Privacy Policy
Last updated: July 2026 | Effective date: July 2026
Summary: AmpleCheck AI collects only the information needed to deliver
its services to Australian builders, tradies, and their clients. We do not sell your data.
We use Supabase (database & storage), Google Gemini (AI), Firebase (push notifications
& analytics), ModelsLab (AI image rendering), and RevenueCat (subscription management)
to power the app. You can request deletion of your data at any time.
1. Who We Are
AmpleCheck AI ("we", "our", "us") is an Australian software application designed to
assist builders, contractors, and construction professionals with NCC compliance,
floor plan generation, 3D modelling, pre-inspection checklists, compliance tracking,
and client communication. For privacy enquiries, contact us at
amazeit@zazstudios.com.au.
2. Information We Collect
2.1 Information You Provide
- Account information: email address and display name used to
create your Firebase account.
- Floor plan & project images: photos and documents you upload
for AI processing.
- Construction project details: project name, address, client name,
contract value, and stage information entered into the Client Portal.
- Client information: your client's name, email address, and phone
number that you choose to enter when creating a project.
- Messages: text messages exchanged between you (builder) and your
client through the in-app messaging feature.
- Variation requests: titles, descriptions, cost amounts, and
supporting photos for variation approvals.
- Pre-construction compliance checklist data: compliance item
statuses (Pending / Obtained / Not Required), obtained dates, and optional notes
entered against each item in a project's compliance checklist.
- Compliance certificates (Document Vault): PDF documents you
voluntarily upload against a compliance checklist item โ for example, a Development
Approval, Construction Certificate, insurance certificate, or occupation certificate.
These are stored in a private, access-controlled storage bucket and are never
publicly accessible. Clients receive a time-limited (15-minute) signed link to view
a document; the link expires automatically.
- Builder professional credentials: if you choose to enter them,
your builder's licence number, licence class, licence state, licence expiry date,
insurer name, public liability coverage limit, and insurance policy expiry date.
These are displayed on the Client Portal as a trust signal to your clients. You
control whether this information is entered; it is entirely optional.
- Business profile information: trading name, ABN, business
address, phone number, email address, and bank/payment details entered for invoice
generation. Bank and payment details are used for invoice PDFs only and are
never shared with your clients via the Client Portal.
- Client device display names: when a client accesses your portal
for the first time, they may enter a display name (e.g. "John's iPhone"). This name
is stored so you can identify which devices have access to your project and revoke
access if needed.
- Feedback: optional feedback text and star rating you submit through
the Feedback screen. Feedback is associated with your anonymous user ID only โ your
email address is not stored with feedback submissions.
- Tradie profile information (TradesConnect): if you register as a
tradie, we collect your full name, business name, trade type, state, postcode, ABN,
licence number, phone number, email address, website, and portfolio photos. This
information is displayed to builders who search the TradesConnect directory.
2.2 Information Collected Automatically
- Device token (FCM): Firebase Cloud Messaging token used to deliver
push notifications when your AI jobs complete. Not linked to personal identity.
- Firebase Analytics: anonymous usage events (screen views, feature
usage) to help us improve the app. No personally identifiable information is sent.
- Crash reports (Firebase Crashlytics): device model, OS version,
and crash stack traces to help us fix bugs.
- Variation audit data: when a client approves or declines a variation
through the Client Portal, we record their IP address, device user-agent, decision,
and timestamp as an immutable legal audit trail.
- Portal access timestamps (read receipts): each time a client
opens the Client Portal link, we record the date and time of access against their
registered device. This is displayed to you (the builder) as a read-receipt indicator
so you know when your client last viewed the project. Clients are not notified that
this tracking occurs, and you are informed of this policy by the existence of this
section.
2.3 Information We Do NOT Collect
- We do not collect or store payment card details (processed by RevenueCat/Apple/Google).
- We do not use cookies or advertising trackers on our mobile app.
- We do not build behavioural profiles for advertising purposes.
- We do not collect biometric data.
- Your builder's bank account details, BSB, PayID, and payment terms are
never transmitted to clients through the Client Portal โ they
appear on invoice PDFs only, which you generate and send yourself.
- Your builder's insurance policy number is not collected. Only the insurer name,
coverage limit, and policy expiry date are stored, to minimise the risk of
fraudulent insurance claims.
3. How We Use Your Information
- Service delivery: to process your floor plan, 3D model, compliance
analysis, and inspection requests using AI.
- Client Portal: to display project updates, photos, variation
requests, compliance status, and builder credentials to the client you have invited.
- Compliance tracking: to store and display your pre-construction
compliance checklist per project, including item statuses, dates, notes, and
uploaded certificate documents.
- Document Vault: to store compliance certificate PDFs in a private
storage bucket and generate short-lived signed URLs (15-minute expiry) for secure
viewing by you or your invited client.
