Noezra Privacy Policy
Privacy Policy
Noesis Labs Pty Ltd, trading as Noezra, respects your privacy. This Privacy Policy explains how we collect, use, disclose, store, protect, retain, and otherwise handle personal information when you use Noezra.
| Legal entity | Noesis Labs Pty Ltd |
|---|---|
| Product | Noezra |
| Scope | Website, web application, AI study workspace, beta access, AI features, support, promotions, and related services |
| Effective date | 29 June 2026 |
| Last updated | 28 June 2026 |
| Version | 1.0.0 |
| Business location | Melbourne, Victoria, Australia |
| ABN / ACN | ABN 97 696 754 140 · ACN 696 754 140 |
| Registered address | 11 Waratah Avenue, Glenhuntly, VIC 3163 |
| Website | noezra.ai |
| Privacy contact | contact@noezra.ai |
| Support contact | contact@noezra.ai |
| Security contact | contact@noezra.ai |
| Privacy request | Available in your account settings |
| Legal notices | official@noesislabs.com.au |
| Legal notices address | 8/11 Waratah Avenue, Glenhuntly, VIC 3163 |
| Provider register | /subprocessors |
1. About this Policy
Noesis Labs Pty Ltd, trading as Noezra, respects your privacy. This Privacy Policy explains how we collect, use, disclose, store, protect, retain, and otherwise handle personal information when you use Noezra.
Noezra is an AI-powered study, research, reading, listening, note-taking, source-navigation, citation-assistance, and document workspace. In this Policy, Noezra, we, us, and our mean Noesis Labs Pty Ltd. You means the person using Noezra. Services means the Noezra website, web application, beta access, AI features, and related services that link to this Policy.
This Policy should be read together with our Terms of Service and any feature-specific notice, promotion rule, cookie notice, provider notice, or regional notice that applies to your use of Noezra.
This Policy describes our practices. It is not, by itself, consent to every processing activity described. Where consent is required, we ask for it separately at the relevant time and provide a practical way to withdraw it.
2. Privacy summary
| Topic | Noezra position |
|---|---|
| What we collect | Account information, Private Workspace Content, AI inputs and outputs, Behaviour Data, device and security information, support communications, marketing preferences, and payment-related records where applicable. |
| Why we collect it | To provide, secure, support, personalise, analyse, and improve Noezra; process AI and text-to-speech requests; communicate with users; comply with law; and protect rights and safety. |
| Private content and AI training | Private Workspace Content is not used to train AI models shared across users by default. Optional shared model improvement using private content requires a separate affirmative choice, product setting, consent flow, or written agreement. |
| AI and speech providers | Relevant content may be sent to contracted AI, speech, infrastructure, and research providers to perform the feature you request. We seek to send only what is reasonably necessary for the requested feature. |
| Analytics | Product analytics are designed to measure feature events and reliability, not the private text inside your documents, prompts, chats, notes, highlights, or uploaded files. |
| Sensitive records | Noezra is not designed for medical records, therapy notes, government identifiers, payment-card storage, biometric data, children's data, legal files, regulated research-participant data, or regulated high-risk decisions. |
| Beta age limit | Noezra global beta is intended only for users who are 18 years old or older. |
| Your controls | Depending on the feature and applicable law, you may access, correct, export, delete, object to, or restrict certain information; manage marketing and cookie choices; disconnect integrations; and manage optional AI improvement settings where offered. |
3. Scope
This Policy applies to personal information we handle when you:
- visit our website or product pages;
- join a waitlist, beta program, promotion, survey, event, or community activity;
- create or use a Noezra account;
- upload, create, process, or store documents, notes, prompts, chats, files, audio, summaries, flashcards, quizzes, citations, references, or other workspace materials;
- use AI chat, document explanation, summarisation, research discovery, citation assistance, text-to-speech, audio, search, notes, or related features;
- connect a third-party account or sign in through an authentication provider;
- contact us for support, privacy, or security assistance;
- receive service, product, or marketing communications from us;
- apply to work with us, partner with us, invest in us, or provide services to us.
This Policy does not apply to third-party websites, applications, papers, databases, payment pages, AI providers, social platforms, or other services that Noezra does not control, even where Noezra links to them or displays information from them.
If Noezra later provides enterprise, school, university, classroom, or organisation-managed accounts, a separate privacy addendum, data processing agreement, institutional agreement, administrator notice, or regional notice may also apply.
4. Our role
For ordinary individual accounts, Noesis Labs Pty Ltd generally determines why and how personal information is handled and acts as the responsible privacy entity, controller, or business where those terms apply.
