Privacy Policy

1. The summary

• We collect the minimum we need to run the Service: your email, the schedule files you upload, the generated reports, and basic billing metadata via Stripe.
• Source schedule files are deleted from our servers immediately after a report has been generated.
• Generated reports are retained, scoped to your account, until you delete them or your account.
• We do not use your schedule data to train AI models. We do not sell your data. We do not share your data with third parties except those strictly necessary to deliver the Service (payment processing, hosting, optional AI narrative inference).
• You can delete your account at any time. Deletion removes your reports, stored files, account record, and all derived data.

2. Who is responsible

ScheduleLens is operated by Own Your Mind (the “Operator”, “we”, “us”). For data-protection purposes the Operator acts as the controller for your account information and as a processor for the schedule files you upload (which usually belong to your client or employer).

Contact: support@schedule-analyser.local.

3. What we collect and why

Account information

Email address (required), display name (optional), password hash (bcrypt; we never see your plaintext password), email verification status, last-login timestamp, and the timestamp at which you accepted these terms. We use this to authenticate you and to communicate about your account.

Schedule files

You upload one or more schedule files (XER, P6 XML, MS Project XML). We parse them, run analysis, generate a report, and delete the source files. Source files are not backed up, archived, or retained beyond the duration of a single analysis job.

Reports

The HTML, PDF, and Excel artefacts produced by an analysis are stored against your account so you can download them again later. Reports are derived data. Deleting an analysis or your account removes the reports as well.

Billing metadata

Payments are processed by Stripe. We store a Stripe customer identifier so we can recognise repeat customers, plus the status and product of each completed purchase. We do not store full payment card details on our servers.

Operational telemetry

Structured logs (request id, route, response code, timing, account id) and error reports (via Sentry, where configured) let us run the Service reliably and investigate incidents. These logs do not contain schedule contents.

4. AI narrative inference — privacy tiers

Some reports include an AI-generated executive summary or narrative. The analysis runs locally on our servers; only the narrative-generation step optionally calls a third-party AI provider. You choose your privacy tier per analysis:

• Standard. Analysis JSON is sent over TLS to the configured AI provider. The provider sees the data; we contractually require providers not to retain or train on it beyond what is needed to fulfil the request.
• Private (Venice E2EE). Analysis JSON is end-to-end encrypted to a Venice E2EE model. The provider cannot read the data. Only our server and the model see the analysis content.
• Self-hosted inference (V2). Planned: the narrative is generated on hardware you control. Analysis files still pass through our server.
• On-premise (V2+). Planned: the entire stack runs in your environment. Nothing leaves your network.

You can decline AI narrative generation entirely; reports render with deterministic template prose.

5. How the Privacy Act applies

The Operator is established in Australia and handles your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We collect personal information by lawful and fair means (APP 3), use and disclose it only for the primary purpose of delivering the Service or for related secondary purposes you would reasonably expect (APP 6), keep it secure (APP 11), and give you access to your information on request (APP 12).

If you access the Service from outside Australia, your local data-protection law may also apply. We accept the protections of those frameworks (including the UK GDPR and EU GDPR) where they apply.

6. Where your data is held and cross-border disclosure

The platform runs on Fly.io and Tigris (S3-compatible object storage). Hosting regions are configured to keep data in the Asia-Pacific region by default; on request we will tell you which specific region your account’s data is in.

Where personal information is disclosed to a recipient overseas (for example a payment processor or AI inference provider that operates outside Australia), we take reasonable steps under APP 8 to ensure the recipient does not breach the APPs in handling that information — typically through contractual safeguards equivalent to the Standard Contractual Clauses or, where applicable, the UK International Data Transfer Addendum. The optional AI-narrative tier is described in section 4 above; you choose your privacy tier per analysis.

7. Retention

Source schedule files: deleted immediately after analysis completes. Generated reports and account data: retained until you delete them or your account, after which deletion is typically completed within seven days. Operational logs: retained for up to 90 days for incident investigation. Billing records: retained for the period required by tax law (typically seven years).

8. Your rights

Under the Australian Privacy Principles you have the right to:

• access the personal information we hold about you (APP 12);
• request that we correct inaccurate or out-of-date information (APP 13);
• have your information deleted when it is no longer needed for the purpose it was collected (APP 11.2);
• raise a privacy complaint with us first; if unresolved within thirty days, escalate to the Office of the Australian Information Commissioner (OAIC).

If you access the Service from another jurisdiction (for example the UK or EU), you also retain the rights granted by your local data-protection regime, including erasure (“right to be forgotten”), restriction of processing, objection to processing, and data portability.

The fastest way to exercise the right to deletion is to delete your account from the account settings page; we will action written requests to support@schedule-analyser.local within thirty days.

9. Cookies

We use a small number of strictly-necessary cookies to keep you signed in and to support payment flows. We do not use advertising cookies and do not run third-party analytics on the site. See the Cookies notice for the full list.

10. Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by email and re-prompted at sign-in.