Skip to content
Inferis
Log inSign up

Privacy Policy

Last updated: 12 May 2026

Active region: Asia Pacific (Sydney)

This policy applies to firms hosted in Asia Pacific. The Inferis platform serves customers in multiple regions — your firm's region is set at firm creation and cannot be changed without a support-led migration.

1. Introduction

Inferis (“we”, “us”) is committed to protecting your privacy. This policy describes how we collect, use, store, and protect your personal information. For firms hosted in our Asia Pacific region, processing is performed in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

Account Information

  • Name and email address (provided during registration)
  • Organisation name and job title
  • Authentication credentials (managed by Firebase Authentication)

Documents & Content

  • Files you upload to your vault (PDFs, DOCX, XLSX, and other document formats)
  • Text extracted from uploaded documents for indexing and search
  • Queries you submit and AI-generated responses

Usage Data

  • Browser type, device information, and IP address
  • Feature usage patterns and session information
  • Error logs and performance data

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Index and search your uploaded documents
  • Generate AI-powered answers to your queries
  • Manage your account and provide customer support
  • Send important service notifications (e.g., security alerts, terms updates)
  • Monitor and prevent abuse or security threats

4. AI & Model Training

We do not train AI models on your data. Ever.

Your uploaded documents, extracted text, queries, and AI-generated responses are never used to train, fine-tune, retrain, or otherwise improve any artificial intelligence or machine learning model — by Inferis or by our AI providers.

AI inference in Inferis is delivered via Google Vertex AI (Gemini), governed by Google Cloud's enterprise Data Processing Addendum. Under those terms, Google explicitly commits that data submitted to the Vertex AI API is not used to train or improve Google's models.

This commitment covers everything you put into Inferis:

  • Documents uploaded to your vault
  • Text extracted from those documents for indexing and search
  • Queries you submit
  • AI-generated responses

Your content is used solely to deliver the Service to you and your organisation. Nothing else.

5. Data Residency & Storage

Your firm's data is stored in Asia Pacific. The active data centre is australia-southeast1 (Sydney). Firestore (database) is hosted in australia-southeast1 (Sydney). Customer documents are stored in Australia and never leave Australian infrastructure.

AI inference for query answering runs in us-central1 (Iowa, USA) where the required Gemini model versions are available. Only the text of your query and relevant document excerpts are sent to the AI model. Your original files remain in Asia Pacific.

As an Australian customer, you are protected by the Australian Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). Your supervisory authority is the Office of the Australian Information Commissioner (OAIC).

We use the following cloud services across both regions:

  • Firebase Authentication: identity and access management (global)
  • Cloud Firestore: metadata, indexes, and application data (region-resident)
  • Cloud Storage: raw document file storage (region-resident)
  • Cloud Functions: server-side processing and document ingestion (region-resident)
  • Vertex AI: model inference for query answering (region-paired)

6. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

  • Service providers: Enterprise cloud platform for hosting and infrastructure
  • Legal requirements: When required by Australian law, regulation, or legal process
  • Safety: To protect the rights, property, or safety of Inferis, our users, or the public
  • Firm members: Within your organisation, documents and queries may be visible to other members of your firm as configured by your firm administrator

7. Sub-processors

We use the following third-party sub-processors to deliver the Service. Each operates under its own privacy terms and data processing agreements:

ProviderPurposeLocation
Google Cloud / FirebaseHosting, authentication, database, storage, cloud functionsSydney, AU (AU firms) / Frankfurt + Belgium (EU firms)
Google Vertex AI (Gemini)AI model inference and embedding generation for document queriesUS (us-central1) for AU firms / Belgium (europe-west4) for EU firms
StripePayment processing and subscription managementUS / Global
SentryApplication error monitoring (errors only — no document content). Sent only after explicit consent in supported regions.US
ipapi.coIP-based country detection at signup, used to recommend the correct data region. IP address only, processed once, not stored.US
BetterStackPublic uptime status page (no customer data; aggregated availability checks only)US / Global
Google AnalyticsAggregated usage analytics. Loaded only after explicit consent in supported regions.US / Global

Your original documents stay in your firm's designated region — Sydney, Australia for AU firms or Frankfurt + Belgium (eur3) for EU firms. Only query text and relevant excerpts are sent to AI inference endpoints in the same region group as your data.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Firebase Authentication with secure session management
  • Role-based access controls at the application and database level
  • Firestore security rules enforcing per-user and per-firm data isolation
  • Regular security monitoring via enterprise cloud infrastructure

9. Data Retention

Your data is retained for as long as your account is active. Upon account deletion:

  • Your uploaded documents are permanently deleted within 30 days
  • Your account information and metadata are removed
  • Aggregated, anonymised analytics data may be retained

10. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Complain about a breach of the APPs

To exercise any of these rights, contact us at admin@inferis.ai.

11. Cookies & Tracking

Inferis uses essential cookies for authentication and session management. We do not use third-party advertising trackers or sell browsing data. Analytics data is collected in aggregate to improve the Service.

12. Automated Decision-Making

Inferis uses artificial intelligence to generate responses to your queries based on your uploaded documents and general knowledge. These AI-generated outputs are informational only and do not constitute professional advice.

No automated decisions with legal or significant effect are made about you by the Service. AI responses are provided as a productivity tool to assist your own analysis and decision-making. You should always verify AI-generated content independently before relying on it for professional, legal, or financial purposes.

Under the Privacy Act 1988 (as amended), you have the right to request meaningful information about the logic involved in automated processing that affects you. Contact us at admin@inferis.ai for enquiries.

13. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email and update the “Last updated” date above.

15. Contact

For privacy-related enquiries or complaints, contact our Privacy Officer at admin@inferis.ai.

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.