top of page

Elf Works Pty Ltd Privacy Policy
Last Updated: 1 November 2025

Introduction
Welcome to Elf Works. This Privacy Policy outlines how Elf Works Pty Ltd (ABN 92 678 538 086) ("Elf Works", "we", "us", or "our") collects, uses, discloses, and protects Personal Information.

This policy applies to "Customers" (the entity agreeing to our Terms) and their "Authorised Users" (collectively, "you") who access or use the Elfworks.ai research platform and related services (the "Service").

This Privacy Policy is incorporated by reference into our Terms and Conditions ("Terms"). By using the Service, you agree to the processing of your Personal Information as described in this policy.

We also use or reference other documents from our Terms, including the AI Product Terms, Acceptable Use Policy (AUP), Subscription Page, and Vendor List.

Summary: This is our Privacy Policy. It explains what information we collect, how we use and share it, and your rights as a user. By using our Service, you agree to this policy.
1. What Personal Information We Collect
"Personal Information" has the same meaning as in the Privacy Act: information or an opinion about an identified individual, or an individual who is reasonably identifiable.

We collect Personal Information in the following ways:
(a) Information You Provide Directly When you register for an account, update your profile, or communicate with us (e.g., for billing or support), you provide us with Personal Information, which may include:
• Account Information: Your name, email address, and professional details (such as your accounting firm's name).
• Billing Information: Payment details, which are processed by our third-party payment vendor.
• Communications: Any information you provide when you contact us for support or legal enquiries.
(b) Information You Provide via the Service (Inputs) Our Service is designed to process information you and your Authorised Users submit to it ("Inputs"). These Inputs (such as prompts or uploaded documents) may contain Personal Information about you, your clients, or other third parties.
• We process this Personal Information solely to provide the Service to you (e.g., to generate "Outputs").
• You are responsible for ensuring you have the necessary rights and consents to provide any Personal Information contained within your Inputs.
(c) Information We Collect Automatically (Usage Data) When you use the Service, we automatically collect technical and usage data to ensure the Service is functioning securely and correctly. This may include:
• Log Data: Your Internet Protocol (IP) address, browser type, and settings.
• Usage Analytics: Information about how you interact with the Service, such as features used, clicks, and session times. This information is typically collected in an aggregated and anonymised form.
• Cookies: We use essential cookies to maintain your session, secure your account, and remember your preferences. We do not use cookies for cross-contextual advertising.
(d) Anonymity and Pseudonymity (APP 2) Individuals must typically identify themselves to use the Service. Given the nature of our Service (a paid, professional B2B platform requiring secure account registration), it is impracticable for us to deal with individuals who wish to act anonymously or under a pseudonym.
(e) Unsolicited Information (APP 4) If we receive unsolicited personal information, we promptly assess it and, if we could not have collected it, we destroy or de-identify it as soon as practicable (unless a legal retention obligation applies).

Summary (APP 5 Notification) We collect personal information directly from you (e.g., account sign-up, support) and indirectly through your uploads/Inputs, which may include third-party personal information. If you do not provide certain information (such as account or billing details), we may be unable to create your account, provide paid features, or respond to requests. We disclose personal information to our Providers listed on our Vendor List for hosting, inference, and operational support; these Providers may be located outside Australia (see Vendor List for countries). See "Your Rights and How to Make a Complaint" below for how to exercise your rights.

2. How We Use Your Personal Information (Purpose)
We only use your Personal Information for the purposes for which it was collected (the "primary purpose") or as otherwise permitted by law.
Our primary purposes for using your Personal Information are:
• To Provide and Maintain the Service: To operate the Elfworks.ai platform, authenticate Authorised Users, process your Inputs to generate Outputs, manage your subscription, and process payments.
• To Support and Communicate with You: To respond to your support requests and send you essential Service-related communications (e.g., security alerts, billing notifications, or updates to our Terms).
• To Improve the Service: To analyse aggregated and anonymised Usage Data (which does not include your Inputs) to understand usage trends, improve service functionality, and enhance security.
• To Ensure Safety and Compliance: To monitor for and prevent breaches of our AUP, enforce our Terms, and protect the security and integrity of the Service.
• To Comply with Legal Obligations: To meet our obligations under Australian law.
• For Direct Marketing (APP 7): We may use your Account Information (e.g., your email address) to send you communications about new features or subscription plans that we believe may be of interest to you. You may opt out of these communications at any time by using the "unsubscribe" link in the email. We will not use any Personal Information within your Inputs for marketing.

Summary: We use your information to run the Service, bill you, support you, and improve our platform. We may send you marketing emails, which you can opt-out of. We never use the content of your Inputs for marketing.

