Privacy Policy

UNCAPT Pty Ltd (ABN 15 641 190 552) (“UNCAPT”, “we”, “our”, “us”) is committed to protecting the privacy of individuals who use INSIGHT — our research intelligence platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

INSIGHT is a research SaaS product. We do not process clinical health records, and this policy does not engage state-based health records legislation. If you are looking for our data practices relating to MIA (our clinical product), please visit uncapt.com.

1.1 Who this policy covers

This policy applies to: researchers, PhD students, academics, and lab administrators who create accounts on INSIGHT or the INSIGHT platform; visitors to insight.uncapt.com; and individuals who contact us by email or through our website contact form.

2.1 Account information

When you create an account, we collect your name, email address, and (optionally) your institution and role. This is used to create and manage your account, communicate with you about the service, and provide support.

2.2 Research documents and knowledge banks

INSIGHT allows you to upload research papers, notes, and documents to create private knowledge banks. These documents are stored securely and used solely to provide the INSIGHT service to you. We do not read, analyse, or use the content of your documents for any purpose other than powering your queries and knowledge graph.

2.3 Queries and interactions

We store the queries you submit to Ari (our research reasoning agent) and the responses generated, in order to maintain your session history and to enable features like literature review generation. These are not used to train AI models — see Section 5.

2.4 Usage and technical data

We collect aggregated, de-identified usage data (e.g., feature usage patterns, session duration) to improve the platform. We also collect standard technical data (browser type, IP address, device information) when you visit our website.

2.5 Contact form submissions

If you submit an enquiry via our website contact form, we collect the information you provide (name, email, institution, message). This information is used solely to respond to your enquiry.

We use personal information for the following purposes: providing and operating the INSIGHT platform; authenticating your account and managing your subscription; responding to support requests and enquiries; sending transactional communications (account notices, billing receipts, service updates); generating aggregated, de-identified insights to improve platform performance; and complying with legal and regulatory obligations.

3.1 Marketing communications (APP 7)

We may occasionally send product updates or research-related communications to users who have created accounts or enquired about INSIGHT. We will only do so where you would reasonably expect such communications based on your relationship with us. Every communication includes a clear opt-out. You may also opt out at any time by emailing privacy@uncapt.com. We will action opt-out requests within 5 business days.

Your knowledge banks are private by default. No other INSIGHT user can access your knowledge banks unless you explicitly share them. On Academic Lab plans, you control who within your team has access.

We do not sell, license, or share the content of your knowledge banks with any third party. The documents you upload, the queries you make, and the knowledge graphs you build belong to you.

4.1 Read-only publishing

If you choose to publish a knowledge bank as read-only for external reference, you do so voluntarily. You can revoke read-only access at any time. UNCAPT does not publish or share any knowledge bank without your explicit action.

5.1 Your data is not used to train AI models

We do not use your uploaded documents, queries, knowledge banks, or any other personal data to train, fine-tune, or improve the underlying AI models that power INSIGHT. Your research data remains yours and is used solely to provide the INSIGHT service to you.

5.2 De-identified usage data

We may use aggregated, de-identified, non-reversible usage patterns (e.g., 'feature X was used N times this month') to improve platform design and performance. This data contains no personal information and cannot be traced back to any individual user.

5.3 Inference providers

INSIGHT uses private AI inference providers to generate responses. These providers operate under a Zero-Retention, No-Logging configuration — your queries and documents are processed in memory only and are not retained by the inference provider after the request is complete. No research data is stored by our inference providers.

We use the following third-party service providers to deliver INSIGHT. All sub-processors are contractually required to maintain security and privacy standards consistent with this policy and the Australian Privacy Principles.

All infrastructure handling your research documents and queries is located in Australia. We do not transfer your research data outside of Australia. This list is kept current — if we add a new sub-processor that handles personal data, we will update this page.

All user data, uploaded documents, and knowledge banks are hosted on Microsoft Azure infrastructure in Australia East. Our security measures include: encryption at rest (AES-256) and in transit (TLS 1.2+); role-based access controls and audit logging; regular security assessments and vulnerability testing; private model inference with zero retention.

For a full description of our security practices, see our Security page.

7.1 Cross-border data transfers (APP 8)

All personal data and research documents for INSIGHT users are processed and stored within Australia. We do not transfer your data outside Australia. Our architecture is designed for data sovereignty.

8.1 Active accounts

While your account is active, we retain your account information, uploaded documents, knowledge banks, and query history to provide the service.

8.2 Account cancellation or expiry

When you cancel your subscription or your account expires, we retain your data for 30 days to allow you to export it. After 30 days, your knowledge banks, uploaded documents, and query history are permanently deleted from our systems. Account information (name, email) may be retained for up to 2 years for legal and billing purposes.

8.3 Contact and enquiry data

Information submitted through our contact form is retained for the duration of the relevant business relationship and for a reasonable period afterwards (up to 2 years), unless you request earlier deletion.

UNCAPT complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If we become aware of an eligible data breach, we will: take immediate steps to contain the breach; complete a reasonable assessment within 30 days; notify the Office of the Australian Information Commissioner (OAIC) where required; and notify affected users directly as soon as practicable. Our target initial response time for suspected breaches is 24 hours.

10.1 Access and correction (APPs 12 and 13)

You have the right to request access to the personal information we hold about you, and to request correction of any inaccurate information. To make a request, contact privacy@uncapt.com. We will respond within 30 days.

10.2 Deletion

You may request deletion of your account and all associated data at any time. We will action deletion requests within 14 days, subject to any legal obligations to retain certain information.

10.3 Complaints

If you are not satisfied with how we handle your personal information or respond to your request, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Our website uses essential cookies required for authentication and session management. We may also use analytics tools to understand how visitors interact with our site. Analytics data is aggregated and de-identified. You may disable non-essential cookies through your browser settings without affecting your ability to use INSIGHT.

INSIGHT is intended for researchers, academics, and students in higher education. It is not designed for use by individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

We may update this Privacy Policy from time to time. Material changes will be communicated via our website and, where relevant, by email to registered users. The Effective date at the top of this page indicates the latest revision.

For questions about this Privacy Policy or our data practices: