Nextquestion

Privacy Policy

Last updated: 29 May 2026

Nextquestion Pty Ltd (ABN 67 671 587 358) (we, us or our) is committed to protecting your privacy. This policy explains how we collect, use and protect your personal information. It applies to all personal information we handle, whether we collect it through our website, our application platform, in person, or through other means.

Quick Overview

  • We collect information you provide to us and information we gather when we interact with you
  • We use this information to provide our services and improve your experience
  • We protect your information using secure systems and processes
  • You have rights regarding your personal information, including access and correction rights

Information We Collect

Identity and contact details

  • Name, address, email address and phone number
  • Professional details, including role, title and organisation name

Service-related information

  • Payment and transaction details for products and services you have purchased from us or enquiries about our products and services
  • Your preferences for our services and your marketing preferences
  • Feedback and survey responses
  • IP address and general location information derived from your IP address
  • Approximate geolocation or processing location
  • Search and browsing behaviour
  • Website usage patterns
  • Cookie preferences
  • Originating or related searches

Application and Platform Information

If you create an account and use our application platform, we may also collect:

  • Organisation or user account details including address, phone and email
  • Financial information
  • Tax identifiers and fund identifiers
  • Confidential business information

Recordings

  • Call recordings
  • Records of meetings and decisions

Professional information (for job applicants and workers)

  • Employment history
  • Professional experience
  • Required authorisations and licences
  • Professional registrations
  • Information about your right to work in the relevant jurisdiction
  • CV details and attachments

Sensitive Information

We handle sensitive information with extra care and protection. While we prefer not to request or collect sensitive information where possible, certain information processed through our application platform during fund manager due diligence processes may include:

  • Employment history and background information
  • Employment disputes or concerns
  • Litigation history or potential legal matters
  • Professional conduct matters

We treat all client data processed via our application as our highest sensitivity classification (P4), which includes encryption at rest and limited access controls. We only collect and process this information with your consent or when legally permitted.

How We Collect Personal Information

  • Directly from you when you: when you interact with us, contact us, fill out forms.
  • Automatically when you: visit our website, use our technologies, interact with our online services, or access our application platform.
  • From third parties: service providers, business partners, public sources, government organisations and organisations or people authorised by you.
  • From publicly available sources: such as ASIC and other regulatory bodies and professional networking sites such as LinkedIn.

Why We Collect, Hold, Use and Disclose Personal Information

We collect and use your personal information to run our business and provide our services as set out below.

Business operations

  • To manage our relationship with you as a customer or supplier
  • To process and deliver our products and services
  • To handle your inquiries, support requests, and communications
  • To maintain accurate records for billing and administration
  • To verify your identity when required or permitted by law
  • To perform the services you have requested through our application platform
  • To ensure platform security and integrity
  • To meet legal, accounting and tax obligations

Communication and support

  • To respond to your questions and support requests
  • To communicate important updates about our services
  • To handle inquiries made through our website or platforms
  • To manage your participation in surveys, feedback sessions, or events
  • To identify and communicate with prospects

Service improvement

  • To conduct analytics and market research
  • To improve our business operations and services
  • To develop and enhance our applications and platforms
  • To understand how our services are used
  • To maintain website security and monitor abuse

Prospect research and enrichment

  • We may use information from contact forms and prospect enquiries to conduct desktop research using publicly available sources (such as professional networking sites, company websites and other public sources) to better understand your needs and serve you more effectively
  • This research may be conducted using AI tools and the information gathered is stored in our CRM system
  • Information obtained through this research may not always be accurate

Marketing and promotions

  • To send you promotional information about our services and events
  • To inform you about products or services that may interest you
  • To manage your marketing preferences
  • To run competitions, promotions, and special offers
  • To provide additional benefits to our customers

Employment purposes

  • To assess employment applications
  • To evaluate candidate qualifications
  • To manage professional certifications and licences
  • To maintain employment records
  • To handle employment or contact opportunities

Legal and compliance

  • To comply with our legal obligations
  • To respond to court orders or legal processes
  • To maintain required business records
  • To fulfill regulatory requirements or reporting obligations
  • To protect our legal rights and interests or as authorised by law