Where Noezra is provided through an organisation, school, university, employer, research group, team, or enterprise customer, that organisation may determine some purposes, permissions, settings, administrator access, and retention rules. In those cases, Noezra may act as a processor or service provider for some activities, and the organisation's privacy notice may also apply.
5. Key terms
| Term | Meaning |
|---|---|
| Personal information / personal data | Information or an opinion about an identified individual or an individual who is reasonably identifiable. In some laws, this is called personal data. |
| Private Workspace Content | Content uploaded, entered, created, generated, or stored in a non-public Noezra account or workspace, including documents, document text, prompts, chats, notes, highlights, annotations, research materials, citations, summaries, quizzes, flashcards, audio-related materials, and generated outputs. |
| Behaviour Data | Information about how a user interacts with Noezra, such as features used, action sequences, timestamps, task completion, output ratings, broad file metadata, device and browser information, performance data, errors, security events, and diagnostics. Behaviour Data does not automatically include the substance of Private Workspace Content. |
| Service Processing | Processing information to provide the feature you request, such as retrieving document passages, creating embeddings, generating summaries, answering questions, or converting selected text to speech. Service Processing does not, by itself, train a model shared across users. |
| Account-Only Personalisation | Using information to adapt Noezra for your account, such as remembering preferences or recommending workflows, without using that information to improve systems shared with other users. |
| Shared Model Improvement | Using information to develop, train, fine-tune, test, evaluate, or improve an AI, machine-learning, recommendation, ranking, quality, workflow, or safety system that may benefit more than one user. |
| De-identified information | Information processed so that an individual is no longer reasonably identifiable and Noezra does not retain a reasonably available means to reconnect it to that person. |
| Pseudonymised information | Information connected to a coded, random, or indirect identifier. If it can still be reconnected to an account or person, we continue to treat it as personal information. |
6. Information we collect
6.1 Information you provide
- Account and profile information: name, username, email address, login method, authentication information, profile photo or avatar if provided, age or eligibility confirmation, account settings, preferences, and beta access status.
- Study and onboarding information: school, university, course, study level, research interests, feature preferences, survey responses, and other information you choose to provide.
- Private Workspace Content: uploaded documents, PDFs, extracted text, prompts, chat messages, notes, highlights, folders, research questions, generated summaries, flashcards, quizzes, citations, source lists, audio-related materials, and other workspace materials.
- Communications: support requests, emails, forms, survey responses, feedback, bug reports, screenshots, files you choose to send, social media handles, community usernames, product reviews, testimonials, and communications preferences.
- Marketing and promotions: marketing preferences, referral information, eligibility information, campaign participation details, reward or gift delivery information, social media post information you choose to provide, and related records.
- Payment information: if paid services are offered, billing name, billing address, email address, plan, purchase history, invoices, payment status, limited payment metadata, and tax information. We do not intend to store complete payment-card numbers directly.
6.2 Information collected automatically
- Behaviour Data and product analytics;
- IP address and approximate location derived from IP address;
- device type, browser type, operating system, language setting, time zone, and device or session identifiers;
- authentication, account, and security events;
- application diagnostics, errors, latency, crash reports, and model-performance signals;
- cookie, local storage, SDK, and similar technology identifiers;
- feature settings, preferences, and broad file metadata such as file type, size range, or page-count range.
6.3 Information from third parties
- authentication providers, such as where you use Google Sign-In or another sign-in method;
- AI, speech, hosting, analytics, security, support, and infrastructure providers acting on our behalf;
- payment processors where paid services are offered;
- connected services you authorise;
- people who invite you to a shared workspace, where sharing features exist;
- publicly available research databases, public research indexes, DOI or arXiv sources, and publication metadata services;
- social media platforms, event partners, or referral users where you interact with Noezra through those channels.
We do not intentionally collect more personal information than is reasonably necessary and proportionate for the purposes described in this Policy.
7. How we collect and hold information
We collect personal information directly from you, automatically when you use Noezra, from an organisation that administers an account, from services you connect, from service providers acting on our behalf, and from public sources used by a requested research feature.
Information may be held in Noezra databases, document storage, object storage, search or vector databases, security and audit systems, analytics systems, backup systems, and systems operated by contracted service providers.
Where practicable, you may interact with Noezra without identifying yourself, such as by browsing public webpages. An identified account may be required to store and sync workspace materials, protect account security, manage beta access, provide paid plans, process AI requests, or operate account-specific features.
You may provide information that Noezra did not request, including information inside uploaded documents. If we receive unsolicited personal information that we could not lawfully collect and are not required or authorised to retain, we may delete, redact, restrict, or de-identify it as soon as reasonably practicable.
