Noezra Privacy Policy

Privacy Policy

Noesis Labs Pty Ltd, trading as Noezra, respects your privacy. This Privacy Policy explains how we collect, use, disclose, store, protect, retain, and otherwise handle personal information when you use Noezra.

Legal entityNoesis Labs Pty Ltd
ProductNoezra
ScopeWebsite, web application, AI study workspace, beta access, AI features, support, promotions, and related services
Effective date29 June 2026
Last updated28 June 2026
Version1.0.0
Business locationMelbourne, Victoria, Australia
ABN / ACNABN 97 696 754 140 · ACN 696 754 140
Registered address11 Waratah Avenue, Glenhuntly, VIC 3163
Websitenoezra.ai
Privacy contactcontact@noezra.ai
Support contactcontact@noezra.ai
Security contactcontact@noezra.ai
Privacy requestAvailable in your account settings
Legal noticesofficial@noesislabs.com.au
Legal notices address8/11 Waratah Avenue, Glenhuntly, VIC 3163
Provider register/subprocessors

1. About this Policy

Noesis Labs Pty Ltd, trading as Noezra, respects your privacy. This Privacy Policy explains how we collect, use, disclose, store, protect, retain, and otherwise handle personal information when you use Noezra.

Noezra is an AI-powered study, research, reading, listening, note-taking, source-navigation, citation-assistance, and document workspace. In this Policy, Noezra, we, us, and our mean Noesis Labs Pty Ltd. You means the person using Noezra. Services means the Noezra website, web application, beta access, AI features, and related services that link to this Policy.

This Policy should be read together with our Terms of Service and any feature-specific notice, promotion rule, cookie notice, provider notice, or regional notice that applies to your use of Noezra.

This Policy describes our practices. It is not, by itself, consent to every processing activity described. Where consent is required, we ask for it separately at the relevant time and provide a practical way to withdraw it.

2. Privacy summary

TopicNoezra position
What we collectAccount information, Private Workspace Content, AI inputs and outputs, Behaviour Data, device and security information, support communications, marketing preferences, and payment-related records where applicable.
Why we collect itTo provide, secure, support, personalise, analyse, and improve Noezra; process AI and text-to-speech requests; communicate with users; comply with law; and protect rights and safety.
Private content and AI trainingPrivate Workspace Content is not used to train AI models shared across users by default. Optional shared model improvement using private content requires a separate affirmative choice, product setting, consent flow, or written agreement.
AI and speech providersRelevant content may be sent to contracted AI, speech, infrastructure, and research providers to perform the feature you request. We seek to send only what is reasonably necessary for the requested feature.
AnalyticsProduct analytics are designed to measure feature events and reliability, not the private text inside your documents, prompts, chats, notes, highlights, or uploaded files.
Sensitive recordsNoezra is not designed for medical records, therapy notes, government identifiers, payment-card storage, biometric data, children's data, legal files, regulated research-participant data, or regulated high-risk decisions.
Beta age limitNoezra global beta is intended only for users who are 18 years old or older.
Your controlsDepending on the feature and applicable law, you may access, correct, export, delete, object to, or restrict certain information; manage marketing and cookie choices; disconnect integrations; and manage optional AI improvement settings where offered.

3. Scope

This Policy applies to personal information we handle when you:

  • visit our website or product pages;
  • join a waitlist, beta program, promotion, survey, event, or community activity;
  • create or use a Noezra account;
  • upload, create, process, or store documents, notes, prompts, chats, files, audio, summaries, flashcards, quizzes, citations, references, or other workspace materials;
  • use AI chat, document explanation, summarisation, research discovery, citation assistance, text-to-speech, audio, search, notes, or related features;
  • connect a third-party account or sign in through an authentication provider;
  • contact us for support, privacy, or security assistance;
  • receive service, product, or marketing communications from us;
  • apply to work with us, partner with us, invest in us, or provide services to us.

This Policy does not apply to third-party websites, applications, papers, databases, payment pages, AI providers, social platforms, or other services that Noezra does not control, even where Noezra links to them or displays information from them.

If Noezra later provides enterprise, school, university, classroom, or organisation-managed accounts, a separate privacy addendum, data processing agreement, institutional agreement, administrator notice, or regional notice may also apply.

4. Our role

For ordinary individual accounts, Noesis Labs Pty Ltd generally determines why and how personal information is handled and acts as the responsible privacy entity, controller, or business where those terms apply.

Where Noezra is provided through an organisation, school, university, employer, research group, team, or enterprise customer, that organisation may determine some purposes, permissions, settings, administrator access, and retention rules. In those cases, Noezra may act as a processor or service provider for some activities, and the organisation's privacy notice may also apply.

