Antlar

Antlar Privacy Policy

Last updated: 23 March 2026

1. Introduction

This Privacy Policy explains how Antlar Limited (ABN 30 927 693 635) ("Antlar", "we", "us", "our") collects, uses, discloses, and protects personal information.

This Privacy Policy applies to our strata compliance management platform ("Service"), our websites at antlar.au and antlar.co, our web application at app.antlar.co, and any related services we provide.

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and the Privacy Act 2020 (NZ) and Information Privacy Principles (IPPs) where applicable.

This Privacy Policy also governs our use of Google OAuth services. Our application ("Antlar"), registered under Google Cloud project antlar-487307, requests access to users' Gmail data solely to provide email integration features within the Service. We do not use Google user data for advertising or any purpose unrelated to the Service.

2. Personal Information We Collect

We collect personal information that is reasonably necessary for our business functions. This includes:

  • Identity information: name, position, and role within your strata scheme or organisation
  • Contact information: email address, phone number, and postal address
  • Lot ownership information: contact details of lot owners, mortgagees, covenant chargees, tenants, and other parties relevant to the ownership or occupation status of lots within your scheme
  • Account information: username, password, and account preferences
  • Scheme information: strata plan number, lot details, and scheme correspondence
  • Usage information: how you interact with the Service, features accessed, and queries submitted
  • Technical information: IP address, browser type, device information, and access logs

We may also collect sensitive information where it is contained in documents you upload or correspondence you process through the Service (for example, health information in insurance claims or personal disputes). We only collect sensitive information with your consent or where otherwise permitted by law.

3. How We Collect Personal Information

We collect personal information:

  • directly from you when you register for the Service, submit queries, or upload documents
  • from your strata scheme representatives who add you as an authorised user
  • from documents and correspondence you process through the Service
  • automatically when you use the Service (technical and usage information)
  • from third-party integrations you connect (such as Gmail)

If you provide us with personal information about other individuals (such as lot owners or committee members), you must ensure you have their consent to do so and have informed them about this Privacy Policy.

4. How We Use Personal Information

We use personal information to:

  • provide, maintain, and improve the Service
  • process your queries and provide support
  • communicate with you about the Service, including updates and changes
  • analyse usage patterns to improve functionality and user experience
  • comply with legal obligations and enforce our terms
  • protect the security and integrity of the Service
  • send you newsletters and marketing communications you have opted in to receive
  • generate AI-assisted recommendations, correspondence drafts, and compliance assessments for review and approval by authorised users. All recommendations require human confirmation before any action is taken

We may use de-identified, aggregated data for product development, research, and benchmarking purposes. This data does not identify you personally.

5. Artificial Intelligence and Third-Party Processing

Important: The Service uses artificial intelligence (AI) to provide features including Ask Antlar.

When you use these features, your queries and relevant scheme data are transmitted to third-party AI providers for processing. Our current AI providers include:

  • Anthropic (Claude) - for conversational AI and document analysis
  • OpenAI - for text embeddings and search functionality
  • Microsoft (Azure / Microsoft Graph) - for Outlook email integration

By using AI-powered features of the Service, you acknowledge and agree that:

  • your queries and related data will be transmitted to these third-party providers
  • while we select providers with appropriate data handling practices, we cannot control how they process or retain data once transmitted
  • you should not submit highly sensitive personal information through AI features unless necessary
  • AI providers may use data to improve their models, subject to their own privacy policies

We recommend reviewing the privacy policies of our AI providers: Anthropic and OpenAI.

5A. Automated Decision-Making

Antlar uses artificial intelligence and automated processing to analyse personal information and surface recommendations, for example, flagging potential compliance gaps, suggesting correspondence, or summarising scheme financial data. However, Antlar never makes decisions autonomously. All recommendations require explicit approval by an authorised user before any action is taken. No change to compliance status, correspondence, financial records, or any other matter affecting lot owners or scheme participants is ever applied without human confirmation.

The types of personal information used in this process include lot ownership and contact details, levy and financial records, correspondence history, and scheme obligation data.

This approach means Antlar is designed to fall outside the automated decision-making transparency obligations under APP 1.7 of the Privacy Act 1988 (Cth), which apply where computer programs make or substantially make decisions affecting individuals' rights or interests. Nevertheless, if you have questions about how a recommendation was generated, you may contact us at privacy@antlar.co.

6. Disclosure of Personal Information

We may disclose personal information to:

  • our service providers who assist in operating the Service (such as cloud hosting, analytics, and email delivery)
  • third-party AI providers as described in section 5
  • professional advisers (lawyers, accountants) where necessary
  • law enforcement or government authorities where required by law
  • a purchaser or successor entity in the event of a sale or transfer of our business

We require our service providers to protect personal information and only use it for the services they provide to us.

We do not sell personal information to third parties for marketing purposes.

7. Overseas Disclosure

Personal information may be disclosed to recipients located outside Australia, including:

  • United States - where our AI providers (Anthropic, OpenAI), email integration provider (Microsoft), and cloud infrastructure (Vercel, Supabase) are located

Before disclosing personal information overseas, we take reasonable steps to ensure the recipient handles it in accordance with the APPs or is subject to a law or binding scheme substantially similar to the APPs.

8. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • encryption of data in transit and at rest
  • access controls and authentication requirements
  • regular security assessments and monitoring
  • staff training on privacy and security obligations

However, no data transmission over the internet is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

You can help protect your information by keeping your login credentials confidential and notifying us immediately if you suspect unauthorised access to your account.

9. Data Retention

We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

When you terminate your use of the Service, we will, on request, delete or de-identify your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

10. Your Rights

Under the Privacy Act 1988 (Cth) and the Privacy Act 2020 (NZ), you have the right to:

  • access the personal information we hold about you
  • request correction of inaccurate, incomplete, or outdated information
  • request deletion of your personal information (subject to legal requirements)
  • withdraw consent where processing is based on consent
  • complain about a breach of the APPs
  • request an explanation of how an AI-generated recommendation affecting you was produced, noting that Antlar surfaces recommendations only, and all decisions are made by authorised human users of the Service

To exercise these rights, contact us using the details in section 13. We will respond to your request within a reasonable time and, in any case, within 30 days.

We may refuse access or correction in certain circumstances permitted by law, in which case we will provide reasons for our decision.

11. Cookies and Analytics

We use cookies and similar technologies to:

  • maintain your session and preferences
  • analyse how the Service is used
  • improve functionality and user experience

You can control cookies through your browser settings. Disabling cookies may affect some features of the Service.

We use analytics services (including Google Analytics) to understand usage patterns. Google Analytics uses cookies to collect anonymous data about how visitors use the site, including pages visited, time on site, and traffic sources. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. These services may collect information about your use of the Service in accordance with their own privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email.

Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint, please contact us at privacy@antlar.co.

We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with:

  • In Australia: Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
  • In New Zealand: Office of the Privacy Commissioner at privacy.org.nz