8. How we use information
We may use personal information for the following purposes:
- create, authenticate, administer, and secure accounts and workspaces;
- provide beta access and requested Noezra features;
- process documents, prompts, chats, source materials, notes, and workspace context;
- generate AI outputs, summaries, explanations, citations, flashcards, quizzes, notes, and audio-related outputs;
- extract text, create indexes and embeddings, retrieve relevant document passages, and display source-linked workspace materials;
- save, synchronise, organise, display, and export supported workspace content;
- provide Account-Only Personalisation, such as remembering settings and recommending workflows for your account;
- analyse service use, performance, reliability, and feature quality;
- improve Noezra's product design, workflow quality, AI quality, safety, and reliability, subject to the limits in this Policy;
- provide customer support and investigate support requests;
- diagnose technical problems and debug product failures;
- detect, prevent, and respond to fraud, spam, abuse, scraping, model extraction, prompt injection, automated misuse, rights infringement, security incidents, and policy violations;
- process subscriptions, billing, invoices, and taxes if paid services are offered;
- communicate account, service, security, legal, beta, and product information;
- send marketing where permitted and consistent with your preferences;
- manage surveys, promotions, referrals, community activities, and beta rewards;
- comply with laws, respond to lawful requests, and protect legal rights;
- enforce our Terms and policies;
- establish, exercise, or defend legal claims;
- create aggregated or genuinely de-identified information.
We will not use or disclose personal information for a materially different and incompatible purpose without providing additional notice and obtaining consent where required.
9. AI features, retrieval, speech, and model improvement
9.1 AI and speech Service Processing
Noezra uses AI, retrieval, search, embedding, and speech technologies and may use contracted third-party AI, speech, infrastructure, and research providers to provide requested features. When you use an AI or text-to-speech feature, Noezra may process your prompt, selected text, selected document passages, retrieved chunks, notes, conversation context, source metadata, voice settings, account preferences, and technical metadata needed to perform the feature.
Noezra seeks to send only information reasonably necessary for the requested feature. AI, retrieval, and speech features must apply relevant account, document, and workspace permissions before information is retrieved, converted to audio, or sent to a provider.
9.2 Document retrieval and embeddings
Noezra may extract, divide, index, and create embeddings from documents so that relevant information can be searched, retrieved, and used to answer a request. Embeddings are mathematical representations that help identify content with similar meaning. Creating embeddings and retrieving passages to provide a requested feature is Service Processing, not Shared Model Improvement by itself.
Private Workspace Content is treated as account or workspace data. Retrieval and permission controls are designed to prevent unrelated accounts from accessing private uploaded content.
9.3 AI output accuracy
AI outputs may be inaccurate, incomplete, outdated, biased, misleading, non-unique, or unsuitable. Outputs may contain hallucinated statements, incorrect citations, broken links, wrong source attributions, omitted context, or reasoning errors. You should verify important information, citations, sources, and academic or professional decisions before relying on output from Noezra.
9.4 Private Workspace Content and shared AI training
Noezra does not use Private Workspace Content to train AI models shared across users by default. Accepting this Policy or our Terms of Service does not, by itself, authorise optional shared AI training on Private Workspace Content.
If Noezra later offers optional Shared Model Improvement using Private Workspace Content, the choice will be separate from account creation, ordinary service use, Behaviour Data analytics, Account-Only Personalisation, marketing, surveys, promotions, and beta participation. The notice will explain the content categories involved, the purpose, whether human review may occur, which entity develops the model, how long source information is retained, how the choice can be changed, and any limits on withdrawal after information has been incorporated into a completed model.
Noezra does not intentionally use the following for Shared Model Improvement: passwords, authentication secrets, complete payment details, government identifiers, health or other sensitive information, identifiable research-participant information, information known to relate to a child, organisation-controlled content where training is disabled, content excluded by settings, or content deleted before inclusion in an authorised training dataset.
9.5 Behaviour Data and product improvement
Noezra may use aggregated or genuinely de-identified Behaviour Data to analyse, develop, test, evaluate, and improve product and AI systems, including workflow quality, onboarding, recommendations, AI reliability, safety, error detection, and service performance.
Noezra does not use account-linked or pseudonymised Behaviour Data to train systems shared across users unless the user has enabled the applicable setting or another lawful basis is clearly explained. Declining optional Shared Model Improvement will not prevent access to ordinary Noezra features. Essential security, diagnostic, reliability, and operational processing may continue.
9.6 Human review and feedback
Noezra does not routinely require personnel to read Private Workspace Content. Authorised personnel may access limited information where reasonably necessary to respond to a support request, investigate a security incident or serious misuse, diagnose a technical problem, protect users or the service, comply with law, or review feedback intentionally submitted by a user. Access is restricted by role and need and is logged where technically available.