5. Key terms

TermMeaning
Personal information / personal dataInformation or an opinion about an identified individual or an individual who is reasonably identifiable. In some laws, this is called personal data.
Private Workspace ContentContent uploaded, entered, created, generated, or stored in a non-public Noezra account or workspace, including documents, document text, prompts, chats, notes, highlights, annotations, research materials, citations, summaries, quizzes, flashcards, audio-related materials, and generated outputs.
Behaviour DataInformation about how a user interacts with Noezra, such as features used, action sequences, timestamps, task completion, output ratings, broad file metadata, device and browser information, performance data, errors, security events, and diagnostics. Behaviour Data does not automatically include the substance of Private Workspace Content.
Service ProcessingProcessing information to provide the feature you request, such as retrieving document passages, creating embeddings, generating summaries, answering questions, or converting selected text to speech. Service Processing does not, by itself, train a model shared across users.
Account-Only PersonalisationUsing information to adapt Noezra for your account, such as remembering preferences or recommending workflows, without using that information to improve systems shared with other users.
Shared Model ImprovementUsing information to develop, train, fine-tune, test, evaluate, or improve an AI, machine-learning, recommendation, ranking, quality, workflow, or safety system that may benefit more than one user.
De-identified informationInformation processed so that an individual is no longer reasonably identifiable and Noezra does not retain a reasonably available means to reconnect it to that person.
Pseudonymised informationInformation connected to a coded, random, or indirect identifier. If it can still be reconnected to an account or person, we continue to treat it as personal information.

6. Information we collect

6.1 Information you provide

  • Account and profile information: name, username, email address, login method, authentication information, profile photo or avatar if provided, age or eligibility confirmation, account settings, preferences, and beta access status.
  • Study and onboarding information: school, university, course, study level, research interests, feature preferences, survey responses, and other information you choose to provide.
  • Private Workspace Content: uploaded documents, PDFs, extracted text, prompts, chat messages, notes, highlights, folders, research questions, generated summaries, flashcards, quizzes, citations, source lists, audio-related materials, and other workspace materials.
  • Communications: support requests, emails, forms, survey responses, feedback, bug reports, screenshots, files you choose to send, social media handles, community usernames, product reviews, testimonials, and communications preferences.
  • Marketing and promotions: marketing preferences, referral information, eligibility information, campaign participation details, reward or gift delivery information, social media post information you choose to provide, and related records.
  • Payment information: if paid services are offered, billing name, billing address, email address, plan, purchase history, invoices, payment status, limited payment metadata, and tax information. We do not intend to store complete payment-card numbers directly.

6.2 Information collected automatically

  • Behaviour Data and product analytics;
  • IP address and approximate location derived from IP address;
  • device type, browser type, operating system, language setting, time zone, and device or session identifiers;
  • authentication, account, and security events;
  • application diagnostics, errors, latency, crash reports, and model-performance signals;
  • cookie, local storage, SDK, and similar technology identifiers;
  • feature settings, preferences, and broad file metadata such as file type, size range, or page-count range.

6.3 Information from third parties

  • authentication providers, such as where you use Google Sign-In or another sign-in method;
  • AI, speech, hosting, analytics, security, support, and infrastructure providers acting on our behalf;
  • payment processors where paid services are offered;
  • connected services you authorise;
  • people who invite you to a shared workspace, where sharing features exist;
  • publicly available research databases, public research indexes, DOI or arXiv sources, and publication metadata services;
  • social media platforms, event partners, or referral users where you interact with Noezra through those channels.

We do not intentionally collect more personal information than is reasonably necessary and proportionate for the purposes described in this Policy.

7. How we collect and hold information

We collect personal information directly from you, automatically when you use Noezra, from an organisation that administers an account, from services you connect, from service providers acting on our behalf, and from public sources used by a requested research feature.

Information may be held in Noezra databases, document storage, object storage, search or vector databases, security and audit systems, analytics systems, backup systems, and systems operated by contracted service providers.

Where practicable, you may interact with Noezra without identifying yourself, such as by browsing public webpages. An identified account may be required to store and sync workspace materials, protect account security, manage beta access, provide paid plans, process AI requests, or operate account-specific features.

You may provide information that Noezra did not request, including information inside uploaded documents. If we receive unsolicited personal information that we could not lawfully collect and are not required or authorised to retain, we may delete, redact, restrict, or de-identify it as soon as reasonably practicable.

8. How we use information

We may use personal information for the following purposes:

  • create, authenticate, administer, and secure accounts and workspaces;
  • provide beta access and requested Noezra features;
  • process documents, prompts, chats, source materials, notes, and workspace context;
  • generate AI outputs, summaries, explanations, citations, flashcards, quizzes, notes, and audio-related outputs;
  • extract text, create indexes and embeddings, retrieve relevant document passages, and display source-linked workspace materials;
  • save, synchronise, organise, display, and export supported workspace content;
  • provide Account-Only Personalisation, such as remembering settings and recommending workflows for your account;
  • analyse service use, performance, reliability, and feature quality;
  • improve Noezra's product design, workflow quality, AI quality, safety, and reliability, subject to the limits in this Policy;
  • provide customer support and investigate support requests;
  • diagnose technical problems and debug product failures;
  • detect, prevent, and respond to fraud, spam, abuse, scraping, model extraction, prompt injection, automated misuse, rights infringement, security incidents, and policy violations;
  • process subscriptions, billing, invoices, and taxes if paid services are offered;
  • communicate account, service, security, legal, beta, and product information;
  • send marketing where permitted and consistent with your preferences;
  • manage surveys, promotions, referrals, community activities, and beta rewards;
  • comply with laws, respond to lawful requests, and protect legal rights;
  • enforce our Terms and policies;
  • establish, exercise, or defend legal claims;
  • create aggregated or genuinely de-identified information.

