Privacy Policy

Privacy Policy

28 May 2025

Project2100 Pty Ltd (“Project2100”, “we”, “our”, “us”) respects your privacy and is committed to protecting the personal information we hold. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access OmniDisclose (the “Service”). It is drafted in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).


Information We Collect

Category

Details

Source

Identity & Account Data

  • Microsoft 365 User ID (object ID)

  • Name (first and last)

  • Work email address

  • Microsoft Azure Tenant ID

Supplied by Microsoft during secure sign-in (OAuth 2.0 / MSAL)

ChatGPT API Interaction Data

  • Prompt text you type or programmatically submit to the “Generate Response” feature

  • Resulting responses returned by the ChatGPT API

Entered or generated within OmniDisclose

Support Correspondence

Emails, screenshots, log files you voluntarily provide

Directly from you

No disclosure data, financial figures, or spreadsheet contents processed by OmniDisclose are transmitted to Project2100 servers. Model calculations remain entirely within your Microsoft 365 environment; any clipboard copies between Excel and Word exist only in your local browser cache and are purged by Office when the session ends.


How We Use Your Information

  • Account Management – to authenticate you, enforce seat limits and administer subscriptions.

  • Service Operation & Security – to deliver core features, monitor uptime, prevent fraud and diagnose issues.

  • ChatGPT Delivery – to forward your prompts to the OpenAI API and return the response. Prompts are transmitted without your User ID, Tenant ID or email unless you deliberately type them into the prompt.

  • Support & Compliance – to handle enquiries, meet legal obligations and resolve disputes.

We do not use personal information for direct marketing unless you have opted-in (APP 7).


Lawful basis for collection

  • Contract performance – delivering the Service you request.

  • Legitimate interests – safeguarding our platform, improving reliability.

  • Consent – where you voluntarily submit content to ChatGPT or sign up for marketing.

Unsolicited personal information is destroyed or de-identified (APP 4).


Disclosure to third parties

Recipient

Purpose

Location

Microsoft Corporation

Identity, licensing, and add-in distribution

Data centres chosen by Microsoft

Microsoft Azure (Australia East)

Hosting our Azure SQL database containing Identity & Account Data

Australia East

OpenAI

Processing ChatGPT prompts and generating responses

United States

Professional advisers

Audit, legal, insurance

Australia

Regulators & law-enforcement

As required by law

Jurisdictions with authority


ChatGPT data handling specifics

  • What is sent: Only the text you supply in the prompt (plus de-identified system instructions).

  • Retention: OpenAI retains API inputs and outputs for up to 30 days solely to monitor abuse, then deletes them; no data is used for model training.

  • Zero-data retention: Enterprise clients may request Azure OpenAI’s zero-retention mode where available.


Data security

  • Encryption: TLS 1.2+ in transit; Transparent Data Encryption at rest for Azure SQL.

  • Access controls: Role-based permissions, MFA for administrators, audit logging.

  • Retention:

    • Identity & Account Data – retained for the life of your subscription plus 24 months.

    • ChatGPT prompts – stored only by OpenAI for the period above; not retained in our systems.

  • Destruction: Secure erasure or de-identification aligned with OAIC guidelines (APP 11).


Cookies & local storage

OmniDisclose uses only essential Microsoft cookies and IndexedDB/localStorage for temporary clipboard operations. We do not employ advertising cookies or third-party trackers.


Access & correction

Contact michael.vamvakaris@project2100.com to request access to or correction of your personal information. We respond within 30 days (APP 12-13).


Complaints

Email michael.vamvakaris@project2100.com with the details of your concern. We will investigate and respond within 30 days. If unresolved, you may complain to the Office of the Australian Information Commissioner (OAIC) (oaic.gov.au, 1300 363 992).


Changes to this Policy

Material changes will be posted here with 30 days’ notice and a new “Last updated” date. Continued use after that date indicates acceptance.


Your privacy matters to us. Thank you for trusting OmniDisclose.