Submitting ordinary feedback or a rating does not automatically authorise Shared Model Improvement using Private Workspace Content. If feedback submission includes a prompt, output, document passage, or conversation context, Noezra will provide an appropriate notice where required.
11. Service providers and subprocessors
Noezra may use service providers and subprocessors for AI processing, hosting, storage, databases, vector search, authentication, text-to-speech, analytics, email, payments, communications, support, security, error monitoring, and research discovery. These providers may process personal information on our behalf for the agreed service purpose and subject to applicable contractual obligations.
Noezra maintains a Provider and Subprocessor Register describing material providers, purposes, data categories, processing locations where known, training position, and retention position. The public register is kept current at /subprocessors.
| Provider | Purpose | Data categories | Location / region |
|---|---|---|---|
| Microsoft Azure | Cloud hosting, database, blob storage, queueing, regional replication, and security logging. | Account data, uploaded files, layouts, chunks, embeddings, notes, highlights, chats, citations, and logs. | Australia, United States, Singapore, and configured Azure regions. |
| Azure OpenAI / Azure AI Foundry | AI chat, document explanation, summarisation, embedding generation, and grounded study features. | Prompts, selected document context, retrieved chunks, and model metadata. | Configured Azure AI regions. |
| Azure Speech Services | Text-to-speech generation where Azure Speech is selected. | Selected reading text and voice settings. | Configured Azure Speech regions. |
| ElevenLabs | Text-to-speech generation where ElevenLabs is selected. | Selected reading text and voice settings. | Provider-operated regions, commonly United States and European Union. |
| PostHog | Optional product analytics. | Pseudonymous feature events and device/session metadata only. No private content. | Configured PostHog region. |
| Semantic Scholar and public research indexes | Research discovery and paper metadata lookup. | Search terms, public source metadata, DOI/arXiv identifiers, and saved public references. | Provider-operated regions. |
For Private Workspace Content, Noezra uses production arrangements intended for API, business, or enterprise use. Noezra personnel must not place Private Workspace Content into personal, consumer, or unpaid AI accounts for support, development, or testing.
Where we state that a provider does not use Noezra content to train its general models, we will configure and contract with that provider to support the statement. We will not claim zero retention, a certification, or a specific provider safeguard unless it has been confirmed and remains applicable to the feature in use.
If Noezra adds or removes a material provider, changes a provider purpose, or changes a provider's material data-use, training, retention, or processing-location position, we will update the Provider and Subprocessor Register and, where required, provide additional notice.
12. When we disclose information
We may disclose personal information in the following circumstances:
- Service providers: to providers who operate Noezra on our behalf, including AI, speech, hosting, storage, analytics, authentication, email, payment, support, security, and error-monitoring providers.
- AI and speech providers: to process relevant prompts, selected content, retrieved passages, voice settings, metadata, and technical logs as necessary to generate requested outputs or audio.
- Connected services: to or from a third-party service you authorise, as needed to provide the integration and as permitted by the connection flow.
- Other users or collaborators: where you choose to share, publish, export, or collaborate on content.
- Organisations: where an organisation administers your account or workspace under a separate agreement.
- Professional advisers: to lawyers, accountants, auditors, insurers, and other advisers subject to appropriate duties.
- Legal and safety recipients: to courts, regulators, law enforcement, rights holders, security researchers, or other parties where reasonably necessary to comply with law, respond to valid process, investigate misuse, enforce our Terms, or protect rights, safety, and security.
- Business transactions: in connection with a financing, merger, acquisition, restructuring, insolvency, sale of assets, or similar transaction.
- With your direction or consent: where you ask us to disclose information or where consent is required and you provide it.
- Aggregated or de-identified information: where individuals are not reasonably identifiable.
We do not sell or rent personal information. We do not disclose Private Workspace Content to advertisers or data brokers.
13. Overseas processing and international transfers
Noezra is operated by an Australian company, but personal information may be processed or stored in countries where Noezra, our providers, or their subprocessors operate. These locations may include Australia, the United States, Singapore, the United Kingdom, the European Union or European Economic Area, and other countries identified in our Provider and Subprocessor Register.
Where Australian Privacy Principle 8 applies, we take reasonable steps in the circumstances to ensure that overseas recipients handle personal information consistently with applicable Australian privacy requirements.
Where the GDPR, UK GDPR, Swiss law, or another transfer regime applies, we use an applicable transfer mechanism where required, such as an adequacy decision, standard contractual clauses, the UK International Data Transfer Addendum, data processing agreements, regional hosting, or another lawful safeguard.
Privacy protections and government-access rules may differ between countries. We assess provider safeguards based on the nature of the information, the feature, the processing location, provider terms, security controls, and applicable law.