We will not use or disclose personal information for a materially different and incompatible purpose without providing additional notice and obtaining consent where required.

9. AI features, retrieval, speech, and model improvement

9.1 AI and speech Service Processing

Noezra uses AI, retrieval, search, embedding, and speech technologies and may use contracted third-party AI, speech, infrastructure, and research providers to provide requested features. When you use an AI or text-to-speech feature, Noezra may process your prompt, selected text, selected document passages, retrieved chunks, notes, conversation context, source metadata, voice settings, account preferences, and technical metadata needed to perform the feature.

Noezra seeks to send only information reasonably necessary for the requested feature. AI, retrieval, and speech features must apply relevant account, document, and workspace permissions before information is retrieved, converted to audio, or sent to a provider.

9.2 Document retrieval and embeddings

Noezra may extract, divide, index, and create embeddings from documents so that relevant information can be searched, retrieved, and used to answer a request. Embeddings are mathematical representations that help identify content with similar meaning. Creating embeddings and retrieving passages to provide a requested feature is Service Processing, not Shared Model Improvement by itself.

Private Workspace Content is treated as account or workspace data. Retrieval and permission controls are designed to prevent unrelated accounts from accessing private uploaded content.

9.3 AI output accuracy

AI outputs may be inaccurate, incomplete, outdated, biased, misleading, non-unique, or unsuitable. Outputs may contain hallucinated statements, incorrect citations, broken links, wrong source attributions, omitted context, or reasoning errors. You should verify important information, citations, sources, and academic or professional decisions before relying on output from Noezra.

9.4 Private Workspace Content and shared AI training

Noezra does not use Private Workspace Content to train AI models shared across users by default. Accepting this Policy or our Terms of Service does not, by itself, authorise optional shared AI training on Private Workspace Content.

If Noezra later offers optional Shared Model Improvement using Private Workspace Content, the choice will be separate from account creation, ordinary service use, Behaviour Data analytics, Account-Only Personalisation, marketing, surveys, promotions, and beta participation. The notice will explain the content categories involved, the purpose, whether human review may occur, which entity develops the model, how long source information is retained, how the choice can be changed, and any limits on withdrawal after information has been incorporated into a completed model.

Noezra does not intentionally use the following for Shared Model Improvement: passwords, authentication secrets, complete payment details, government identifiers, health or other sensitive information, identifiable research-participant information, information known to relate to a child, organisation-controlled content where training is disabled, content excluded by settings, or content deleted before inclusion in an authorised training dataset.

9.5 Behaviour Data and product improvement

Noezra may use aggregated or genuinely de-identified Behaviour Data to analyse, develop, test, evaluate, and improve product and AI systems, including workflow quality, onboarding, recommendations, AI reliability, safety, error detection, and service performance.

Noezra does not use account-linked or pseudonymised Behaviour Data to train systems shared across users unless the user has enabled the applicable setting or another lawful basis is clearly explained. Declining optional Shared Model Improvement will not prevent access to ordinary Noezra features. Essential security, diagnostic, reliability, and operational processing may continue.

9.6 Human review and feedback

Noezra does not routinely require personnel to read Private Workspace Content. Authorised personnel may access limited information where reasonably necessary to respond to a support request, investigate a security incident or serious misuse, diagnose a technical problem, protect users or the service, comply with law, or review feedback intentionally submitted by a user. Access is restricted by role and need and is logged where technically available.

Submitting ordinary feedback or a rating does not automatically authorise Shared Model Improvement using Private Workspace Content. If feedback submission includes a prompt, output, document passage, or conversation context, Noezra will provide an appropriate notice where required.

10. Product analytics, cookies, and personalisation

10.1 Product analytics

Noezra may collect limited Behaviour Data to operate, secure, analyse, and improve the service. Product analytics are designed to record product events rather than unnecessary private content.

Unless reasonably necessary for a clearly disclosed purpose, Noezra does not intentionally place the following in ordinary product analytics systems: names, email addresses, full document text, prompts, AI chat text, private notes or highlights, unsubmitted text or keystrokes, sensitive document titles, passwords, authentication secrets, complete payment information, or identifiable research-participant information.

Noezra may use a randomly generated or pseudonymous analytics identifier instead of a name or email address. If the identifier can still be connected to an account, we continue to treat the Behaviour Data as personal information. If session replay or similar tools are used, Noezra will configure them to mask or exclude Private Workspace Content, credentials, payment details, and sensitive fields, and will obtain consent where required.

