
• Comply with legal obligations and enforce our terms

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Activity Organizers

When you participate in an activity, challenge, or hackathon organized by a third party, we share relevant information (such as your name, email, submissions, and contributions) with the organization running that activity. This is necessary to facilitate your participation and manage the event.

4.2 With Other Participants

Your profile information, contributions, and submissions may be visible to other participants in the same activities or teams, as required for collaboration and participation.

4.3 Service Providers

We may share information with trusted service providers who assist us in operating our platform, such as hosting providers, analytics services, email delivery services, and payment processors. These providers are contractually obligated to protect your information and use it only for specified purposes.

4.4 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or others.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure hosting infrastructure
• Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights Under Australian Privacy Law

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the following rights regarding your personal information:

• Access (APP 12): You have the right to request access to the personal information we hold about you. We will provide access within a reasonable timeframe, subject to certain exceptions permitted by law.
• Correction (APP 13): You have the right to request correction of inaccurate, incomplete, out-of-date, irrelevant, or misleading personal information. We will take reasonable steps to correct the information or, if we disagree, we will attach a statement to the information noting your request.
• Anonymity: Where lawful and practicable, you have the option to interact with us anonymously or using a pseudonym.
• Complaints: You have the right to make a complaint about how we handle your personal information. See Section 11 for details on how to make a complaint.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days (or such longer period as we agree with you) in accordance with the Privacy Act.

We may refuse access or correction in certain circumstances permitted by the Privacy Act, such as where providing access would pose a serious threat to life, health, or safety, or would unreasonably impact the privacy of others. If we refuse access or correction, we will provide you with written reasons for the refusal and information about how you may complain.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and support our platform's functionality. You can control cookies through your browser settings, though disabling cookies may limit some features of our platform.

We use the following categories of cookies:

• Strictly necessary cookies: Required for authentication, session management, and security. These cannot be disabled without preventing core platform functionality
• Functional cookies: Remember your preferences such as theme settings, language, and display options
• Analytics cookies: Help us understand how users interact with the platform so we can improve the user experience. These may be provided by third-party analytics services

Third-party cookies: Some cookies may be set by third-party services we use, such as analytics providers, payment processors, and authentication providers. These third parties have their own privacy policies governing the use of such cookies.

"Do Not Track" signals: Some web browsers transmit "Do Not Track" signals. As there is currently no industry standard for responding to these signals, we do not currently respond to them. We will update this policy if a standard is established.

7A. Artificial Intelligence and Automated Processing

Our platform uses artificial intelligence and machine learning technologies to provide certain features, including content generation, persona creation, and suggestions. When you use AI-powered features:

• Your inputs (such as prompts, context, and instructions) may be sent to third-party AI service providers for processing
• We select AI providers that maintain appropriate data security standards and contractual protections
• AI-generated outputs are not verified for accuracy and should be reviewed before use
• We do not use your personal information to train AI models without your explicit consent
• We do not use AI to make decisions that have significant legal or similarly significant effects on you without human oversight

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The following general retention periods apply:

• Account data: Retained for the duration of your account and for up to 30 days after account deletion to allow for recovery or data export requests
• Activity and submission data: Retained for as long as the organizing organization maintains the activity, plus a reasonable period for archival purposes
• Billing and transaction records: Retained for a minimum of seven (7) years as required by Australian tax law
• Usage and analytics data: Retained in identifiable form for up to twenty-four (24) months, after which it is aggregated or anonymized
• Support and communication records: Retained for up to three (3) years after resolution
• Server logs: Retained for up to ninety (90) days

When we no longer need your information, we will securely delete or anonymize it. Some information may be retained for longer periods if required for legal, regulatory, or business purposes, such as resolving disputes or complying with court orders.

9. Age Requirements and Children's Privacy

Our services are intended for individuals who are 18 years of age or older. In Australia, individuals under 18 are considered minors and may not have the legal capacity to enter into binding contracts. We do not knowingly collect personal information from individuals under 18 years of age.

If you are under 18, you must obtain parental or guardian consent before using our services. However, please note that parental consent alone may not make our Terms of Service enforceable against minors under Australian law. If you believe we have inadvertently collected information from an individual under 18, please contact us immediately, and we will take steps to delete such information.

10. Overseas Disclosure of Personal Information

We may disclose your personal information to overseas recipients, including:

• Service providers located in the United States, European Union, and other countries where our cloud hosting and technology partners operate
• Activity organizers located outside Australia when you participate in activities organized by international organizations

Before disclosing personal information to an overseas recipient, we will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information (APP 8). However, in some circumstances, we may be required to disclose information to overseas recipients, and we may not be able to take such steps. In these cases, we will comply with our obligations under APP 8.2.

By using our services, you consent to the disclosure of your personal information to overseas recipients as described in this Privacy Policy. If you do not wish for your personal information to be disclosed to overseas recipients, please contact us to discuss your options.

10A. Data Breach Notification

In accordance with Part IIIC of the Privacy Act 1988 (the Notifiable Data Breaches scheme), if we become aware of an eligible data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

• Take reasonable steps to contain the breach and assess its impact
• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals as soon as practicable, including a description of the breach, the kinds of information involved, and recommended steps to mitigate potential harm

We maintain an internal data breach response plan and conduct regular reviews of our security practices to minimize the risk of breaches.

10B. International Users

If you are accessing our services from outside Australia, please be aware that your personal information will be transferred to and processed in Australia, and potentially in other countries where our service providers operate.

Users in the European Economic Area (EEA) and United Kingdom: Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies, we process your personal data on the basis of: (a) your consent, (b) performance of a contract, (c) compliance with legal obligations, or (d) our legitimate interests (such as improving our services and ensuring platform security). In addition to the rights described in Section 6, you may also have the right to request erasure of your personal data, data portability, restriction of processing, and to object to processing. To exercise these rights, please contact us using the details in the "Contact Us" section.

11. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you have the right to make a complaint. We take privacy complaints seriously and will investigate all complaints promptly.

To make a complaint, please contact us using the details provided in the "Contact Us" section below. Please include:

• Your name and contact details
• A description of the privacy concern or breach
• Any relevant documentation or evidence
• How you would like us to resolve the matter

We will acknowledge your complaint within 7 days and aim to resolve it within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will maintain an up-to-date Privacy Policy as required by Australian Privacy Principle 1. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise your rights under the Privacy Act, please contact us: