Home/Privacy Policy

Privacy Policy

UPTOCODE

UPTOCODE PTY LTD

ABN: 83 687 696 359

Effective Date: 27.01.2026

1. Introduction and Scope

This Privacy Policy explains how UptoCode ("we", "us", "our") collects, uses, discloses, and protects personal information in connection with our AI-powered building compliance platform (the "Service"). Our Service uses artificial intelligence to analyse construction drawings and building plans against the National Construction Code (NCC 2025), Australian Standards (including AS 1428), state building codes, local council Local Environmental Plans (LEPs), Development Control Plans (DCPs), and other regulatory frameworks.

We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy applies to all users of our Service, including individuals, businesses, and organisations that submit construction documentation for compliance review.

2. Information We Collect

2.1 Account Information

When you register for our Service, we collect:

  • Full name and contact details (email address, phone number, business address)
  • Business or organisation name and ABN/ACN (where applicable)
  • Professional licensing information (e.g., builder registration, architect registration, building surveyor certification)
  • Payment and billing information
  • Login credentials (passwords are encrypted and not stored in plain text)

2.2 Construction Documentation

To provide our compliance checking service, we collect and process:

  • Construction drawings, architectural plans, and building documentation (PDF uploads)
  • Site information including property addresses, lot numbers, and geographic coordinates
  • Project specifications and technical data
  • Zoning information, Floor Space Ratio (FSR) data, and height limit requirements
  • Council submission references and planning permit information
  • Historical compliance reports generated through our Service

2.3 Chat and Query Data

When you use our Compliance Chat feature, we collect:

  • Text-based queries and conversations with our AI assistant
  • Query history and response logs

2.4 Technical and Usage Data

We automatically collect:

  • Device information (browser type, operating system, device identifiers)
  • IP addresses and approximate geographic location
  • Service usage patterns and feature interactions
  • Error logs and diagnostic information
  • Cookies and similar tracking technologies (see Section 9)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

  • Processing construction drawings through our AI compliance checking system (Automated Plan Scanning)
  • Cross-referencing submitted plans against NCC 2025 (Volumes 1 & 2), AS 1428 accessibility standards, and applicable council LEPs and DCPs
  • Performing site feasibility studies including setback verification, height limit checks, and solar access envelope analysis
  • Conducting fire safety assessments (BCA Class classifications) and bushfire attack level (BAL) requirement checks
  • Generating compliance reports and identifying potential regulatory issues
  • Processing Compliance Chat interactions to respond to your questions
  • Providing Regulatory Intelligence alerts about changes to standards affecting your projects

3.2 Account Management

  • Creating and managing your user account
  • Processing payments and managing subscriptions
  • Communicating about your account, including service updates and regulatory change notifications
  • Providing customer support

3.3 Service Improvement

  • Training and improving our AI models to enhance accuracy and coverage
  • Expanding our council database coverage (currently 500+ council databases)
  • Developing new features and capabilities
  • Conducting research and analytics (using aggregated, de-identified data where possible)

3.4 Legal and Compliance

  • Complying with legal obligations and regulatory requirements
  • Responding to lawful requests from government authorities
  • Protecting our legal rights and enforcing our terms of service
  • Detecting and preventing fraud, security breaches, or illegal activities

4. AI Processing and Automated Decision-Making

Our Service uses artificial intelligence and machine learning technologies to analyse construction documentation and assess regulatory compliance. You should be aware of the following:

  • Automated Analysis: Our AI systems (Compliance Engine) automatically process uploaded drawings to identify potential compliance issues against NCC 2025, AS 1428, council LEPs/DCPs, bushfire requirements, and other applicable regulations.
  • Accuracy Limitations: Our AI-powered compliance checking system has accuracy rates of up to 92%. However, WE DO NOT GUARANTEE 100% ACCURACY. Results should be verified by qualified professionals before relying on them for regulatory submissions.
  • Human Oversight: Final compliance decisions should always involve review by appropriately qualified building surveyors, certifiers, architects, engineers, or relevant authorities.
  • Model Training: We may use de-identified and aggregated data from submissions to improve our AI models, subject to the protections described in this policy.

5. Disclosure of Information

We may disclose your information to the following categories of recipients:

5.1 Service Providers

We engage third-party service providers who assist in operating our Service, including cloud hosting providers, payment processors, analytics services, and customer support tools. These providers are contractually bound to protect your information and use it only for specified purposes.

5.2 Government and Regulatory Data Sources

Our Service accesses publicly available data from government sources including:

  • National Construction Code (NCC): Direct integration with NCC 2025 (Volumes 1 & 2) for automated compliance verification
  • VicMaps: High-precision property boundaries, easements, and geospatial data for Victorian properties
  • Council Codes: Real-time synchronization with 500+ local council LEPs, DCPs, and zoning regulations
  • Australian Standards: Including AS 1428 (accessibility) and bushfire attack level (BAL) requirements

We do not share your personal information with these sources; we only retrieve regulatory data to perform compliance assessments.

5.3 Legal Requirements

We may disclose information where required by law, court order, or government regulation, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your information.

5.5 With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

6. Cross-Border Data Transfers

Our Service is primarily hosted in Australia. However, some of our service providers may process data in other jurisdictions. Where we transfer personal information overseas, we take reasonable steps to ensure the recipient complies with the APPs or is subject to substantially similar privacy protections.

Countries where your data may be processed include the United States (for cloud infrastructure and AI processing services), the European Union, and other jurisdictions where our technology partners operate. We maintain appropriate contractual safeguards with these providers.

7. Data Security

We implement robust security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Access controls and authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Employee training on data protection practices
  • Incident response procedures for potential data breaches
  • Regular backups and disaster recovery planning

While we take reasonable precautions, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.

8. Data Retention

We retain your information for as long as necessary to provide our Service and fulfil the purposes described in this policy. Specific retention periods include:

  • Account Information: Retained while your account is active and for 7 years after account closure for legal and accounting purposes.
  • Construction Documentation: Retained for the duration of your subscription plus 3 years, unless you request earlier deletion or longer retention is required by law.
  • Compliance Reports: Retained for 7 years to support potential audit, legal, or regulatory requirements.
  • Technical Logs: Generally retained for 12 months for security and troubleshooting purposes.

9. Cookies and Tracking Technologies

Our Service uses cookies and similar technologies to:

  • Maintain your session and authentication status
  • Remember your preferences and settings
  • Analyse usage patterns and improve our Service
  • Provide security features

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect Service functionality.

10. Your Rights and Choices

Under the Privacy Act and APPs, you have the following rights:

  • Access: You can request access to the personal information we hold about you.
  • Correction: You can request correction of inaccurate or incomplete personal information.
  • Deletion: You can request deletion of your personal information, subject to our legal obligations and legitimate business needs.
  • Data Portability: You can request an export of your compliance reports and submitted documentation.
  • Opt-out: You can opt out of marketing communications and Regulatory Intelligence alerts at any time.
  • Complaint: You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy.

To exercise these rights, contact us using the details in Section 13.

11. Children's Privacy

Our Service is designed for business and professional use and is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Effective Date" at the top of this policy indicates when it was last revised. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer

UptoCode

UptoCode Pty Ltd

696 Bourke St, Melbourne VIC 3000

Email: privacy@uptocode.com.au

Phone: +61 412 690 861

We aim to respond to all privacy inquiries within 30 days.

Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au

Phone: 1300 363 992