← nedulla.com

Privacy policy

Aligned with the Australian Privacy Principles (APP 1–13). Last reviewed: May 2026.

1. Open and transparent management (APP 1)

Nedulla is operated by Manrum Pty Ltd (ABN 58 683 207 945), Sydney, Australia. This policy explains what personal information we collect, why, where it lives, and how to access or correct it. We update this page when our practices change and date the revision at the top.

2. Anonymity & pseudonymity (APP 2)

Where lawful and practicable you may interact with our marketing site without identifying yourself. Nedulla itself is a workspace product — once you accept an invitation, an account is required to scope your data to your organisation.

3. Collection of solicited personal information (APP 3)

We collect only what we need to operate the workspace you configure:

  • Account & profile: name, work email, role, time zone.
  • Connected-tool content: when you connect Gmail / Outlook / Calendar / other tools, we read the data your authorised scopes allow. We never request scopes beyond what a module needs (e.g. utility billing reads attachments only on the bound mailbox; chat reads messages on the inbox you nominate).
  • Documents you upload: bills, CVs, transcripts, etc. — used only for the module you uploaded into.
  • Operational telemetry: request logs (IP, user-agent, route), error traces, audit events for privileged actions. Retained for 30 days for diagnostic and security purposes; longer for the WORM audit log.

We do not collect:

  • Browsing history outside Nedulla.
  • Marketing identifiers shared across third-party advertising networks.
  • Biometric data.

4. Unsolicited personal information (APP 4)

If a connected tool returns information we didn't request (e.g. a forwarded email with PII for an unrelated person), we apply the same retention rules as solicited information and never share it beyond your workspace.

5. Notification of collection (APP 5)

You see this policy before signing in. When you connect a third-party tool, the OAuth consent screen lists the exact scopes Nedulla will request. We don't hide any access behind generic descriptions.

6. Use & disclosure (APP 6)

  • We use your information only to operate the modules you enable (e.g. drafting an email reply, reconciling a utility bill, scoring a candidate).
  • We do not sell your information.
  • We do notuse your prompts, documents, or tool contents to train any model — neither our own nor a third party's. Our LLM contracts prohibit training on submitted data.
  • We share data with subprocessors only to deliver the service (see Security § Subprocessors for the current list).
  • We may disclose information when required by law (court order, valid subpoena); we'll tell you unless we're legally prevented.

7. Direct marketing (APP 7)

We don't use workspace data for marketing. Marketing emails (e.g. waitlist updates) come only to addresses you actively give us, with a one-click unsubscribe.

8. Cross-border disclosure (APP 8)

Production data is hosted in Australian regions. Some subprocessors (Anthropic, OpenAI, Vercel edge POPs) may process small amounts of your data in other jurisdictions during model inference or routing. Their contracts bind them to APP-equivalent standards.

9. Adoption of government identifiers (APP 9)

We don't adopt government identifiers as our own. If a TFN, ABN, or licence number appears in content you upload, it is processed only for the module's stated purpose and is scrubbed before any LLM submission via our FROST pipeline.

10. Quality (APP 10)

You can edit your profile and workspace data at any time from Settings. Module outputs (e.g. drafted emails, extracted bill fields) are always editable before they persist or send.

11. Security (APP 11)

See our full Security overview — encryption, isolation, audit logging, vulnerability disclosure.

12. Access (APP 12)

Account owners can export workspace data at any time (CSV exports for utility ledger, bills, contacts; JSON for audit log). For categories without a self-serve export, email privacy@nedulla.comand we'll provide your data within 30 days.

13. Correction (APP 13)

Self-serve correction is available for all profile and workspace fields. For records that don't have a self-serve edit (audit events, billing history), email privacy@nedulla.com.

Complaints

If you believe we've breached this policy, write to privacy@nedulla.com. We'll acknowledge within 5 business days and respond substantively within 30 days. Unresolved complaints can be escalated to the Office of the Australian Information Commissioner (OAIC).

Contact

Privacy queries: privacy@nedulla.com
Security disclosures: security@nedulla.com
General: hello@nedulla.com