This policy explains how Tetricus handles information in connection with the workspace we provide to subscribing organisations. It covers two kinds of data: account data (about the people who use Tetricus) and case material (the records you upload for analysis).
To run your account we hold your name, work email, organisation name, and authentication data, and we process subscription and payment status through our payment processor (we do not store full card numbers — the processor handles those). We use this to provide, secure, and bill for the service, and to contact you about it.
Case material is the documents, recordings, images, and other records you upload, plus the analysis derived from them. You control it. We process it solely to provide the service to you — parsing, transcription, optical character recognition, entity and event extraction, question answering, and report drafting. We act as a processor of this material on your behalf; you are the controller and are responsible for the lawful basis on which you hold it.
Case material is stored and processed in Australia (the ap-southeast-2 region), encrypted at rest with managed keys and in transit. Each organisation's material is isolated from every other organisation's at the data layer. Access is logged. Some AI processing is performed by third-party model providers under contractual terms that prohibit training on, or retention of, your material beyond what is needed to return a result; where fully in-region model processing is required for a deployment, that is available on request.
We do not use your case material to train machine-learning models. We do not sell it or share it for advertising. We do not access it except as needed to operate and support the service, or where required by law.
We keep case material for as long as your account holds it. You can delete individual sources or entire cases at any time from within the app; deletion removes the stored copies and the derived analysis. When your subscription ends we delete or de-identify remaining case material within a reasonable period, subject to any legal hold you notify to us.
We use encryption, per-organisation isolation, scoped access controls, multi-factor authentication, and audit logging. No system is perfectly secure, but security is designed into the service rather than added afterwards.
Depending on your location you may have rights to access, correct, or delete personal information we hold about you, and to complain to a regulator. For account data, contact us. For personal information contained within case material, your organisation controls it — direct requests to them.
Privacy questions: privacy@enclora.ai.