Our Disclosures of Personal Information to Third Parties

We may disclose personal information to:

Service providers

  • IT service providers
  • Data storage providers
  • Web hosting and server providers
  • Payment processors
  • Marketing and advertising providers
  • Analytics providers

Our key service providers include:

Finance and accounting

  • Xero
  • Stripe

Customer Relationship Management and Communications

  • Airtable
  • Slack
  • Microsoft (Office 365 for email and file sharing)

Website and Analytics

  • Google Cloud Platform
  • Google Analytics
  • Google Tag Manager
  • Google Ads
  • Google Optimize
  • Vercel
  • Cloudflare (where applicable)

Application Platform and Services

  • Amazon Web Services (AWS)
  • GitHub
  • NEON
  • Vercel
  • Microsoft
  • AWS Bedrock (for AI processing, including multiple AI models such as those supplied by Anthropic and AWS)
  • Grafana

Contract Management

  • Adobe Sign

Employee and Contractor Management

  • Deel (for foreign contractor arrangements)

This list is subject to change at short notice as we continuously improve our services and adopt new technologies. We also use other vendors with separate terms for beta platforms and prototypes. This list is not intended to be exhaustive and we will use reasonable endeavours to update this policy as our service provider’s change.

Vendor compliance

  • We conduct vendor reviews for security standards, certifications and data handling practices.

Professional advisers

  • Bankers
  • Auditors
  • Insurers and insurance brokers
  • Legal advisers
  • Bookkeeping, accounting and tax advisors

Business partners

  • Our existing or potential agents
  • Our business partners or contractors

Access to information

  • We control access to various types of data across the organisation based on role requirements. Access to personal information is limited to:
    • Directors
    • Contractors (who are bound by confidentiality obligations)
    • Employees
    • Professional advisers on a need-to-know basis
  • Staff and agents of the company are bound by confidentiality obligations to protect personal information and customer data.

Corporate transactions

If we merge with or are acquired by another company, or sell our business assets:

  • Your information may be disclosed to our advisers
  • Your information may be disclosed to the potential purchaser's advisers
  • Your information may be included in the transferred assets

Legal and regulatory bodies

  • Courts and tribunals
  • Regulatory authorities including as required for reporting obligations
  • Law enforcement officers

Other parties

  • Third parties you have authorised
  • Emergency services when necessary
  • Any other parties as required or permitted by law

Overseas Disclosure

Storage and access

We store your personal information in Australia. However, your information may be accessed from or transferred to locations outside Australia, primarily to the United States, in these circumstances:

  • When our service providers are located overseas (particularly in the United States)
  • When we work with overseas business partners
  • When using AI models and services that are not available in Australia to ensure we can provide competitive and up-to-date services
  • When using cloud-based services or data storage solutions

Countries where information may be disclosed

Your personal information may be disclosed to or accessed from the United States, where many of our technology service providers are located. This includes providers such as:

  • Airtable
  • Slack
  • Google (including Google Analytics)
  • Amazon Web Services
  • Microsoft
  • Grafana
  • Vercel
  • Cloudflare
  • Stripe

This list is not exhaustive and may change as we substitute vendors and services over time.

US Obligations

Some of our service providers are located outside of Australia, including the United States or other jurisdictions, and may be subject to legal obligations in those countries. In certain circumstances, government authorities in those jurisdictions may be able to access information held by these providers, potentially without notice to us or to you. We cannot control or prevent such access where it is required by applicable laws.

Our approach to overseas disclosure

Before disclosing your personal information overseas, we take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by:

  • Only sending information that is necessary for the purposes outlined in this policy
  • Requiring recipients to protect your information through contractual agreements which require compliance with privacy standards in applicable law or through other mechanisms that provide comparable safeguards
  • Conducting vendor reviews for security standards, certifications and data handling practices
  • Seeking confidentiality obligations where practical
  • Monitoring how recipients handle your information.

AI Model Requirements

Due to the limited availability and capability of AI models in Australia, we use AI services and models located primarily in the United States to ensure our services remain competitive and current. This is necessary to provide you with high-quality, up-to-date services.

Your Privacy Rights and Choices

Providing information

You can choose whether to provide personal information to us, however, if you don't provide certain information, we may not be able to provide some services. Let us know if you don't want to provide information and we will let you know when information is required versus optional.

