Back to Home
IncentiQ

Privacy Policy

Last updated: February 25, 2026

TL;DR

We collect only what's needed. Your R&D data is encrypted and never sold. You can export anytime.

1. Introduction

IncentiQ Pty Ltd ("IncentiQ", "we", "us") is committed to protecting the privacy and security of personal information collected through our R&D compliance evidence platform. This Privacy Policy explains how we collect, use, store, and protect your data in compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

2.1 Account Information

  • Name, email address, and professional role
  • Company name and Australian Business Number (ABN)
  • Advisor practice details and client workspace associations

2.2 R&D Compliance Data

  • R&D project descriptions, activities, and technical uncertainties
  • Experimental evidence (photos, documents, logs, data files)
  • Financial expenditure data related to R&D activities
  • Audit trail entries and claim setup outputs

2.3 Platform Usage Data

  • Session logs, feature usage, and analytics events
  • Error and performance monitoring data
  • Browser type, device information, and IP address

3. How We Use Your Information

We use collected information exclusively for:

  • Providing and operating the IncentiQ compliance platform
  • Generating audit-ready R&D documentation and compliance reports
  • Maintaining the immutable audit trail with industry-standard cryptographic integrity verification
  • Volume tier billing calculations based on documented R&D expenditure
  • Platform improvement, error resolution, and security monitoring
  • Communicating service updates and compliance notifications

4. Data Security

4.1 Cryptographic Integrity

All evidence and audit trail entries are protected by industry-standard cryptographic hashing, creating an immutable chain of custody. Once recorded, data entries cannot be modified or deleted — only superseded with full version history preserved.

4.2 Infrastructure Security

  • Hosting: PostgreSQL database hosted on enterprise-grade cloud infrastructure
  • Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Access Control: Role-Based Access Control (RBAC) with Row-Level Security (RLS) policies
  • Authentication: Secure session management via dedicated authentication services
  • Monitoring: Real-time error tracking and security alerts via application monitoring

4.3 SOC2 Roadmap

IncentiQ is currently building toward SOC2 Type II certification. Our architecture has been designed with SOC2 controls in mind from inception, including immutable audit trails, RBAC enforcement, and comprehensive logging.

5. Data Sharing

We do not sell, rent, or trade your personal information or R&D data. Data is shared only in the following circumstances:

  • Advisor-Client relationship: Data is shared between advisors and their assigned clients within the platform's RBAC boundaries
  • Service providers: Essential infrastructure providers who are bound by data processing agreements
  • Legal compliance: Where required by Australian law, regulation, or valid legal process

6. Data Retention

R&D compliance data is retained for the duration of the subscription plus a minimum of 5 years to align with ATO record-keeping requirements for R&D Tax Incentive claims. Upon account termination, subscribers have a 90-day data export window, after which data is securely deleted.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access your personal information held by IncentiQ
  • Request correction of inaccurate personal information
  • Export your R&D evidence and compliance data at any time
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

8. International Data Transfers

Your data is primarily stored in Australian data centres. Where data processing involves infrastructure located outside Australia (e.g., global content delivery networks), we ensure appropriate safeguards are in place in accordance with APP 8.

9. Cookies & Analytics

IncentiQ uses essential cookies for session management and authentication. We use analytics events for platform improvement purposes only. We do not use third-party advertising trackers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and in-platform notification. Continued use of the Platform after such notification constitutes acceptance of the updated policy.

11. Contact

For privacy inquiries, data access requests, or complaints, contact our Privacy Officer at: privacy@incentiq.io