14. Google Sign-In and connected services
If Noezra uses Google Sign-In or Google APIs, Noezra requests only the permissions reasonably necessary for the feature being provided and handles Google user data in accordance with the Google consent screen, applicable Google policies, this Policy, and applicable law.
For basic sign-in, Noezra may receive basic authentication and profile information, such as your Google account identifier, name, email address, and profile image if provided by Google. Noezra will not request access to Gmail, Google Drive, Google Calendar, Contacts, or other sensitive or restricted Google API scopes during beta unless a feature genuinely requires those permissions, the product flow clearly explains the access, and you authorise it.
Noezra does not use Google user data for advertising, does not sell Google user data, and does not transfer Google user data except as necessary to provide or secure the requested feature, troubleshoot the service, comply with law, or as otherwise permitted by the Google consent flow and applicable Google policy.
Where Google API Services User Data Policy or Google Workspace API user-data requirements apply, Noezra's use and transfer of Google user data will be limited to providing or improving user-facing features, security, troubleshooting, compliance, or other permitted purposes.
If you connect another service, the connected service's terms and privacy practices also apply. You can disconnect supported integrations through Noezra settings or the provider's settings. Disconnecting stops future access but may not automatically delete information already imported into Noezra, retained in backups, or retained for legal, security, or compliance reasons.
15. Sensitive information and high-risk use
Noezra is a general study, research, reading, and document workspace. It is not designed as a clinical-record system, healthcare platform, therapy or crisis service, legal-practice management system, banking platform, government-identity repository, biometric system, payment-card repository, regulated research-participant database, institutional learning-management system, or high-risk decision system.
Do not upload highly sensitive, confidential, or regulated information unless the relevant feature expressly permits it, processing is reasonably necessary, you are authorised to provide it, and you understand the risks. This includes:
- health, disability, genetic, biometric, therapy, counselling, or clinical records;
- government identifiers such as passport, driver licence, Medicare, tax file number, national ID, or visa documents;
- complete payment-card numbers, bank credentials, passwords, API keys, or authentication secrets;
- confidential student records, legal advice files, privileged materials, or financial files;
- children's personal information;
- criminal-record information, sexual-life information, trade-union membership, political opinions, religious or philosophical beliefs, race or ethnicity, or other sensitive information;
- identifiable research-participant information or human-subject research data;
- information about another person unless you have a lawful basis, authority, and permission to provide it.
Noezra does not intentionally use sensitive information for behavioural advertising or Shared Model Improvement. We may restrict, isolate, redact, remove, or decline to process information where reasonably necessary to reduce serious privacy, legal, security, or safety risk.
16. Children and under-18 users
Noezra's global beta is intended only for users who are 18 years old or older. We do not knowingly permit users under 18 to create ordinary individual beta accounts.
If we learn that a person under 18 has created an account or provided personal information during beta, we may suspend or close the account and take reasonable steps to delete associated information, unless we are required or permitted to retain it by law, safety, security, or compliance requirements.
Before Noezra is offered to users under 18, school-managed users, classroom users, or child-directed use, Noesis Labs will implement appropriate age assurance, child-appropriate notice, parent or guardian, school, administrator, safety, retention, and model-training controls. Information known to relate to a child will not be used for Shared Model Improvement under the beta framework.
17. Retention and deletion
We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law. Retention depends on the type of information, account settings, provider settings, backup cycles, security requirements, legal and accounting obligations, disputes, abuse prevention, and technical deletion processes.
| Information | Retention approach |
|---|---|
| Account data | Retained while the account is active, then deleted or de-identified after account deletion subject to legal, security, fraud-prevention, audit, tax, accounting, dispute, and backup requirements. |
| Private Workspace Content | Retained while the account is active or until the user deletes it. Derived layouts, chunks, embeddings, indexes, and audio cache are designed to be removed with the source content where technically supported, subject to exceptions. |
| AI processing logs | Retained only as reasonably necessary to provide, secure, debug, and improve the feature, and subject to provider settings and legal requirements. |
| Analytics | Optional where applicable, pseudonymous where practicable, controlled by user settings where available, and retained according to analytics workspace retention settings. |
| Security and audit logs | Retained as reasonably necessary for security, reliability, abuse prevention, legal, and operational needs. |
| Support records | Retained as reasonably necessary for support history, dispute handling, product troubleshooting, and legal or business needs. |
| Billing records | Retained as required or permitted by tax, accounting, payment, dispute, and legal requirements. |
| Backups and disaster recovery copies | Deleted or overwritten according to backup rotation schedules, unless longer retention is required for legal, security, or recovery reasons. |
| Consent and withdrawal records | Retained as reasonably necessary to demonstrate permissions, choices, withdrawals, and compliance. |
| Provider-held information | Retained according to provider contracts, settings, feature configuration, and the Provider and Subprocessor Register. |
When information is no longer needed, we take reasonable steps to delete, destroy, de-identify, or anonymise it. Deletion may be delayed where information must be retained to comply with law, investigate misuse, preserve security, resolve disputes, establish or defend legal claims, protect users, or complete backup cycles.
