← Back to Home

Privacy Policy

Last updated: 7 April 2026

Doreva Pty Ltd (ABN 49 610 421 639) ("Doreva", "we", "us", "our") operates the doreva.ai website and the Doreva tender writing platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information

We may collect the following personal information when you register, use our Service, or contact us:

  • Full name and job title
  • Email address and phone number
  • Company name and Australian Business Number (ABN)
  • Billing and payment information (processed securely via third-party payment processors)
  • Login credentials (passwords are stored in hashed form only)

1.2 Tender Content and Business Data

When you use the Doreva platform, you may upload or input:

  • Case studies, capability statements, and project evidence
  • Staff CVs, certifications, and qualifications
  • Pricing structures and financial information
  • Tender documents, evaluation criteria, and draft proposals
  • Company profiles and differentiators

This content is treated as commercially sensitive and confidential. See Section 5 for how we protect it.

1.3 Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and approximate geographic location
  • Browser type, device type, and operating system
  • Pages visited, time spent, and referring URLs
  • Cookies and similar tracking technologies (see Section 7)

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service — to operate the Doreva platform, generate tender proposals, and deliver features you request
  • Account management — to create and manage your account, authenticate your identity, and process payments
  • AI-powered tender generation — to process your uploaded evidence through our AI system and generate proposal content. Your data is sent to our AI provider's API under a zero-retention, zero-training agreement
  • Communication — to send you service-related notices, respond to enquiries, and provide customer support
  • Improvement and analytics — to understand how the Service is used, identify issues, and improve functionality (using aggregated, anonymised data only)
  • Legal compliance — to comply with applicable laws, regulations, and legal processes

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

  • AI Processing Provider — Your tender content is sent to our enterprise AI API provider (Anthropic) under a contractual zero-retention policy. Inputs are not stored, logged, or used for model training
  • Cloud Infrastructure — Our hosting provider (Google Cloud Platform, Sydney region) processes data under strict data processing agreements
  • Payment Processors — Billing information is handled by PCI-compliant third-party payment processors. We do not store full credit card numbers
  • Legal Requirements — We may disclose information if required by law, court order, or governmental authority
  • Business Transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy

4. Data Storage and Sovereignty

Your data is stored and processed in Australia:

  • All primary data is hosted on Google Cloud Platform, australia-southeast1 (Sydney)
  • Database backups are stored within Australian data centres
  • AI processing uses API endpoints that do not retain your data after processing
  • We do not transfer your personal information outside of Australia without your explicit consent, except where necessary for AI processing under zero-retention terms

5. Data Security

We take the security of your information seriously and implement the following measures:

  • Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2+
  • Encryption at rest — Sensitive fields (ABNs, contact details, commercial information) are encrypted in our database
  • Strict data isolation — Each organisation's data is logically separated. No cross-tenant access is possible
  • Multi-factor authentication (MFA) — TOTP-based MFA with recovery codes is available on all accounts
  • Role-based access controls — Admin, writer, and reviewer roles ensure users only access what they need
  • Zero AI training on your data — Your content is never used to train AI models

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.

6. Your Rights Under the Australian Privacy Act

Under the Australian Privacy Principles, you have the right to:

  • Access — Request access to the personal information we hold about you
  • Correction — Request correction of inaccurate, incomplete, or out-of-date personal information
  • Deletion — Request deletion of your personal information and tender content. Upon account deletion, we will remove your data within 30 days, except where retention is required by law
  • Data portability — Request an export of your uploaded evidence and generated proposals
  • Complaint — Lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at info@doreva.ai.

7. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

  • Essential cookies — Required for the Service to function (authentication, session management)
  • Analytics cookies — Help us understand how visitors use our website (e.g., Google Analytics). These collect anonymised, aggregated data only
  • Marketing cookies — Used only with your consent to measure the effectiveness of our advertising

You can control cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8. Third-Party Links

Our Service may contain links to third-party websites (e.g., Calendly for demo bookings). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9. Children's Privacy

Our Service is designed for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Data Retention

We retain your personal information and tender content for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data — Retained while your account is active, deleted within 30 days of account closure
  • Tender content — Retained while your account is active, deleted within 30 days of account closure or upon your earlier request
  • Billing records — Retained for 7 years as required by Australian tax law
  • Website analytics — Aggregated analytics data is retained for up to 26 months

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will notify you via email or a prominent notice within the Service.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.