3. Our "No Training by Default" AI Policy
This is a core commitment of our Service and is a condition of our Terms (Clause 6.4).
We will not use your Inputs or Outputs to train or improve our AI models or the AI models of our third-party Providers.
The only exception to this rule is if you provide your express, opt-in consent for us to use your data for this purpose. This is not a condition of using the Service.
Summary: We will never use your private data (Inputs or Outputs) to train AI models unless you explicitly and separately give us permission to do so.

4. How We Disclose Your Personal Information
We only disclose your Personal Information in the limited circumstances set out below:
(a) To Providers (To Run the Service) The Service functions by integrating with third-party infrastructure and Large Language Model providers ("Providers").
• To provide the Service, we must disclose your Inputs (which may contain Personal Information) to these Providers.
• Our current Providers and their roles are identified on our Vendor List.
• We have contractual agreements with these Providers that, among other things, enforce our "No Training by Default" policy and require them to protect your data.
(b) Administered Accounts The Service is a B2B platform. If you register an account using an email address associated with your employer or firm (the "Customer"), your account is managed by that Customer. The Customer's administrators may have the ability to access, modify, and control your account and the data within it (including your Inputs and Outputs).
(c) Legal and Contractual Obligations We may disclose your Personal Information if we are required to do so by law, court order, or in connection with a legal proceeding.
(d) Business Transfers If Elf Works is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to our confidentiality obligations.
Summary: We must share your Inputs with our AI and infrastructure partners (our "Providers") to make the Service work. If you use a work email, your employer may have access to your account.

5. Cross-Border Disclosure of Personal Information (APP 8)
To provide the Service, we disclose Inputs and related personal information to infrastructure and large language model Providers listed on our Vendor List. Some Providers are located outside Australia; the Vendor List specifies countries and purposes per Provider. We take reasonable steps (including contractual measures and our No-Training-by-Default requirement) to ensure overseas recipients do not breach the APPs. We provide 30 days’ prior notice before adding a new processing country or materially changing Providers, with a right to terminate before the change takes effect.

6. Government Related Identifiers (APP 9)
We do not adopt, use, or disclose government-related identifiers (e.g., Tax File Numbers, Medicare or driver licence numbers) as our own identifiers, except as permitted by law. While you may provide Inputs that contain such identifiers (for example, client-related documents), we do not use them to identify or manage your account, and they are processed only in accordance with this policy and our Terms.

7. Data Quality (APP 10)
We take reasonable steps to maintain data quality, including self-service profile updates, admin correction tools, field validation at collection, periodic prompts to confirm contact/billing details, and bounce-handling to update or remove invalid contact information.

8. Data Security and Retention (APP 11)
(a) Security (APP 11.1) We take reasonable steps to protect the Personal Information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure.
We implement and maintain technical and organisational security measures, which are further described on our Trust and Security Page. However, no system is 100% secure, and we cannot guarantee the absolute security of your information. You are responsible for maintaining the security of your account credentials.
(b) Retention and Deletion (APP 11.2) We retain your Personal Information only for as long as is necessary to provide the Service to you and to comply with our legal obligations (such as for tax or audit purposes).
As set out in our Terms (Clause 14.5), following the termination of your subscription, you will have 30 days to export your Inputs and Outputs. After this period, we will take reasonable steps to securely destroy or de-identify your Personal Information from our active systems.
Summary: We take security seriously and have measures in place to protect your data. We delete your data from our active systems after you terminate your account, following a 30-day export window.

9. Your Rights and How to Make a Complaint
(a) Access and Correction (APP 12 & 13) You have the right to request access to the Personal Information we hold about you and to request that we correct any inaccuracies.
You can access and update most of your Account Information directly through your account settings. For information that is not available in your account, or to request correction, please contact our Privacy Officer at privacy@elfworks.ai.
We will respond to your request within a reasonable period. We will not charge you for making a request, though we may charge a reasonable fee for giving access if the request is complex.
(b) Making a Complaint (APP 1) If you believe we have breached the Australian Privacy Principles or this Privacy Policy, please contact us first. We take all complaints seriously and will endeavour to resolve them promptly.
1. Contact our Privacy Officer: Please provide your complaint in writing to privacy@elfworks.ai or our registered address below.
2. External Complaint: If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
Summary: You have the right to access, correct, or complain about our handling of your Personal Information. Please contact us first at privacy@elfworks.ai. If you're not satisfied, you can contact the OAIC.

10. Changes to this Privacy Policy
We may modify this Privacy Policy from time to time. If we make a change that, in our reasonable opinion, materially reduces your rights or increases your obligations, we will provide you with 30 days' prior notice by email or via an in-product notification.
Your continued use of the Service after any change constitutes your acceptance of the new policy.

11. How to Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact our Privacy
Officer:
Privacy Officer Elf Works Pty Ltd (ABN 92 678 538 086) Email: privacy@elfworks.ai Registered Address: 268 Long Road, Tamborine Mountain QLD 4272 Australia

bottom of page