Once information has been genuinely de-identified and can no longer reasonably be connected to an individual, Noezra may be unable to identify it in response to an individual deletion request.
Where exact maximum periods depend on provider settings, product configuration, or legal requirements, Noezra states those periods in the Provider and Subprocessor Register, a product-specific notice, or a direct response to a privacy request where appropriate. We do not retain personal information longer than reasonably necessary for the purposes described in this Policy, unless retention is required or permitted by law.
18. Security
We use reasonable technical, organisational, and administrative safeguards designed to protect personal information from misuse, interference, loss, unauthorised access, unauthorised modification, and unauthorised disclosure.
- encryption in transit;
- encryption at rest where implemented and appropriate;
- role-based and least-privilege access controls;
- multi-factor authentication for privileged access where available;
- workspace and permission controls;
- permission checks before AI retrieval;
- secure credential and secret management;
- security monitoring, audit logging, and incident-response procedures;
- vulnerability and dependency management;
- protected backups and recovery processes;
- provider due diligence and contractual safeguards;
- staff and contractor confidentiality requirements;
- secure development and change-management practices.
No information system is completely secure. We cannot guarantee that Noezra will be free from security incidents, unauthorised access, or data loss. You should protect your credentials, keep your devices secure, and notify us promptly if you suspect unauthorised access.
19. Data breaches
Noezra maintains procedures to identify, contain, investigate, assess, remedy, and document suspected data breaches. If we become aware of a data breach affecting personal information, we will assess the incident and take appropriate steps to contain, investigate, remediate, and reduce harm.
Where legally required, we will notify affected individuals, regulators, or other required parties. For Australian users, this may include notification under the Notifiable Data Breaches scheme where it applies.
Where the EU GDPR or UK GDPR applies, we will notify the competent supervisory authority of a personal data breach without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to individuals. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.
20. Automated processing and AI transparency
Noezra uses automated processing to operate and improve the service. This may include ranking and ordering information within a workspace, recommending features or study workflows, Account-Only Personalisation, AI retrieval and response generation, text-to-speech processing, spam and abuse detection, security monitoring, error detection, and policy-enforcement signals.
The personal information used for automated processing may include account information, Behaviour Data, document and workspace activity, prompts or selected context used for a requested AI feature, voice settings for a text-to-speech request, and security events, subject to the limits and choices described in this Policy.
Noezra does not currently use personal information to make decisions, by solely or substantially automated means, that produce legal effects concerning you or similarly significantly affect your rights or interests, including decisions that determine or materially affect academic grades, admission, employment, credit, insurance, healthcare eligibility, legal rights, migration status, housing, or access to essential services. Noezra recommendations are assistive and do not replace human judgement.
Where you interact with a Noezra feature that uses AI, Noezra seeks to make clear that you are interacting with an AI-assisted system or receiving AI-generated or AI-assisted output. Where required by applicable law or product design, Noezra may label, mark, watermark, log, or restrict AI-generated content or outputs for transparency, safety, provider compliance, abuse prevention, or legal compliance.
Noezra is not designed to evaluate learning outcomes, determine education access, assign grades, monitor examinations, or make formal educational decisions about a person. Before introducing automated processing that may produce legal effects or similarly significantly affect a person's rights or interests, Noezra will update relevant privacy information and implement required safeguards, including human review where applicable.
21. Your choices, controls, and privacy rights
Depending on the feature and applicable law, you may be able to:
- access, update, or correct account information;
- delete supported documents, chats, notes, highlights, and workspace content;
- export supported account and workspace information;
- close your account and begin the applicable deletion process;
- manage Account-Only Personalisation;
- manage optional account-linked Behaviour Data Shared Model Improvement if offered;
- manage optional Private Workspace Content training if offered;
- manage cookie choices where required;
- disconnect supported integrations;
- unsubscribe from marketing communications;
- submit a privacy request or complaint.
Withdrawing optional consent will not be made materially more difficult than giving it. Withdrawal will not affect processing completed before withdrawal, processing required for ordinary service operation, security, legal compliance, dispute handling, or other purposes permitted by law.
You may request access to personal information Noezra holds about you or ask us to correct information that is inaccurate, outdated, incomplete, irrelevant, or misleading. You may also have additional rights depending on your location, including rights to deletion, portability, restriction, objection, consent withdrawal, appeal, or complaint to a regulator.
