Terms

Jianai Privacy Policy

Last updated: 8 May, 2026

1. About This Policy

This Privacy Policy describes how Jianai Pty Ltd  ("Jianai", "we", "us", or "our"), headquartered at Level 11, 655 Elizabeth Street, Melbourne VIC 3000, Australia, collects, uses, discloses, stores, and protects personal information.

We are committed to handling personal information responsibly and in accordance with:

  • The *Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
  • The EU General Data Protection Regulation (GDPR) where applicable
  • The Privacy and Data Protection Act 2014 (Vic) where applicable
  • Other applicable data protection laws in jurisdictions where we operate

By accessing our website at jianai.co or using the Jianai platform ("Platform"), you acknowledge that you have read and understood this policy.

2. Who We Are and How to Contact Us

Jianai Pty Ltd
Level 11, 655 Elizabeth Street
Melbourne VIC 3000, Australia

Email: privacy@jianai.co
General enquiries: info@jianai.co

For users located in the European Union or United Kingdom, Jianai acts as a data controller in respect of personal information collected through the website and Platform. Where Jianai processes personal data on behalf of institutional customers (e.g. universities and research institutes), Jianai may act as a data processor under the terms of the applicable data processing agreement.

3. What Personal Information We Collect

We collect personal information that is reasonably necessary for the operation of our business and delivery of the Platform. This may include:

a) Identity and contact information

  • Full name, job title, and professional role
  • Email address, phone number
  • Organisation or institution name
  • Country and location

b) Account and platform data

  • Login credentials (email address; passwords are encrypted and not accessible to us)
  • User preferences and account settings
  • Profile information provided during onboarding

c) Research and project data

  • Project descriptions, documents, notes, and outputs you create or upload within the Platform
  • Workflow data and collaboration activity
  • Documents generated through the Platform

d) Usage and technical data

  • IP address, browser type, device identifiers
  • Pages visited, features used, time spent on the Platform
  • Clickstream and interaction data
  • Error logs and diagnostic information

e) Communications data

  • Correspondence with us via email, forms, or in-platform messaging
  • Demo request and enquiry submissions
  • Responses to surveys or feedback requests

f) Health and research-related data (where applicable)

Where institutional users upload or process data containing health information or sensitive research data, this is treated as sensitive information and subject to heightened protections under this policy and applicable law.

4. How We Collect Personal Information

We collect personal information:

  • Directly from you, when you register, submit a form, book a demo, or use the Platform
  • Automatically, through cookies, analytics tools, and usage tracking (see Section 9)
  • From your organisation or institution, where your employer or institution has procured access to the Platform on your behalf
  • From publicly available sources, in limited circumstances (e.g. professional directories for partnership enquiries)

Where practical, we will collect information directly from you and notify you of the purpose at the time of collection (APP 5).

---

5. Why We Collect and Use Personal Information

We use personal information for the following purposes:

Purpose Legal Basis (GDPR) APP Basis
Providing and operating the Platform Performance of contract Necessary for services
Account creation and management Performance of contract Necessary for services
Responding to enquiries and demo requests Legitimate interests / Pre-contract Necessary for services
Platform analytics and improvement Legitimate interests Reasonably necessary
Security monitoring and fraud prevention Legal obligation / Legitimate interests Reasonably necessary
Sending product updates and communications Consent / Legitimate interests Consent / reasonable expectation
Compliance with legal obligations Legal obligation Legal obligation
Research data processing on behalf of institutions Performance of contract (data processor) Authorised by institution

|

We do not use personal information for purposes beyond those listed above without your consent or as otherwise permitted by law.

6. Disclosure of Personal Information

We may disclose personal information to:

a) Service providers and subprocessors

We engage trusted third-party service providers to help deliver the Platform, including cloud hosting providers, analytics services, email delivery services, and customer support tools. These providers are bound by contractual obligations to handle data securely and only as instructed.

b) Institutional customers

Where you use the Platform as part of an institutional deployment, your usage information and project data may be accessible to authorised administrators within your institution.

c) Professional advisors

Lawyers, auditors, and insurers, under obligations of confidentiality.

d) Law enforcement and regulators

Where required or permitted by law, including in response to valid legal process, court orders, or regulatory obligations.

e) Business transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected individuals in advance where required by law.

We do not sell, rent, or trade personal information to third parties for their own marketing purposes.

7. Cross-Border Disclosure

Jianai operates from Australia and may store or process personal information using cloud infrastructure and services located outside Australia, including in the United States, European Union, and other jurisdictions.