10.2 Cookies and similar technologies

Noezra may use cookies, local storage, SDKs, log files, APIs, device identifiers, and similar technologies for authentication, security, session management, user preferences, service operation, performance, diagnostics, analytics, and marketing where permitted.

TypePurposeUser control
NecessaryLogin, account security, fraud prevention, session management, service operation, and essential settings.Usually cannot be disabled without affecting the service.
AnalyticsUnderstand website and product usage, reliability, errors, and performance.May be controlled through browser settings, cookie tools, or consent mechanisms where required.
MarketingCampaign measurement, referral tracking, and advertising performance where used.Disabled or subject to opt-out or consent choices where required by law.

Noezra does not use Private Workspace Content to create advertising profiles and does not use third-party advertising pixels to observe the content of private documents, prompts, chats, notes, highlights, or uploaded files.

At launch, any marketing-related cookies or tags are limited to first-party campaign measurement and referral tracking. Noezra does not use third-party cross-context behavioural advertising cookies and does not sell or share cookie data for targeted advertising, as those terms are defined under applicable US state privacy laws.

Some browsers offer a Do Not Track setting. Because there is no consistent industry standard for responding to these signals, Noezra may not respond to them. Where applicable law requires Noezra to recognise a universal opt-out preference signal, Noezra will either honour that signal for relevant processing or avoid the processing that would require that opt-out.

10.3 Account-Only Personalisation

Noezra may use account information and Behaviour Data to remember settings, adapt onboarding, rank workspace information, suggest study workflows, and personalise the interface for your account. Account-Only Personalisation does not, by itself, use information to train Shared Models. Disabling personalisation does not prevent processing necessary for security, service operation, or reliability.

11. Service providers and subprocessors

Noezra may use service providers and subprocessors for AI processing, hosting, storage, databases, vector search, authentication, text-to-speech, analytics, email, payments, communications, support, security, error monitoring, and research discovery. These providers may process personal information on our behalf for the agreed service purpose and subject to applicable contractual obligations.

Noezra maintains a Provider and Subprocessor Register describing material providers, purposes, data categories, processing locations where known, training position, and retention position. The public register is kept current at /subprocessors.

ProviderPurposeData categoriesLocation / region
Microsoft AzureCloud hosting, database, blob storage, queueing, regional replication, and security logging.Account data, uploaded files, layouts, chunks, embeddings, notes, highlights, chats, citations, and logs.Australia, United States, Singapore, and configured Azure regions.
Azure OpenAI / Azure AI FoundryAI chat, document explanation, summarisation, embedding generation, and grounded study features.Prompts, selected document context, retrieved chunks, and model metadata.Configured Azure AI regions.
Azure Speech ServicesText-to-speech generation where Azure Speech is selected.Selected reading text and voice settings.Configured Azure Speech regions.
ElevenLabsText-to-speech generation where ElevenLabs is selected.Selected reading text and voice settings.Provider-operated regions, commonly United States and European Union.
PostHogOptional product analytics.Pseudonymous feature events and device/session metadata only. No private content.Configured PostHog region.
Semantic Scholar and public research indexesResearch discovery and paper metadata lookup.Search terms, public source metadata, DOI/arXiv identifiers, and saved public references.Provider-operated regions.

For Private Workspace Content, Noezra uses production arrangements intended for API, business, or enterprise use. Noezra personnel must not place Private Workspace Content into personal, consumer, or unpaid AI accounts for support, development, or testing.

Where we state that a provider does not use Noezra content to train its general models, we will configure and contract with that provider to support the statement. We will not claim zero retention, a certification, or a specific provider safeguard unless it has been confirmed and remains applicable to the feature in use.

If Noezra adds or removes a material provider, changes a provider purpose, or changes a provider's material data-use, training, retention, or processing-location position, we will update the Provider and Subprocessor Register and, where required, provide additional notice.

12. When we disclose information

We may disclose personal information in the following circumstances:

  • Service providers: to providers who operate Noezra on our behalf, including AI, speech, hosting, storage, analytics, authentication, email, payment, support, security, and error-monitoring providers.
  • AI and speech providers: to process relevant prompts, selected content, retrieved passages, voice settings, metadata, and technical logs as necessary to generate requested outputs or audio.
  • Connected services: to or from a third-party service you authorise, as needed to provide the integration and as permitted by the connection flow.
  • Other users or collaborators: where you choose to share, publish, export, or collaborate on content.
  • Organisations: where an organisation administers your account or workspace under a separate agreement.
  • Professional advisers: to lawyers, accountants, auditors, insurers, and other advisers subject to appropriate duties.
  • Legal and safety recipients: to courts, regulators, law enforcement, rights holders, security researchers, or other parties where reasonably necessary to comply with law, respond to valid process, investigate misuse, enforce our Terms, or protect rights, safety, and security.
  • Business transactions: in connection with a financing, merger, acquisition, restructuring, insolvency, sale of assets, or similar transaction.
  • With your direction or consent: where you ask us to disclose information or where consent is required and you provide it.
  • Aggregated or de-identified information: where individuals are not reasonably identifiable.