We may verify your identity before fulfilling a request to protect information from unauthorised disclosure, change, or deletion. We may refuse or limit a request where permitted by law, and where required we will explain our reasons and available complaint or appeal options.
To make a privacy request or complaint, email us at contact@noezra.ai or submit a request from your account settings in the app.
22. Australia privacy notice
Noesis Labs Pty Ltd is based in Australia. Where the Privacy Act 1988 (Cth) applies to us, we handle personal information in accordance with the Australian Privacy Principles. We have also designed this Policy and our launch privacy posture with the Australian Privacy Principles as a baseline standard.
You may contact us at contact@noezra.ai to request access or correction, ask a privacy question, or make a privacy complaint. A complaint should describe the privacy issue, information involved, relevant dates or events, and the outcome sought.
We aim to acknowledge privacy complaints within 7 days and provide a substantive response within 30 days, unless the matter is complex and additional time is reasonably required. If you are not satisfied and the Privacy Act applies, you may be able to complain to the Office of the Australian Information Commissioner.
Where we send commercial electronic messages, such as marketing emails, we do so consistent with the Spam Act 2003 (Cth), including by identifying ourselves as the sender and providing a functional unsubscribe facility.
You can find more information about your privacy rights, or lodge a complaint with the Office of the Australian Information Commissioner, at oaic.gov.au.
23. EEA, UK, and Swiss privacy notice
This section applies where the EU GDPR, UK GDPR, Swiss data-protection law, or similar law governs Noezra's processing of your personal data.
23.1 Controller and processor roles
For most direct individual users, Noesis Labs Pty Ltd is the controller of personal data processed under this Policy. If Noezra is used through an organisation under a separate agreement, Noesis Labs may act as a processor or service provider for some processing activities, and the organisation's privacy notice may also apply.
23.2 Lawful bases
| Purpose | Typical lawful basis |
|---|---|
| Creating and administering an account | Performance of a contract; legitimate interests where appropriate. |
| Providing requested workspace and AI features | Performance of a contract. |
| Processing Private Workspace Content for a requested feature | Performance of a contract. |
| Authentication, essential service operation, diagnostics, and reliability | Contract and legitimate interests. |
| Security, fraud prevention, abuse detection, and policy enforcement | Legitimate interests; legal obligation where applicable. |
| Non-essential analytics technologies | Consent where required; legitimate interests where permitted. |
| Account-Only Personalisation | Contract, legitimate interests, or consent depending on the feature and region. |
| Account-linked Behaviour Data for Shared Model Improvement | Consent under the recommended launch design, or another lawful basis if clearly explained and legally available. |
| Private Workspace Content training | Separate consent or separate written agreement where offered. |
| Marketing | Consent or legitimate interests where legally permitted. |
| Billing and financial records | Contract and legal obligation. |
| Legal requests, disputes, and claims | Legal obligation and legitimate interests. |
| Corporate transactions | Legitimate interests, subject to safeguards. |
23.3 Your rights
Subject to applicable conditions and exceptions, you may have rights to access, rectify, erase, restrict, object to processing, receive certain information in a portable format, withdraw consent, object to direct marketing, request information about automated processing, and lodge a complaint with a supervisory authority. Where a decision is based solely on automated processing and produces legal or similarly significant effects, you may have rights to obtain human intervention, express your point of view, and contest the decision.
You may lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available through the European Data Protection Board at edpb.europa.eu. In the United Kingdom, you may contact the Information Commissioner's Office at ico.org.uk. In Switzerland, you may contact the Federal Data Protection and Information Commissioner.
23.4 International transfers and representatives
Where personal data is transferred outside the EEA, UK, or Switzerland, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Addendum, data processing agreements, or other lawful transfer mechanisms.
If Noesis Labs is legally required to appoint a representative in the EU, UK, or Switzerland, the representative details will be listed here: EU representative: [insert if required]. UK representative: [insert if required]. Swiss representative: [insert if required].
24. United States privacy notice
This section applies where a United States state comprehensive privacy law governs Noezra's handling of your personal information. It supplements the rest of this Policy. Where a specific state law gives you additional or different rights, those rights apply.
24.1 Categories of personal information
Noezra may collect identifiers, account and profile information, Private Workspace Content, internet and device activity, approximate location, commercial and billing information where paid services are offered, communications information, inferences used for Account-Only Personalisation, and sensitive personal information only if you provide it or it is contained inside content you upload. The sources, purposes, and recipient categories are described in Sections 6, 8, 11, and 12 of this Policy.
24.2 Sale, sharing, targeted advertising, and sensitive information
Noezra does not sell personal information for money. At launch, Noezra does not share personal information for cross-context behavioural advertising and does not process personal information for targeted advertising as those terms are defined under applicable US state privacy laws. Noezra does not disclose Private Workspace Content to advertisers or data brokers.
