Legal
Privacy Policy
Last updated: 13 July 2026
1. About this policy
easyPDs ("easyPDs", "we", "us" or "our") provides AI-assisted software that helps HR and people teams in any Australian organisation turn one position description into an interview pack, job ads, jargon-free copy, a classification and more. We respect your privacy and are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy explains what personal information we collect, how we use and disclose it, how we keep it secure, and how you can access, correct or complain about the handling of your personal information.
easyPDs is offered to organisations in Australia. As we extend the service to New Zealand, we will handle personal information for New Zealand customers in accordance with the Privacy Act 2020 (NZ) and the Information Privacy Principles.
2. What we mean by personal information
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in a material form or not. This is the definition used in the Privacy Act 1988 (Cth).
3. The personal information we collect
Depending on how you use easyPDs, we may collect:
- Account and identity information: your name, work email address, organisation, and role. Where your organisation uses single sign-on, we receive your name and work email from your organisation's Microsoft Entra ID directory when you sign in.
- Content you upload or generate: position descriptions, job ads, interview packs and related documents. This content may contain personal information about other people, such as current or prospective employees, including their names, work contact details, phone numbers and addresses.
- Hiring contact details: when you use the job ad tool, a hiring contact mobile number so applicants can reach the right person.
- Usage and technical information: pages and features you use, actions you take in the app, and technical details such as your device type, browser, and IP address. This includes session recordings (see section 8).
- Support and enquiry information: the content of any message you send us and the contact details you provide.
Much of the content uploaded to easyPDs contains personal information about individuals other than the account holder, such as a customer's current or prospective employees. Where you upload this content, your organisation is the entity responsible for notifying those individuals about the handling of their personal information (for example under Australian Privacy Principle 5), and easyPDs processes that content only on your organisation's instructions to provide the service.
We do not seek to collect sensitive information (as defined in the Privacy Act) through the ordinary use of easyPDs. Recruitment material can sometimes contain sensitive information, such as health or background-check details. Where a customer includes sensitive information in content it uploads, the customer is responsible for obtaining any consent required to collect it, and easyPDs processes it only to provide the service. Please do not upload sensitive information unless it is necessary for your recruitment purpose.
4. How we collect personal information
We collect personal information:
- directly from you, when you create an account, upload content, use the tools, or contact us;
- automatically, when you use the app or website, through analytics and standard web technologies; and
- from your organisation's identity provider (Microsoft Entra ID) when you sign in using single sign-on.
5. Why we collect, hold, use and disclose personal information
We collect and use personal information to:
- provide the easyPDs service and generate the outputs you request;
- authenticate you and keep your account and our systems secure;
- respond to your support requests and communicate with you about the service;
- maintain, improve and develop easyPDs; and
- meet our legal and regulatory obligations.
We do not sell personal information. Our primary AI provider, the Microsoft Azure OpenAI Service, does not use your content to train its models. We do not permit training on your content where our contractual terms allow us to control this, and we are migrating remaining legacy features off any provider that does not offer equivalent protections.
The outputs easyPDs generates, such as classifications, job ads and interview packs, are AI-assisted drafts intended to support your decisions. They are not automated decisions, and we recommend they be reviewed by a person before they are relied on.
Using easyPDs requires an authenticated account, so it is not practicable to interact with the service anonymously or under a pseudonym.
6. Artificial intelligence processing and data location
easyPDs uses AI language models to generate content from the material you provide.
- AI processing is primarily performed by the Microsoft Azure OpenAI Service hosted in the Australia East region.
- Some legacy features may currently use OpenAI, whose processing may occur outside Australia. We are migrating these features to the Australian region.
- Customer data at rest is stored in Australia.
- Under the deployment model we use for some AI features (Azure GlobalStandard), AI inference may in limited cases be processed in Microsoft data centres located outside Australia. Where this happens, the provider remains bound by contractual terms consistent with this policy.
We are developing an optional de-identification capability that removes personal identifiers from content before it is sent for AI processing and reinserts them in the result. Once available, and where an administrator enables it, this will reduce the personal information sent to AI providers.
7. Disclosure to service providers and cross-border disclosure
We use trusted service providers to run easyPDs. These providers act on our instructions and are bound by confidentiality and data protection obligations. Our current service providers include:
- Microsoft: Azure OpenAI Service in the Australia East region for AI processing, and Microsoft Entra ID for single sign-on authentication;
- Amazon Web Services: application hosting and encrypted backups, in Australia;
- Cloudflare: content delivery and network security;
- Vercel: hosting for our marketing website;
- PostHog: product analytics and session recording; and
- OpenAI: for legacy AI features that are being migrated to the Australian region.
Some of these providers may store or process personal information outside Australia. In particular, OpenAI is likely to process data in the United States; the Microsoft Azure OpenAI Service is hosted in Australia but, under the deployment model described in section 6, inference may in limited cases be processed in Microsoft data centres outside Australia; and our analytics and network providers (including PostHog, Cloudflare and Vercel) may route or store data through infrastructure located overseas, including in the United States. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it in a way consistent with the Australian Privacy Principles, and we remain accountable under Australian Privacy Principle 8.1 for how those recipients handle it.
We may also disclose personal information where required or authorised by law, or to your organisation where it administers your access to easyPDs.
8. Analytics and session recording
We use PostHog to understand how easyPDs is used so we can improve it. This includes session recording, which may capture your interactions with the app, such as pages viewed, clicks, navigation, and information shown on or entered into the screen. We use this information only to operate, secure and improve the service, and we are working to configure recording so that it minimises the capture of personal information. If you would prefer not to have your sessions recorded, please contact us at support@easypds.com.au. Your browser's Do Not Track setting is also respected where the analytics tool detects it.
9. Cookies and similar technologies
We use cookies and similar technologies to keep you signed in, remember your preferences, and measure how the service is used. You can control cookies through your browser settings, although some features may not work correctly if cookies are disabled.
10. How we keep personal information secure
We take reasonable technical and organisational steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These measures include:
- encryption of data in transit using TLS;
- Microsoft Entra ID single sign-on with multi-factor authentication;
- least-privilege access controls, with standard (non-administrator) user accounts;
- network hardening, with inbound access restricted to the ports required to run the service;
- continuous vulnerability scanning, monitoring and alerting; and
- regular, tested backups.
No method of transmission or storage is completely secure. While we work to protect your personal information, we cannot guarantee absolute security.
11. Retention and destruction of personal information
We retain personal information for as long as it is needed to provide the service to you and your organisation, and to meet our legal, accounting and regulatory obligations. When personal information is no longer needed, we take reasonable steps to delete it or to de-identify it. Customers may request deletion of their account content by contacting us.
12. Data breach notification
If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information we hold, we will assess the breach and notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).
13. Accessing and correcting your personal information
You have the right to ask for access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading. To make a request, contact us using the details in section 15. We will respond within a reasonable period. There is no charge for making a request, although we may charge a reasonable fee for providing access in some circumstances. If we refuse access or correction, we will tell you why in writing.
14. Complaints
If you have a concern about how we have handled your personal information, please contact us first using the details in section 15 so we can try to resolve it. We will acknowledge your complaint and respond within a reasonable period. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner at www.oaic.gov.au or on 1300 363 992.
15. Contact us
For any privacy question, request or complaint, contact our privacy team by email at support@easypds.com.au. We will acknowledge your enquiry and respond within a reasonable period.
16. Children
easyPDs is a workplace tool intended for use by HR professionals. It is not directed at children and we do not knowingly collect personal information from children.
17. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or legal obligations. The current version, and the date it took effect, is shown at the top of this page. We encourage you to review it periodically.