We do not sell or rent personal information. We do not disclose Private Workspace Content to advertisers or data brokers.

13. Overseas processing and international transfers

Noezra is operated by an Australian company, but personal information may be processed or stored in countries where Noezra, our providers, or their subprocessors operate. These locations may include Australia, the United States, Singapore, the United Kingdom, the European Union or European Economic Area, and other countries identified in our Provider and Subprocessor Register.

Where Australian Privacy Principle 8 applies, we take reasonable steps in the circumstances to ensure that overseas recipients handle personal information consistently with applicable Australian privacy requirements.

Where the GDPR, UK GDPR, Swiss law, or another transfer regime applies, we use an applicable transfer mechanism where required, such as an adequacy decision, standard contractual clauses, the UK International Data Transfer Addendum, data processing agreements, regional hosting, or another lawful safeguard.

Privacy protections and government-access rules may differ between countries. We assess provider safeguards based on the nature of the information, the feature, the processing location, provider terms, security controls, and applicable law.

14. Google Sign-In and connected services

If Noezra uses Google Sign-In or Google APIs, Noezra requests only the permissions reasonably necessary for the feature being provided and handles Google user data in accordance with the Google consent screen, applicable Google policies, this Policy, and applicable law.

For basic sign-in, Noezra may receive basic authentication and profile information, such as your Google account identifier, name, email address, and profile image if provided by Google. Noezra will not request access to Gmail, Google Drive, Google Calendar, Contacts, or other sensitive or restricted Google API scopes during beta unless a feature genuinely requires those permissions, the product flow clearly explains the access, and you authorise it.

Noezra does not use Google user data for advertising, does not sell Google user data, and does not transfer Google user data except as necessary to provide or secure the requested feature, troubleshoot the service, comply with law, or as otherwise permitted by the Google consent flow and applicable Google policy.

Where Google API Services User Data Policy or Google Workspace API user-data requirements apply, Noezra's use and transfer of Google user data will be limited to providing or improving user-facing features, security, troubleshooting, compliance, or other permitted purposes.

If you connect another service, the connected service's terms and privacy practices also apply. You can disconnect supported integrations through Noezra settings or the provider's settings. Disconnecting stops future access but may not automatically delete information already imported into Noezra, retained in backups, or retained for legal, security, or compliance reasons.

15. Sensitive information and high-risk use

Noezra is a general study, research, reading, and document workspace. It is not designed as a clinical-record system, healthcare platform, therapy or crisis service, legal-practice management system, banking platform, government-identity repository, biometric system, payment-card repository, regulated research-participant database, institutional learning-management system, or high-risk decision system.

Do not upload highly sensitive, confidential, or regulated information unless the relevant feature expressly permits it, processing is reasonably necessary, you are authorised to provide it, and you understand the risks. This includes:

  • health, disability, genetic, biometric, therapy, counselling, or clinical records;
  • government identifiers such as passport, driver licence, Medicare, tax file number, national ID, or visa documents;
  • complete payment-card numbers, bank credentials, passwords, API keys, or authentication secrets;
  • confidential student records, legal advice files, privileged materials, or financial files;
  • children's personal information;
  • criminal-record information, sexual-life information, trade-union membership, political opinions, religious or philosophical beliefs, race or ethnicity, or other sensitive information;
  • identifiable research-participant information or human-subject research data;
  • information about another person unless you have a lawful basis, authority, and permission to provide it.

Noezra does not intentionally use sensitive information for behavioural advertising or Shared Model Improvement. We may restrict, isolate, redact, remove, or decline to process information where reasonably necessary to reduce serious privacy, legal, security, or safety risk.

16. Children and under-18 users

Noezra's global beta is intended only for users who are 18 years old or older. We do not knowingly permit users under 18 to create ordinary individual beta accounts.

If we learn that a person under 18 has created an account or provided personal information during beta, we may suspend or close the account and take reasonable steps to delete associated information, unless we are required or permitted to retain it by law, safety, security, or compliance requirements.

Before Noezra is offered to users under 18, school-managed users, classroom users, or child-directed use, Noesis Labs will implement appropriate age assurance, child-appropriate notice, parent or guardian, school, administrator, safety, retention, and model-training controls. Information known to relate to a child will not be used for Shared Model Improvement under the beta framework.

17. Retention and deletion

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law. Retention depends on the type of information, account settings, provider settings, backup cycles, security requirements, legal and accounting obligations, disputes, abuse prevention, and technical deletion processes.