Noezra does not use sensitive personal information to infer characteristics about you, for behavioural advertising, or for Shared Model Improvement. If Noezra later uses advertising technologies that trigger a sale, sharing, targeted advertising, or sensitive-data limitation right, we will provide the required notice and choice before or at the time required by law.
24.3 US privacy rights
Subject to applicable conditions and exceptions, you may have the right to confirm whether Noezra processes your personal information, access it, obtain a portable copy, correct inaccurate information, delete information, opt out of sale, sharing, targeted advertising, or certain profiling, limit the use or disclosure of sensitive personal information, appoint an authorised agent, appeal a decision about your request, and not receive discriminatory treatment for exercising privacy rights.
Where required by applicable law, Noezra will recognise valid browser- or device-based universal opt-out preference signals for relevant processing or will avoid the processing that would require recognition of such signals. To exercise rights, contact us using the details in Section 28. We may verify your identity and, where permitted, ask an authorised agent to provide proof of authority.
California Shine the Light: Noezra does not disclose personal information to third parties for their own direct-marketing purposes. This United States privacy notice, together with Sections 6 and 8 of this Policy, is intended to serve as our notice at collection where one is required under applicable US state privacy law.
25. Academic, research, and third-party content
Noezra may display, link to, suggest, retrieve, summarise, rank, analyse, or refer to third-party sources, websites, papers, databases, metadata, abstracts, snippets, search results, references, or external content. Third-party content is controlled by its authors, publishers, providers, institutions, or rights holders, not by Noezra.
A source suggestion, citation, reference, link, quote, abstract, or summary generated by Noezra does not mean Noezra endorses the source, verifies it, guarantees access to it, or guarantees that you may use it. You should check original sources, copyright, database terms, citation requirements, and academic or publisher rules before relying on or sharing content.
If you upload or process third-party materials, such as journal papers, books, lecture slides, course materials, research data, or documents containing another person's personal information, you are responsible for ensuring that you have the rights, permissions, lawful basis, and consents needed to use that content in Noezra.
26. Business transfers and legal requests
We may disclose or transfer personal information where reasonably necessary in connection with a financing, due-diligence process, merger, acquisition, reorganisation, restructuring, insolvency, administration, sale of assets, or similar corporate transaction, including to prospective or actual buyers, investors, and their advisers. Where personal information is transferred as part of such a transaction, we will take reasonable steps to require the recipient to handle it consistently with this Policy or to provide you with notice and choices where required by law.
We may access, preserve, and disclose personal information where we reasonably believe it is necessary to comply with applicable law, regulation, legal process, or an enforceable governmental request; to respond to a valid subpoena, court order, warrant, or other lawful request; to enforce our Terms and policies; to detect, prevent, or address fraud, security, abuse, or technical issues; or to protect the rights, property, or safety of Noezra, our users, or the public, as required or permitted by law.
Where legally permitted, we will seek to limit the scope of any disclosure to what is reasonably necessary and may notify you of a legal request unless we are prohibited from doing so or believe notice would be ineffective, would create a risk to safety, or would otherwise be inappropriate.
27. Changes to this Policy
We may update this Policy from time to time to reflect changes to Noezra, our practices, our providers, or legal requirements. When we make changes, we will update the version and the last-updated date at the top of this Policy and publish the updated version.
Where a change is material, we will take additional steps to inform you where required, such as providing in-product notice, sending an email, or requesting renewed consent before the relevant processing begins. Your continued use of Noezra after an updated Policy takes effect indicates that you are aware of the current Policy, subject to any consent that is required and obtained separately.
Where required by law, we will keep prior versions available or provide them on request.
28. Contact us
If you have a question, request, or complaint about this Policy or how Noezra handles personal information, contact us using the details below. We will respond within a reasonable time and in accordance with applicable law.
| Contact | Details |
|---|---|
| Legal entity | Noesis Labs Pty Ltd, trading as Noezra |
| Business location | Melbourne, Victoria, Australia |
| ABN / ACN | ABN 97 696 754 140 · ACN 696 754 140 |
| Registered address | 11 Waratah Avenue, Glenhuntly, VIC 3163 |
| Website | https://noezra.ai |
| Privacy contact | contact@noezra.ai |
| Support contact | contact@noezra.ai |
| Security contact | contact@noezra.ai |
| Privacy request | Available in your account settings |
| Legal notices | official@noesislabs.com.au |
| Legal notices address | 8/11 Waratah Avenue, Glenhuntly, VIC 3163 |
| Provider and Subprocessor Register | /subprocessors |