Access to your information

You can request access to the personal information we hold about you and we will respond to your request within a reasonable time. We may charge a reasonable administrative fee for providing access and if we cannot provide access, we will explain why and explore alternative ways to share relevant information.

Correction rights

You can ask us to correct any information that is inaccurate, out of date, incomplete, irrelevant or misleading and we will take reasonable steps to correct your information promptly. If we cannot make the correction, we will explain why and discuss alternatives. You can ask us to add a statement to your information noting your requested correction.

Data deletion rights

You can request deletion of your personal information, particularly when offboarding from our application platform. If you request deletion:

  • We will endeavour to delete your data within 30 days from our active systems
  • We maintain backup systems for up to 30 days, meaning complete data deletion may take up to 60 days
  • We cannot manually delete individual data from backup systems, but data will be removed as backups expire according to our retention schedule
  • We maintain data destruction records where you have explicitly requested information be destroyed

Marketing communications

You can opt-out of receiving marketing communications at any time. Each marketing communication will include an unsubscribe option. You can change your marketing preferences by contacting us. We will process your request as soon as practicable.

How to contact us about your rights or to make a complaint and what happens next

Step 1: Contact our privacy officer

  • Email: privacy@nextquestion.ai
  • Post: Level 6, 123 Eagle Street, Brisbane City, QLD 4000

What to include: Your full name, contact details, clear details about your request or complaint, and any relevant dates or reference numbers.

Step 2: Our response

We will:

  • Verify your identity before processing your request
  • Investigate thoroughly (for complaints) or process your request (for rights)
  • Respond to you in writing within reasonable timeframes and as required by law
  • Explain what actions we will take and keep you updated on progress
  • Not charge you for making a request (except for reasonable access fees if applicable)
  • Help you understand and exercise your rights

Step 3: If you're not satisfied (complaints only)

If you're not satisfied with our response to your complaint, you can:

  • Ask for a review by our senior management, or
  • Contact external bodies:
    • Australian residents: Office of the Australian Information Commissioner (Phone: 1300 363 992, Website: www.oaic.gov.au)
    • New Zealand residents: Office of the New Zealand Privacy Commissioner

This is the same process whether you want to access your information, correct mistakes, change marketing preferences, or make a complaint about our privacy practices.

Protecting Your Information

We use multiple layers of security to protect your information.

Technical safeguards

  • Enterprise-grade encryption for data storage and transmission
  • Regular security testing and monitoring
  • Automated threat detection systems

Operational security

  • Staff training on security and privacy
  • Strict access controls based on job requirements
  • Regular security audits and incident response procedures testing

Physical security

  • Secure premises with controlled access
  • Secure disposal of physical documents
  • Equipment security protocols

Public information

Please note that any information you choose to share publicly on online platforms (such as comments or reviews) can be accessed and used by others. We cannot control or protect information that you make publicly available.

How Long We Keep Your Information

We keep your personal information only as long as we need it for the purposes we collected it, or as required by law. When we no longer need it, we securely destroy or de-identify it.

Application data

  • We retain application data for as long as you maintain an active subscription
  • If you request deletion of your data as part of offboarding, we will endeavour to delete your data within 30 days from our active systems
  • We maintain backup systems for up to 30 days, meaning complete data deletion may take up to 60 days
  • We cannot manually delete individual data from backup systems, but data will be removed as backups expire according to our retention schedule

Financial and tax information

  • For active customers: retained for as long as you maintain an active subscription
  • For former customers: retained for 5 years after you cease being an active customer

Legal and contract information

  • Retained for 7 years (to align with ASIC standards)

Website and contact form data

  • Retained for as long as reasonably necessary for the purposes collected
  • Reviewed and deleted on a regular basis (approximately quarterly)

Cookies and Analytics

What We Use

We use cookies, tracking pixels, and similar technologies on our website and in our emails to improve your experience and our services.