InformationRetention approach
Account dataRetained while the account is active, then deleted or de-identified after account deletion subject to legal, security, fraud-prevention, audit, tax, accounting, dispute, and backup requirements.
Private Workspace ContentRetained while the account is active or until the user deletes it. Derived layouts, chunks, embeddings, indexes, and audio cache are designed to be removed with the source content where technically supported, subject to exceptions.
AI processing logsRetained only as reasonably necessary to provide, secure, debug, and improve the feature, and subject to provider settings and legal requirements.
AnalyticsOptional where applicable, pseudonymous where practicable, controlled by user settings where available, and retained according to analytics workspace retention settings.
Security and audit logsRetained as reasonably necessary for security, reliability, abuse prevention, legal, and operational needs.
Support recordsRetained as reasonably necessary for support history, dispute handling, product troubleshooting, and legal or business needs.
Billing recordsRetained as required or permitted by tax, accounting, payment, dispute, and legal requirements.
Backups and disaster recovery copiesDeleted or overwritten according to backup rotation schedules, unless longer retention is required for legal, security, or recovery reasons.
Consent and withdrawal recordsRetained as reasonably necessary to demonstrate permissions, choices, withdrawals, and compliance.
Provider-held informationRetained according to provider contracts, settings, feature configuration, and the Provider and Subprocessor Register.

When information is no longer needed, we take reasonable steps to delete, destroy, de-identify, or anonymise it. Deletion may be delayed where information must be retained to comply with law, investigate misuse, preserve security, resolve disputes, establish or defend legal claims, protect users, or complete backup cycles.

Once information has been genuinely de-identified and can no longer reasonably be connected to an individual, Noezra may be unable to identify it in response to an individual deletion request.

Where exact maximum periods depend on provider settings, product configuration, or legal requirements, Noezra states those periods in the Provider and Subprocessor Register, a product-specific notice, or a direct response to a privacy request where appropriate. We do not retain personal information longer than reasonably necessary for the purposes described in this Policy, unless retention is required or permitted by law.

18. Security

We use reasonable technical, organisational, and administrative safeguards designed to protect personal information from misuse, interference, loss, unauthorised access, unauthorised modification, and unauthorised disclosure.

  • encryption in transit;
  • encryption at rest where implemented and appropriate;
  • role-based and least-privilege access controls;
  • multi-factor authentication for privileged access where available;
  • workspace and permission controls;
  • permission checks before AI retrieval;
  • secure credential and secret management;
  • security monitoring, audit logging, and incident-response procedures;
  • vulnerability and dependency management;
  • protected backups and recovery processes;
  • provider due diligence and contractual safeguards;
  • staff and contractor confidentiality requirements;
  • secure development and change-management practices.

No information system is completely secure. We cannot guarantee that Noezra will be free from security incidents, unauthorised access, or data loss. You should protect your credentials, keep your devices secure, and notify us promptly if you suspect unauthorised access.

19. Data breaches

Noezra maintains procedures to identify, contain, investigate, assess, remedy, and document suspected data breaches. If we become aware of a data breach affecting personal information, we will assess the incident and take appropriate steps to contain, investigate, remediate, and reduce harm.

Where legally required, we will notify affected individuals, regulators, or other required parties. For Australian users, this may include notification under the Notifiable Data Breaches scheme where it applies.

Where the EU GDPR or UK GDPR applies, we will notify the competent supervisory authority of a personal data breach without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to individuals. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

20. Automated processing and AI transparency

Noezra uses automated processing to operate and improve the service. This may include ranking and ordering information within a workspace, recommending features or study workflows, Account-Only Personalisation, AI retrieval and response generation, text-to-speech processing, spam and abuse detection, security monitoring, error detection, and policy-enforcement signals.

The personal information used for automated processing may include account information, Behaviour Data, document and workspace activity, prompts or selected context used for a requested AI feature, voice settings for a text-to-speech request, and security events, subject to the limits and choices described in this Policy.

Noezra does not currently use personal information to make decisions, by solely or substantially automated means, that produce legal effects concerning you or similarly significantly affect your rights or interests, including decisions that determine or materially affect academic grades, admission, employment, credit, insurance, healthcare eligibility, legal rights, migration status, housing, or access to essential services. Noezra recommendations are assistive and do not replace human judgement.

Where you interact with a Noezra feature that uses AI, Noezra seeks to make clear that you are interacting with an AI-assisted system or receiving AI-generated or AI-assisted output. Where required by applicable law or product design, Noezra may label, mark, watermark, log, or restrict AI-generated content or outputs for transparency, safety, provider compliance, abuse prevention, or legal compliance.

Noezra is not designed to evaluate learning outcomes, determine education access, assign grades, monitor examinations, or make formal educational decisions about a person. Before introducing automated processing that may produce legal effects or similarly significantly affect a person's rights or interests, Noezra will update relevant privacy information and implement required safeguards, including human review where applicable.

21. Your choices, controls, and privacy rights

Depending on the feature and applicable law, you may be able to:

  • access, update, or correct account information;
  • delete supported documents, chats, notes, highlights, and workspace content;
  • export supported account and workspace information;
  • close your account and begin the applicable deletion process;
  • manage Account-Only Personalisation;
  • manage optional account-linked Behaviour Data Shared Model Improvement if offered;
  • manage optional Private Workspace Content training if offered;
  • manage cookie choices where required;
  • disconnect supported integrations;
  • unsubscribe from marketing communications;
  • submit a privacy request or complaint.