- Builder credentials display: if you have entered your licence and
insurance details, to display these on your Client Portal as a trust signal for your
clients. You control this by choosing whether to complete the Business Profile.
- Portal access tracking: to show you when your client last viewed
the portal, so you can follow up if they have not yet reviewed an update or variation.
- Invoice generation: to pre-fill invoice PDFs with your business
profile details (name, ABN, licence number, banking details) for progress claims and
variation invoices.
- AI summaries: your builder notes and variation details are sent to
Google Gemini to generate plain-English summaries for your clients. This data is
processed under Google's API terms and is not used to train Gemini models.
- Push notifications: to notify you when a background AI job
(floor plan, 3D model) is complete.
- Legal compliance: variation approval audit records are stored to
satisfy Australian electronic transactions law requirements.
- App improvement: anonymous crash and usage data to fix bugs and
improve the user experience.
4. Legal Basis for Processing (Australian Privacy Act 1988)
We process your personal information on the following bases:
- Contract performance: to provide the services you have signed up
for.
- Legitimate interests: to maintain security, prevent fraud,
improve our services, and provide portal access-tracking features that serve a
genuine operational need for builders managing client communication.
- Legal obligation: to retain variation approval records as required
by the Electronic Transactions Act 1999 (Cth) and equivalent state
legislation.
- Consent: for push notifications and optional analytics, where you
have granted permission on your device. For optional data such as builder credentials
and compliance certificates, your act of voluntarily entering or uploading the
information constitutes consent to its storage and portal display.
5. Third-Party Services
We use the following third-party services to operate AmpleCheck AI. Each operates
under its own privacy policy:
- Supabase (database & file storage) โ supabase.com/privacy. Project
data and compliance checklist data are stored in our Supabase database. Compliance
certificate PDFs are stored in a private Supabase Storage bucket
(
compliance-docs) โ files are never publicly accessible; access is
exclusively via short-lived signed URLs generated by our backend.
- Google Firebase (authentication, push notifications, analytics,
crash reporting) โ firebase.google.com/support/privacy.
- Google Gemini API (AI summaries and analysis) โ ai.google.dev/terms.
Input data is not used to train models.
- ModelsLab / Stable Diffusion (floor plan generation, 3D modelling,
and Renovation AI rendering) โ photos and floor plan images you upload may be processed
on ModelsLab servers. See
modelslab.com/privacy-policy.
- Pinecone (vector database for NCC compliance search) โ stores
anonymised NCC content only, not personal data.
- RevenueCat (subscription management) โ handles in-app purchase
validation and entitlement management. RevenueCat receives your anonymous app user ID
and purchase history. We do not receive your card details. See
revenuecat.com/privacy.
- Render (API server hosting) โ our backend API is hosted on Render
infrastructure. See render.com/privacy.
6. Data Storage and Security
Your data is stored in Supabase and protected by:
- HTTPS encryption for all data in transit.
- Row-level security on our database (service-role access only from our backend โ
no direct client-side database access is permitted).
- Firebase Authentication for user account security.
- Token-based (UUID) access for Client Portal links โ each project has a unique,
unguessable access token. Anyone with the link can view the portal; do not share it
with people who should not have access.
- Private, access-controlled storage for compliance certificate documents โ files
in the
compliance-docs bucket have no public URL. Access requires a
signed URL generated on demand by our backend, which expires after 15 minutes.
- Builder credentials displayed on the portal (licence and insurance details) are
served only to users who already hold a valid project access token. They are not
indexed by search engines and are not publicly discoverable.
No security system is 100% impenetrable. We encourage you not to share your Client
Portal link with people who should not have access to your project information.
7. Data Retention
- Project data: retained for as long as your account is active, or
until you delete the project.
- Compliance checklist data: retained for the life of the associated
project. Deleting a project permanently removes all compliance items and their statuses.
- Compliance certificate documents (Document Vault): stored in
private Supabase Storage and retained until you replace the file, delete the project,
or submit a data deletion request. Uploading a replacement document removes the
previous file from storage.
- Builder credentials (licence & insurance details): retained
as part of your Business Profile for as long as your account is active. You can
update or clear these at any time from within the app. They are permanently deleted
within 30 days of an account deletion request.
- Variation approval records: retained indefinitely as an
immutable legal audit trail. If you need these removed for a specific legal reason,
contact us.
- Uploaded project images: stored in Supabase Storage and retained
until you delete the project or request removal.
- Portal access timestamps (read receipts): updated on each client
visit and retained for the life of the project. Only the most recent access time per
registered device is stored โ historical access logs are not retained.
- Client device registrations: retained until you revoke the device
in the app, or until the associated project is deleted.
- Account data: deleted within 30 days of account deletion
request.
