Contact Get AI Visibility Audit
Privacy Policy · Edition 1.0

Privacy Policy.

How the institution collects, uses, holds, and discloses personal information — and the rights of every person about whom we hold information.

Effective 10 May 2026. Reviewed by the Methodology Council. Australian Privacy Principles compliant.

1 · Scope and entity

This Privacy Policy is issued by AI Discovery Pty Ltd (ABN to be inserted at incorporation), trading as AI Discovery (the institution). It governs the collection, use, holding, and disclosure of personal information by the institution in the course of its operations.

The institution is bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) and operates in accordance with the principles, the institution's Charter, and the Tier classification system described in our Internal Operating System.

2 · What we collect

The institution collects personal information necessary to perform its functions. Categories include:

  • Contact information. Names, professional roles, email addresses, telephone numbers, and organisational affiliations of individuals who contact the institution or who are authorised representatives of subjects.
  • Engagement information. Information about the subject's business, properties, public footprint, and engagement objectives, collected to perform the engagement.
  • Subject data. Public information about the subject collected through the Score Engine — website content, public registers, citation patterns, prompt-set responses across AI systems.
  • Practitioner information. Information about practitioners enrolled in the Certification programme — qualifications, examination results, conduct records, professional memberships.
  • Annual subscriber information. Names and organisations of subscribers to the State of AI Discovery and attendees of the Summit.

3 · How we collect

We collect personal information directly from the individuals concerned wherever practicable — through the contact form, in correspondence, in engagement onboarding, and through the Certification examination. Where direct collection is not practicable, we collect from public sources (registers, websites, accredited directories) and from the subject's authorised representatives.

The institution does not collect personal information through covert means, and does not collect sensitive information (within the meaning of the Privacy Act) except where necessary for a lawful purpose and with consent.

4 · Why we collect

The institution collects personal information for the following purposes:

  • To perform engagements under the Master Engagement Letter, including the Audit, Authority Infrastructure, Citation Engine, and Score Engine instrumentation.
  • To administer the Certification programme — examinations, awards, conduct adjudication, continuing professional development.
  • To produce the State of AI Discovery and other editorial outputs, where relevant.
  • To respond to enquiries received through the website, by email, or by post.
  • To maintain the Conflicts Register and discharge the institution's obligations under the Charter.
  • To fulfil legal, regulatory, and professional obligations.

5 · How we hold it

The institution holds personal information in electronic systems with access controlled per the Tier classification system described below. Records are held in Australia where practicable. Records held outside Australia are held only with providers that demonstrate compliance with the Australian Privacy Principles or a substantially similar framework.

Records are retained per the Working Papers Retention Schedule:

  • Engagement records: seven years from engagement closure, then archived for three further years, then deleted.
  • Conflicts Register: held for the lifetime of the institution.
  • Methodology decisions: held permanently.
  • Personnel records: seven years post-departure, then anonymised.
  • Marketing enquiries (where no engagement follows): two years, then deleted.

6 · When we share

The institution does not sell personal information. We share personal information only:

  • With the individual's consent (which may be implied by the engagement context).
  • With service providers who support the institution's operations under written confidentiality and data-handling obligations.
  • Where required by law, including by regulator, court, or law-enforcement order.
  • In aggregated, de-identified form, in editorial outputs (the State of AI Discovery, Field Notes, Methodology Council briefings).
  • With the Methodology Council and Standards Committee in the course of their respective duties.

7 · The Tier classification system

Internal documents and personal information are classified into three tiers. Tier I — Public. Tier II — Restricted (internal distribution only, signed acknowledgement required). Tier III — Privileged (engagement files, individual personnel records, board minutes containing confidential matter).

Tier III material is accessed only by the named owner and the Head of Practice. A breach of tier — including discussion of Tier III material in unsecured channels — is a Class A disciplinary matter under the Charter. The classification system is the institution's primary internal control on personal-information handling.

The Tier classification system is described in full in the institution's Internal Operating System, Volume I, Part Three. It is reviewed annually by the Methodology Council.

8 · Your rights

Under the Privacy Act and the Australian Privacy Principles, every individual has rights in respect of personal information held by the institution. These include:

  • The right to access your personal information.
  • The right to correct your personal information where it is inaccurate, incomplete, or out of date.
  • The right to request deletion (subject to retention obligations and lawful exceptions).
  • The right to opt out of marketing communications at any time.
  • The right to make a complaint about how the institution has handled your personal information.

Requests are made in writing to privacy@aidiscovery.com.au. The institution acknowledges receipt within five business days and substantively responds within thirty days.

9 · Cookies and analytics

The institution uses minimal cookies on its website. Strictly-necessary cookies are used to operate the contact form and to maintain user session state. Analytics cookies, where used, are configured to anonymise IP addresses and to retain data for the minimum period consistent with statistical purpose. The institution does not use advertising cookies.

The Score Engine, when accessed by authorised users, uses session cookies for authentication and access control. Score Engine cookies do not leave the institution's systems.

10 · Contact and complaints

Privacy enquiries, requests to access or correct personal information, and complaints are addressed to:

Privacy Officer
AI Discovery
Sydney, NSW 2000
Email: privacy@aidiscovery.com.au

Where an individual is not satisfied with the institution's response to a privacy complaint, the individual may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Edition 1.0. Effective 10 May 2026. Reviewed by the Methodology Council on 30 April 2026. Next scheduled review: 30 April 2027.