Withdrawing optional consent will not be made materially more difficult than giving it. Withdrawal will not affect processing completed before withdrawal, processing required for ordinary service operation, security, legal compliance, dispute handling, or other purposes permitted by law.

You may request access to personal information Noezra holds about you or ask us to correct information that is inaccurate, outdated, incomplete, irrelevant, or misleading. You may also have additional rights depending on your location, including rights to deletion, portability, restriction, objection, consent withdrawal, appeal, or complaint to a regulator.

We may verify your identity before fulfilling a request to protect information from unauthorised disclosure, change, or deletion. We may refuse or limit a request where permitted by law, and where required we will explain our reasons and available complaint or appeal options.

To make a privacy request or complaint, email us at contact@noezra.ai or submit a request from your account settings in the app.

22. Australia privacy notice

Noesis Labs Pty Ltd is based in Australia. Where the Privacy Act 1988 (Cth) applies to us, we handle personal information in accordance with the Australian Privacy Principles. We have also designed this Policy and our launch privacy posture with the Australian Privacy Principles as a baseline standard.

You may contact us at contact@noezra.ai to request access or correction, ask a privacy question, or make a privacy complaint. A complaint should describe the privacy issue, information involved, relevant dates or events, and the outcome sought.

We aim to acknowledge privacy complaints within 7 days and provide a substantive response within 30 days, unless the matter is complex and additional time is reasonably required. If you are not satisfied and the Privacy Act applies, you may be able to complain to the Office of the Australian Information Commissioner.

Where we send commercial electronic messages, such as marketing emails, we do so consistent with the Spam Act 2003 (Cth), including by identifying ourselves as the sender and providing a functional unsubscribe facility.

You can find more information about your privacy rights, or lodge a complaint with the Office of the Australian Information Commissioner, at oaic.gov.au.

23. EEA, UK, and Swiss privacy notice

This section applies where the EU GDPR, UK GDPR, Swiss data-protection law, or similar law governs Noezra's processing of your personal data.

23.1 Controller and processor roles

For most direct individual users, Noesis Labs Pty Ltd is the controller of personal data processed under this Policy. If Noezra is used through an organisation under a separate agreement, Noesis Labs may act as a processor or service provider for some processing activities, and the organisation's privacy notice may also apply.

23.2 Lawful bases

PurposeTypical lawful basis
Creating and administering an accountPerformance of a contract; legitimate interests where appropriate.
Providing requested workspace and AI featuresPerformance of a contract.
Processing Private Workspace Content for a requested featurePerformance of a contract.
Authentication, essential service operation, diagnostics, and reliabilityContract and legitimate interests.
Security, fraud prevention, abuse detection, and policy enforcementLegitimate interests; legal obligation where applicable.
Non-essential analytics technologiesConsent where required; legitimate interests where permitted.
Account-Only PersonalisationContract, legitimate interests, or consent depending on the feature and region.
Account-linked Behaviour Data for Shared Model ImprovementConsent under the recommended launch design, or another lawful basis if clearly explained and legally available.
Private Workspace Content trainingSeparate consent or separate written agreement where offered.
MarketingConsent or legitimate interests where legally permitted.
Billing and financial recordsContract and legal obligation.
Legal requests, disputes, and claimsLegal obligation and legitimate interests.
Corporate transactionsLegitimate interests, subject to safeguards.

23.3 Your rights

Subject to applicable conditions and exceptions, you may have rights to access, rectify, erase, restrict, object to processing, receive certain information in a portable format, withdraw consent, object to direct marketing, request information about automated processing, and lodge a complaint with a supervisory authority. Where a decision is based solely on automated processing and produces legal or similarly significant effects, you may have rights to obtain human intervention, express your point of view, and contest the decision.

You may lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available through the European Data Protection Board at edpb.europa.eu. In the United Kingdom, you may contact the Information Commissioner's Office at ico.org.uk. In Switzerland, you may contact the Federal Data Protection and Information Commissioner.

23.4 International transfers and representatives

Where personal data is transferred outside the EEA, UK, or Switzerland, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Addendum, data processing agreements, or other lawful transfer mechanisms.

If Noesis Labs is legally required to appoint a representative in the EU, UK, or Switzerland, the representative details will be listed here: EU representative: [insert if required]. UK representative: [insert if required]. Swiss representative: [insert if required].

24. United States privacy notice

This section applies where a United States state comprehensive privacy law governs Noezra's handling of your personal information. It supplements the rest of this Policy. Where a specific state law gives you additional or different rights, those rights apply.