- Tradie profile data: retained for as long as your tradie profile
is active. You can delete your profile at any time from within the app; all associated
data (profile details, portfolio photos, saved favourites) is permanently removed
within 30 days.
- Firebase Analytics & Crashlytics data: retained according to
Google's default retention periods (up to 14 months for Analytics; 90 days for
Crashlytics crash reports).
8. Your Rights
Under the Australian Privacy Act 1988 (and applicable state privacy legislation),
you have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate information.
- Request deletion of your personal information (subject to our legal obligations
to retain variation approval records, and subject to the retention periods of
third-party services such as Firebase).
- Request deletion of specific uploaded documents (compliance certificates) without
deleting your entire account.
- Withdraw consent for analytics and push notifications at any time through your
device settings.
- Lodge a complaint with the Office of the Australian Information Commissioner
(OAIC) at oaic.gov.au.
To exercise any of these rights, contact us at
amazeit@zazstudios.com.au.
9. Children's Privacy
AmpleCheck AI is designed for use by construction industry professionals. We do not
knowingly collect personal information from children under 13. If you believe a child
has provided us with personal information, please contact us immediately.
10. Client Portal โ Information About Your Clients
When you use the Client Portal, you enter your client's personal information (name,
email, phone). By doing so, you represent that:
- You have obtained your client's consent to share their information with
AmpleCheck AI for project communication purposes.
- You are sharing only the minimum information necessary.
- You will inform your client that their project information will be accessible
via a secure link, that their variation approvals are digitally recorded, and that
their access times are logged for read-receipt purposes.
AmpleCheck AI acts as a data processor for your client's information
on your behalf. You remain the data controller responsible for
ensuring the lawful collection of your client's data under the Australian Privacy Act
1988 and any applicable state legislation.
The following information about your project may be visible to clients who hold
the project access link:
- Project name, address, type, and stage progress.
- Project updates, photos, and builder notes you have published.
- Variation requests requiring their approval.
- Pre-construction compliance checklist โ item names, statuses (Pending / Obtained /
Not Required), obtained dates, and any notes you have added. Compliance certificate
documents (PDFs) are viewable via a 15-minute expiring link when you have uploaded
them.
- Your business name and ABN (if entered in your Business Profile).
- Your builder's licence number, licence class, state, and expiry โ and your
insurer name, public liability limit, and policy expiry โ if you have chosen to enter
these in your Business Profile. These are displayed as a trust badge. Bank details,
payment terms, and insurance policy number are never visible to clients.
- Tradies assigned to the project (name, trade, contact details).
- Messages exchanged through the in-app messaging feature.
11. Builder Credentials โ Data Controller Responsibilities
Your builder's licence number is a matter of public record โ it appears on state
building authority registers (NSW Fair Trading, Victorian Building Authority, QBCC, etc.)
and is required to be displayed on contracts and advertising in most Australian states.
Displaying it on your Client Portal fulfils this obligation and provides clients with
the ability to independently verify your credentials.
Your insurance details (insurer name, coverage limit, policy expiry) are voluntary.
By entering them, you confirm that the information is accurate and current. AmpleCheck AI
does not verify insurance details and accepts no liability for outdated or incorrect
credential information displayed on the portal.
You should keep your licence and insurance details up to date in the app, particularly
when licences are renewed or policies change. Clients may make decisions based on this
information.
12. Terms of Service (Summary)
By using AmpleCheck AI, you agree that:
- The app is provided as a tool to assist professionals. AI-generated outputs
(floor plans, compliance answers, 3D models) are not a substitute for licensed
professional advice and should be verified before use.
- You are responsible for the accuracy of information you enter into the app,
including your professional credentials and insurance details.
- Variation approval records created through the Client Portal may constitute
legally binding agreements under Australian electronic transactions law. Consult a
lawyer if you are unsure about the legal effect of digital approvals.
- You are responsible for ensuring you have appropriate authority to upload and
share any compliance certificate documents stored in the Document Vault.
- We reserve the right to suspend accounts that abuse the service or violate these
terms.
- The service is provided "as is" without warranty. We are not liable for decisions
made based on AI-generated content or credential information displayed on the portal.
Read the full Terms of Service.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of
material changes through the app or by email. Continued use of the app after
changes constitutes acceptance of the updated policy.
14. Third-Party Content & Acknowledgements
AmpleCheck AI's compliance-check and chat features reference and display excerpts
(including text clauses and page images) from the National Construction Code (NCC).
The National Construction Code 2025 was provided by the Australian Building Codes
Board under the
CC BY 4.0 licence.
The official, current version of the NCC is available at
ncc.abcb.gov.au.
Each NCC clause or page image shown in the app is individually captioned with its
source (clause, page number, and the Australian Building Codes Board attribution) at
the point it appears.