Privacy Policy

Hoist AI Pty Ltd (ABN 12 345 678 901) ("Hoist AI", "we", "us", or "our") provides an AI-powered platform for grant and procurement teams. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website, applications, and related services (collectively, the "Service").

We are committed to handling personal information in accordance with applicable privacy laws, including the Australian Privacy Act 1988 (Cth) and, where applicable, the EU/UK GDPR and US state privacy laws.

We collect information you provide directly to us, including: • Account and Profile Data: Name, email address, organization details, role, and authentication identifiers. • Workspace and Content Data: Project data, chat prompts, uploaded documents, wiki content, and generated drafts. • Billing and Transaction Data: Subscription plan, billing status, and payment metadata from our payment processors. We do not store full card numbers. • Support and Communications: Messages you send us, including support requests and feedback.

We also collect information automatically, including: • Usage Data: Feature usage, clicks, page views, session activity, and settings interactions. • Technical Data: IP address, device/browser details, timestamps, log data, and diagnostic data. • Cookie and Similar Data: Session cookies, preference cookies, and analytics identifiers.

We may receive information from third parties you connect to the Service, such as authentication providers, cloud storage providers, and billing providers.

We use personal information to: • Provide, operate, secure, and maintain the Service. • Authenticate users and manage organizations, permissions, and subscriptions. • Process transactions and send operational notices. • Deliver AI-powered drafting, analysis, and opportunity-matching features. • Improve performance, quality, reliability, and user experience. • Detect, prevent, and investigate abuse, fraud, security incidents, and violations. • Comply with legal obligations and enforce our contractual rights.

To provide core product functionality, we may process your prompts, files, and related context through AI model providers and retrieval systems.

AI outputs are probabilistic and may contain errors. You are responsible for reviewing generated content before relying on it for grant or procurement submissions.

Unless we explicitly state otherwise, we do not use your Customer Content to train Hoist-owned foundation models. Third-party model providers may process data according to their own terms and policies, including limited retention for abuse monitoring where applicable.

Where GDPR or similar regimes apply, we typically process personal information under one or more of the following legal bases: • Performance of a contract (providing the Service you request). • Legitimate interests (security, product improvement, fraud prevention). • Compliance with legal obligations. • Consent (for specific optional processing where required).

We may disclose information to: • Service Providers and Subprocessors: Providers that support authentication, billing, email delivery, cloud infrastructure, analytics, error monitoring, and AI processing. • Integrated Services You Authorize: Cloud storage or other integrations you connect (for example Google, Microsoft, or Dropbox services). • Professional Advisors and Corporate Transaction Parties: In connection with financing, due diligence, merger, acquisition, or asset sale. • Regulators and Law Enforcement: When required by law, subpoena, court order, or to protect rights, security, and safety.

We do not sell personal information.

Because we and our providers operate globally, personal information may be transferred to and processed in countries other than your own.

Where required by law, we use recognized safeguards for international transfers, such as contractual protections and other lawful transfer mechanisms.

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

If you close your account, we will delete or de-identify personal information within a commercially reasonable period, subject to legal, regulatory, fraud-prevention, and backup retention requirements.

We use administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit, and other reasonable security practices.

No system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly of suspected unauthorized activity.

We use cookies and similar technologies to operate the Service, remember preferences, measure usage, and improve performance.

Some cookies are necessary for core functionality. Others (such as analytics) may be optional depending on your jurisdiction and consent choices. You can control cookies through browser settings and, where available, in-product controls.

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or request portability of your personal information.

You may also withdraw consent where processing is based on consent.

To exercise rights, contact us at privacy@hoist.ai. We may need to verify your identity before processing requests.

Residents of certain US states may have additional rights, including rights to know, access, delete, correct, and opt out of certain data uses.

Hoist AI does not sell personal information. If required by law, we will honor applicable opt-out and appeal rights and will not discriminate for exercising privacy rights.

The Service is intended for business users and is not directed to children. We do not knowingly collect personal information from children in violation of applicable law.

If you believe a child has provided personal information, contact us and we will take appropriate action.

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and provide additional notice where required.

If you have privacy questions or complaints, contact:

Hoist AI Pty Ltd Level 4, 31 Queen Street Melbourne VIC 3000 Australia

Email: privacy@hoist.ai Phone: +61 3 9000 0000

If you are not satisfied with our response, you may have a right to lodge a complaint with your local privacy regulator (for example, in Australia, the Office of the Australian Information Commissioner).