24.1 Categories of personal information

Noezra may collect identifiers, account and profile information, Private Workspace Content, internet and device activity, approximate location, commercial and billing information where paid services are offered, communications information, inferences used for Account-Only Personalisation, and sensitive personal information only if you provide it or it is contained inside content you upload. The sources, purposes, and recipient categories are described in Sections 6, 8, 11, and 12 of this Policy.

24.2 Sale, sharing, targeted advertising, and sensitive information

Noezra does not sell personal information for money. At launch, Noezra does not share personal information for cross-context behavioural advertising and does not process personal information for targeted advertising as those terms are defined under applicable US state privacy laws. Noezra does not disclose Private Workspace Content to advertisers or data brokers.

Noezra does not use sensitive personal information to infer characteristics about you, for behavioural advertising, or for Shared Model Improvement. If Noezra later uses advertising technologies that trigger a sale, sharing, targeted advertising, or sensitive-data limitation right, we will provide the required notice and choice before or at the time required by law.

24.3 US privacy rights

Subject to applicable conditions and exceptions, you may have the right to confirm whether Noezra processes your personal information, access it, obtain a portable copy, correct inaccurate information, delete information, opt out of sale, sharing, targeted advertising, or certain profiling, limit the use or disclosure of sensitive personal information, appoint an authorised agent, appeal a decision about your request, and not receive discriminatory treatment for exercising privacy rights.

Where required by applicable law, Noezra will recognise valid browser- or device-based universal opt-out preference signals for relevant processing or will avoid the processing that would require recognition of such signals. To exercise rights, contact us using the details in Section 28. We may verify your identity and, where permitted, ask an authorised agent to provide proof of authority.

California Shine the Light: Noezra does not disclose personal information to third parties for their own direct-marketing purposes. This United States privacy notice, together with Sections 6 and 8 of this Policy, is intended to serve as our notice at collection where one is required under applicable US state privacy law.

25. Academic, research, and third-party content

Noezra may display, link to, suggest, retrieve, summarise, rank, analyse, or refer to third-party sources, websites, papers, databases, metadata, abstracts, snippets, search results, references, or external content. Third-party content is controlled by its authors, publishers, providers, institutions, or rights holders, not by Noezra.

A source suggestion, citation, reference, link, quote, abstract, or summary generated by Noezra does not mean Noezra endorses the source, verifies it, guarantees access to it, or guarantees that you may use it. You should check original sources, copyright, database terms, citation requirements, and academic or publisher rules before relying on or sharing content.

If you upload or process third-party materials, such as journal papers, books, lecture slides, course materials, research data, or documents containing another person's personal information, you are responsible for ensuring that you have the rights, permissions, lawful basis, and consents needed to use that content in Noezra.

26. Business transfers and legal requests

We may disclose or transfer personal information where reasonably necessary in connection with a financing, due-diligence process, merger, acquisition, reorganisation, restructuring, insolvency, administration, sale of assets, or similar corporate transaction, including to prospective or actual buyers, investors, and their advisers. Where personal information is transferred as part of such a transaction, we will take reasonable steps to require the recipient to handle it consistently with this Policy or to provide you with notice and choices where required by law.

We may access, preserve, and disclose personal information where we reasonably believe it is necessary to comply with applicable law, regulation, legal process, or an enforceable governmental request; to respond to a valid subpoena, court order, warrant, or other lawful request; to enforce our Terms and policies; to detect, prevent, or address fraud, security, abuse, or technical issues; or to protect the rights, property, or safety of Noezra, our users, or the public, as required or permitted by law.

Where legally permitted, we will seek to limit the scope of any disclosure to what is reasonably necessary and may notify you of a legal request unless we are prohibited from doing so or believe notice would be ineffective, would create a risk to safety, or would otherwise be inappropriate.

27. Changes to this Policy

We may update this Policy from time to time to reflect changes to Noezra, our practices, our providers, or legal requirements. When we make changes, we will update the version and the last-updated date at the top of this Policy and publish the updated version.

Where a change is material, we will take additional steps to inform you where required, such as providing in-product notice, sending an email, or requesting renewed consent before the relevant processing begins. Your continued use of Noezra after an updated Policy takes effect indicates that you are aware of the current Policy, subject to any consent that is required and obtained separately.

Where required by law, we will keep prior versions available or provide them on request.

28. Contact us

If you have a question, request, or complaint about this Policy or how Noezra handles personal information, contact us using the details below. We will respond within a reasonable time and in accordance with applicable law.

ContactDetails
Legal entityNoesis Labs Pty Ltd, trading as Noezra
Business locationMelbourne, Victoria, Australia
ABN / ACNABN 97 696 754 140 · ACN 696 754 140
Registered address11 Waratah Avenue, Glenhuntly, VIC 3163
Websitehttps://noezra.ai
Privacy contactcontact@noezra.ai
Support contactcontact@noezra.ai
Security contactcontact@noezra.ai
Privacy requestAvailable in your account settings
Legal noticesofficial@noesislabs.com.au
Legal notices address8/11 Waratah Avenue, Glenhuntly, VIC 3163
Provider and Subprocessor Register/subprocessors