Every planning control identified for any lot | LEP + SEPP + DCP cross-referenced in one query | Approval likelihood scored for every control | Conflicts and overrides resolved automatically | Every answer cited to the source clause | Ask planning questions in plain English | Results in under 1 second | Every planning control identified for any lot | LEP + SEPP + DCP cross-referenced in one query | Approval likelihood scored for every control | Conflicts and overrides resolved automatically | Every answer cited to the source clause | Ask planning questions in plain English | Results in under 1 second |

Privacy Policy

Last updated: March 2026

Your privacy matters to us. Learn how we collect, use, and protect your information when you use our planning intelligence platform.

Our Privacy Commitment

ZoneDSS (a product of QuestFeed Pty Ltd, ABN 58 632 013 855) is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also respect the rights of individuals under the GDPR, CCPA, and other applicable international privacy regulations.

No Data Selling

We never sell your personal or business information to third parties.

Encrypted & Secure

All data encrypted in transit (TLS 1.3) and at rest (AES-256).

Your Control

Access, correct, or delete your data at any time.

1. About Us

ZoneDSS is a product name and brand of QuestFeed Pty Ltd. It is not a separately registered business or trademark. This privacy policy is issued by, and all data protection obligations are held by:

Company Name

QuestFeed Pty Ltd

ABN

58 632 013 855

Entity Type

Australian Private Company

Location

Queensland, Australia

2. Information We Collect

Information You Provide

Account Information

Email address, name, company name, password

Query Data

Addresses searched, coordinates clicked, development types selected, planning questions asked

Payment Information

Billing details processed securely via Stripe

Communication

Messages, support requests, and feedback you send us

Automatically Collected

Planning Reports

Compliance risk assessments, obligation coverage, and spatial overlay data generated by our platform for your queries

AI Conversation Data

Planning Q&A conversation history, including your questions and our cited answers, associated with your account

Usage Analytics

How you interact with the platform — pages visited, features used, query frequency — to improve our service

3. How We Use Your Information

  • Resolve planning obligations and generate site planning reports for your queries
  • Provide AI-powered planning Q&A grounded in real obligation data
  • Deliver spatial overlay data (height, FSR, heritage) for queried coordinates
  • Process payments and manage your subscription
  • Improve our obligation decomposition, risk scoring accuracy, and platform features
  • Provide customer support and respond to your inquiries
  • Comply with legal obligations and enforce our terms
  • Send service-related communications (new instrument coverage, platform updates)

4. What We Do NOT Do

We will NEVER:

  • Sell your personal or business information to third parties
  • Share your planning queries or reports with competitors or other users
  • Use your query data for purposes other than providing and improving the Services
  • Use your information for advertising without your explicit consent
  • Disclose your planning analysis to unauthorized third parties
  • Store payment card details on our servers (handled by Stripe PCI-DSS Level 1)

5. Data Security

Encryption

TLS 1.3 in transit, AES-256 at rest. All query data, reports, and account information encrypted end-to-end.

Access Controls

Role-based access, least-privilege principles for all internal access. Your data is isolated per tenant.

Infrastructure

AWS Lambda (serverless compute), RDS PostgreSQL with PostGIS, Cloudflare Pages. All data in AWS us-east-1.

Incident Response

Documented incident response procedures. Mandatory breach notification within 72 hours per GDPR/NDB scheme.

Monitoring

Continuous security monitoring and logging on all platform infrastructure.

Regular Audits

Periodic security assessments of our own infrastructure and application code.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy:

Information Type Retention Period
Planning reports & query results Duration of active subscription + 90 days after cancellation
AI conversation history Duration of active subscription (deletable at any time via account settings)
Account information Duration of active account + 2 years after deletion
Payment records 7 years (as required by Australian tax law)
Usage analytics 26 months (aggregated and anonymized)
Support communications 3 years from date of resolution

You may request deletion of your data at any time. We will process deletion requests within 30 days, subject to legal retention requirements.

7. Your Rights

Under the Australian Privacy Principles and applicable international regulations (including GDPR and CCPA), you have the right to:

Access

Request a copy of personal information we hold about you

Correction

Request correction of inaccurate or outdated information

Deletion

Request deletion of your personal information ("right to be forgotten")

Data Portability

Receive your data in a structured, machine-readable format

Restrict Processing

Request limitation of how we process your data

Withdraw Consent

Withdraw consent for data processing at any time

How to Exercise Your Rights

To exercise any of these rights, contact us at:

hello@zonedss.com

We will respond within 30 days. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local data protection authority.

8. Cookies and Tracking

We use cookies and similar technologies to improve your experience:

Type Purpose Required
Essential Authentication, session management, security Yes
Functional Remember your preferences and settings No
Analytics Understand usage patterns to improve our service No

You can manage cookies through your browser settings. Disabling essential cookies may affect platform functionality. We do not use advertising or tracking cookies.

9. International Data Transfers

ZoneDSS operates from Australia with infrastructure in the United States. Your data may be processed in:

  • — United States (AWS infrastructure, primary data storage)
  • — Australia (company operations)
  • — Cloudflare CDN (global edge network)

Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU data transfers and compliance with the Australian Privacy Act cross-border disclosure requirements (APP 8).

10. Third-Party Services

We use the following third-party services to operate our platform:

Stripe

Payment processing (PCI-DSS Level 1 certified)

AWS

Cloud infrastructure, PostGIS database, and serverless compute

Cloudflare

CDN, DDoS protection, and frontend hosting

xAI

AI models for planning Q&A (Grok API — no training on customer data)

We do not share your planning queries, reports, or conversation history with any third-party service beyond what is necessary for processing. The AI model provider receives planning context for inference only — they do not retain or train on your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email (for registered users) or by posting a prominent notice on our platform. Your continued use of ZoneDSS after changes constitutes acceptance of the updated policy.

Contact Our Privacy Team

For questions about this Privacy Policy or to exercise your privacy rights:

QuestFeed Pty Ltd

ABN: 58 632 013 855

Email: hello@zonedss.com

Web: zonedss.com

Location: Queensland, Australia

Document Version: 1.0 | Effective: March 2026