Under APP 8 of the Privacy Act 1988 (as reformed in 2024), we remain accountable for how personal information is handled by overseas recipients. Before disclosing personal information overseas, we take reasonable steps to ensure the recipient handles it in a manner consistent with the APPs.

For users in the European Union or United Kingdom, where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) or equivalent mechanisms as approved by relevant supervisory authorities.

A current list of key subprocessors and their locations is available on request at privacy@jianai.co.

8. Sensitive Information

Certain categories of information require additional protection. This includes health information, biometric data, genetic data, and information about racial or ethnic origin.

Where the Jianai Platform is used in research or clinical contexts, institutional users may upload or process data that contains health or sensitive information, Jianai:

  • Processes such data only as directed by the institutional customer
  • Does not use research or health data to train AI models or for any purpose beyond delivering the contracted services
  • Applies appropriate technical and organisational security measures to such data
  • Does not share this data with third parties except as required to deliver the service or as required by law

Jianai's Black Box IP Security architecture is designed to ensure that no customer data is used for model training, improvement of third-party AI systems, or any purpose beyond the explicit contracted scope.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to operate the site, understand usage patterns, and improve your experience.

Types of cookies we use:

  • Strictly necessary — Required for the site and Platform to function. These cannot be disabled.
  • -Analytics — Help us understand how visitors interact with our site (e.g. pages visited, time on site). We use this to improve the user experience.
  • Preferences — Remember your settings and preferences between visits.
  • Marketing — Used to measure the effectiveness of our communications and, where consented, to serve relevant content.

You can manage your cookie preferences through the cookie consent tool displayed when you first visit our website, or through your browser settings. Note that disabling certain cookies may affect the functionality of the website.

For users in the EU/UK, we obtain your consent before placing non-essential cookies in accordance with GDPR and the applicable ePrivacy rules.

10. Data Retention

We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.

As a general guide:

  • Account data — Retained for the duration of your active account plus 7 years after account closure
  • Platform / project data — Retained as agreed with institutional customers; typically deleted or returned within 30 days of account closure upon request
  • Marketing and communications data — Retained until you unsubscribe or withdraw consent
  • Usage and analytics data — Retained in aggregated or anonymised form for up to 3 years
  • Legal and compliance records — Retained as required by applicable law

11. Security

  • Right to access — Obtain a copy of your personal data
  • Right to rectification — Correct inaccurate data
  • Right to erasure** — Request deletion, subject to legal retention obligations
  • Right to restrict processing** — Limit how we process your data in certain circumstances
  • Right to data portability** — Receive your data in a machine-readable format
  • Right to object** — Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent** — Where processing is based on consent, withdraw it at any time without affecting prior processing

We take the security of personal information seriously. Our security measures include:

  • Encryption of data in transit (TLS) and at rest
  • Role-based access controls and user authentication (including multi-factor authentication)
  • Regular security assessments and penetration testing
  • Audit logging of access and activity
  • Organisational policies governing data access and handling
  • Alignment with SOC 2, ISO 27001, GDPR, and HIPAA compliance frameworks

12. Your Rights

In the event of a data breach that is likely to result in serious harm, we will notify affected and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme, and relevant supervisory authorities under GDPR, within the required timeframes.

Depending on your location, you may have the following rights in respect of your personal information:

Under Australian Privacy Law (all users):

  • Access — Request access to the personal information we hold about you (APP 12)
  • Correction — Request correction of inaccurate or incomplete information (APP 13)
  • Complaints — Lodge a complaint with us or the OAIC if you believe we have mishandled your information

Under GDPR (EU/UK users):

To exercise any of these rights, contact us at privacy@jianai.co. We will respond within 30 days (or 1 month for GDPR requests). We may need to verify your identity before processing your request.

13. Children's Privacy

The Jianai Platform is intended for use by professionals and institutions in the life sciences sector. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

14. Third-Party Links

Our website and Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Platform. We will notify you of material changes by:

  • Posting the updated policy on our website with a revised effective date
  • Sending an email notification to registered users where the change is significant

We encourage you to review this policy periodically.

16. Complaints

Australia:

If you have concerns about how we handle your personal information that we have not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner (OAIC):

Website: oaic.gov.au | Phone: 1300 363 992

European Union / United Kingdom:

You have the right to lodge a complaint with your local data protection supervisory authority. For EU users, this is typically the authority in your member state. For UK users, this is the Information Commissioner's Office (ICO): ico.org.uk

17. Contact Us

For any privacy-related questions, requests, or concerns:

Jianai Pty Ltd — Privacy
Level 11, 655 Elizabeth Street
Melbourne VIC 3000, Australia

Email: privacy@jianai.co

© 2026 Jianai Pty Ltd. All rights reserved.*