Cookies

  • Small text files stored on your device
  • Help remember your preferences
  • Enable certain website functions
  • Make your interactions with our website more efficient

Tracking Pixels

  • Tiny, invisible images in web pages and emails
  • Help us understand how you interact with our content
  • Allow us to measure email engagement
  • Enable more relevant content delivery

How we use these technologies

Essential Functions

  • Remember your login status
  • Maintain your session security
  • Store your preferences
  • Enable core website features

Analytics and Performance

  • Understand how our website is used
  • Measure page views and traffic
  • Analyse user navigation patterns
  • Identify areas for improvement

Personalisation

  • Remember your preferences
  • Tailor content to your interests
  • Improve your browsing experience
  • Provide relevant recommendations

Your control

You can manage these technologies by:

  • Adjusting your browser settings to block or delete cookies
  • Using privacy-focused browser extensions
  • Configuring your email client to block images
  • Using our cookie preference settings

Note: Blocking all cookies may affect website functionality and your user experience.

Google Analytics

We use Google Analytics to understand how people use our website. This involves cookies that collect information about your browsing activity. You can opt out of Google's advertising features through your Google account settings, browser add-ons, or your device's privacy settings. Google provides various tools and options to control how your data is used for advertising purposes. You can learn more about how Google uses your data and your available options on Google's privacy pages.

Vercel & Cloudflare Analytics

We use security, data and page analytics tools provided by Cloudflare and Vercel across our application and website to understand use and to protect against security threats and to maintain the integrity of our assets. You can learn more about how these vendors use your data by visiting their respective privacy pages and websites.

When You Sign In With Another Provider

What we collect

When you use single sign-on or alternative login methods to authenticate with us, we'll receive personal information from that provider based on your privacy settings with them. This may include your name, username, profile picture, and other details you've chosen to share.

How we use it

We use this information to create your profile on our platform and give you access to our services.

Your rights

If you connected through alternative login methods, you can ask us to delete the personal information we received from these vendors. To do this, email us at our email below and tell us what information you'd like deleted. If we can't delete certain information, we'll explain why.

Artificial Intelligence (AI) Technologies

Overview

We use artificial intelligence and machine learning technologies in our business operations and services, including AI tools provided by third parties. We only use these technologies when legally permitted and necessary for our business.

How we use AI

We use AI technologies throughout our platform and services, including:

  • Processing and analysing information uploaded to our application platform
  • Conducting due diligence analysis and data processing for fund management purposes
  • Enriching prospect information through desktop research using publicly available information
  • Generating and modifying content and coding
  • Improving and optimising our services and operations
  • Automating routine tasks and communications
  • Personalising your experience with our services
  • Supporting quality assurance processes
  • Assisting with customer support and queries (including potential use of automated help agents in the future)

AI service providers

We use multiple AI service providers and models, which may change frequently as technology evolves. Current providers include AWS Bedrock (incorporating Anthropic, AWS Titan and AWS Nova models), Microsoft AI services, OpenAI (in prototype systems), Groq (in prototype systems), and other AI processing services. Each provider operates under separate terms and conditions.

Commercial and Personal Information

While our platform primarily processes commercial and confidential business information, some personal information may be included in documents and data uploaded to or processed through our platform. We apply the same high security standards (P4 classification) to all information processed through our application, regardless of whether it is personal or commercial information.

Data protection and security

When we work with third-party AI providers, we ensure they handle your personal information in accordance with privacy laws through contractual requirements and appropriate safeguards.

Your rights and our commitments

Any information generated or inferred about you by AI technologies is treated as personal information, and you maintain all the rights outlined in this privacy policy. When using AI with your personal information, we commit to:

Transparency and control

  • We'll inform you when AI is used to make decisions that may significantly affect you
  • We maintain human oversight and review of significant AI-generated decisions
  • Our staff are trained to understand AI limitations and verify outputs before relying on them
  • We implement processes to verify the accuracy of AI-generated outputs

Security

  • We use appropriate technical and organisational measures to maintain the security and integrity of your personal information
  • We regularly test and monitor AI outputs for accuracy and reliability

Risk mitigation

  • We regularly assess and document risks associated with using AI to process personal information
  • We implement appropriate measures to address these risks
  • We continuously monitor AI performance and regularly review their impact

Amendments

We may update this policy at any time by posting the revised version on our website. We recommend that you review our website regularly to stay current with any policy changes.

Privacy Policy | Nextquestion | Nextquestion