DLK Portal
TermsPrivacy

Privacy Policy

Last updated: 27 February 2026

DLK Studio ("we", "us", "our") operates the DLK Portal platform. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

1. Information We Collect

We collect the following types of information:

  • Account information: name, email address, and password (hashed) when you register
  • Files and content: documents, images, and other files you upload to the Portal
  • Chat history: conversations with the AI assistant, stored to provide continuity
  • Project data: project details, milestones, deliverables, and activity logs
  • Calendar and email data: if you connect Google or Microsoft accounts, we access calendar events and emails to provide scheduling and email features
  • Usage data: AI token usage, storage consumption, and feature access for billing and service management
  • Device information: push notification subscription data for delivering notifications

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Portal service
  • Process uploaded files using AI for summarisation and text extraction
  • Deliver AI assistant features (project management, calendar, reminders, email)
  • Send push notifications for deliverable updates and reminders
  • Monitor usage for plan limits and billing
  • Improve the Service based on usage patterns (aggregated, non-personal)

3. Third-Party Services

We use the following third-party services to operate the Portal:

  • Cloudflare R2: file storage (data stored in Cloudflare's network)
  • Neon (PostgreSQL): database hosting (Sydney, Australia region)
  • Anthropic (Claude AI): AI processing for file analysis and chat
  • OpenAI: AI processing for chat and tool use
  • Google APIs: Gmail and Google Calendar integration (when connected)
  • Microsoft Graph: Outlook and calendar integration (when connected)
  • Stripe: payment processing for subscription plans
  • Vercel: web application hosting

Each third-party service has its own privacy policy. We only share the minimum data necessary for each service to function.

4. Data Storage and Security

Your data is stored on servers operated by our hosting providers. We implement reasonable security measures including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Hashed passwords (never stored in plaintext)
  • Per-user data isolation (users cannot access each other's data)
  • CSRF protection on all mutating API endpoints
  • File type validation with magic byte verification to prevent malicious uploads
  • Rate limiting on authentication endpoints

5. AI Processing

When you use the AI assistant or upload files, your content may be sent to third-party AI providers (Anthropic, OpenAI) for processing. These providers process data according to their own privacy policies and data handling agreements. We do not use your data to train AI models.

6. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access: request a copy of all personal data we hold about you (available via the Export Data feature in Settings)
  • Correction: request correction of inaccurate personal information
  • Deletion: request deletion of your account and all associated data (available via the Delete Account feature in Settings)
  • Complaint: lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, we permanently delete all associated data including files, projects, chat history, and Sentinel AI data. Deletion is irreversible. Backup copies may persist in our infrastructure for up to 30 days after deletion.

8. Cookies

The Portal uses a single essential session cookie (portal_session) for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

9. Children

The Portal is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The updated policy will be effective from the date posted on this page.

11. Contact

For privacy enquiries or to exercise your rights, contact us at dlkstudiotechnology@gmail.com.

You may also contact the Office of the Australian Information Commissioner at www.oaic.gov.au or by phone on 1300 363 992.