tasplanning_report/public/privacy.php

<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Privacy Policy — Tasmanian Planning Scheme Assistant</title>
  <meta name="description" content="Privacy Policy explaining how the Tasmanian Planning Scheme Assistant collects, uses, and protects your personal information.">
  <link rel="canonical" href="https://tasplanning.report/privacy">
  <meta name="robots" content="index,follow,max-snippet:-1,max-image-preview:large,max-video-preview:-1">
  <meta name="keywords" content="Privacy Policy, Australian Privacy Act, TPS Assistant, Tasmanian Planning Scheme, planning data">

  <link rel="preconnect" href="https://fonts.googleapis.com">
  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  <link href="https://fonts.googleapis.com/css2?family=DM+Serif+Display:ital@0;1&family=DM+Sans:ital,opsz,wght@0,9..40,300;0,9..40,400;0,9..40,500;1,9..40,300&display=swap" rel="stylesheet">
  <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css" rel="stylesheet">
  <link rel="icon" href="/favicon.ico">
  <link rel="apple-touch-icon" href="/image/apple-touch-icon.png">

  <style>
    :root {
      --bg:           #0b0f0e;
      --bg-1:         #111614;
      --bg-2:         #181e1b;
      --bg-card:      #141a17;
      --border:       rgba(255,255,255,0.07);
      --border-hover: rgba(255,255,255,0.14);
      --accent:       #2ddc8a;
      --accent-dim:   rgba(45,220,138,0.10);
      --text-primary: #eaf0ec;
      --text-secondary:#8fa899;
      --text-muted:   #4f6459;
      --serif:        'DM Serif Display', Georgia, serif;
      --sans:         'DM Sans', system-ui, sans-serif;
      --radius:       10px;
      --radius-lg:    16px;
      --transition:   0.16s cubic-bezier(0.4,0,0.2,1);
    }

    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
    html { scroll-behavior: smooth; }
    body {
      font-family: var(--sans);
      background: var(--bg);
      color: var(--text-primary);
      font-size: 16px;
      line-height: 1.7;
      -webkit-font-smoothing: antialiased;
      min-height: 100vh;
    }
    ::selection { background: var(--accent); color: #0b0f0e; }
    a { color: var(--accent); text-decoration: none; transition: opacity var(--transition); }
    a:hover { opacity: 0.8; }

    /* ── Nav ─────────────────────────────────────────────────────────── */
    .site-nav {
      position: sticky; top: 0; z-index: 100;
      background: rgba(11,15,14,0.92);
      backdrop-filter: blur(12px);
      border-bottom: 1px solid var(--border);
    }
    .nav-inner {
      max-width: 900px; margin: 0 auto; padding: 0 24px;
      display: flex; align-items: center; justify-content: space-between;
      height: 56px;
    }
    .nav-brand {
      display: flex; align-items: center; gap: 9px;
      font-size: 0.88rem; font-weight: 500;
      color: var(--text-primary); text-decoration: none;
    }
    .nav-links { display: flex; align-items: center; gap: 4px; }
    .nav-links a {
      font-size: 0.82rem; color: var(--text-secondary);
      padding: 5px 11px; border-radius: 5px; text-decoration: none;
      transition: all var(--transition);
    }
    .nav-links a:hover { color: var(--text-primary); background: rgba(255,255,255,0.05); opacity: 1; }
    .nav-links a.active { color: var(--accent); }

    /* ── Page layout ─────────────────────────────────────────────────── */
    .page-wrap {
      max-width: 760px; margin: 0 auto;
      padding: 56px 24px 96px;
    }

    /* ── Page header ─────────────────────────────────────────────────── */
    .page-header { margin-bottom: 48px; }
    .page-eyebrow {
      display: inline-flex; align-items: center; gap: 7px;
      font-size: 0.72rem; font-weight: 500; letter-spacing: 0.12em;
      text-transform: uppercase; color: var(--accent); margin-bottom: 16px;
    }
    .page-eyebrow::before {
      content: ''; display: block; width: 18px; height: 1px; background: var(--accent);
    }
    .page-header h1 {
      font-family: var(--serif); font-size: clamp(2rem, 4vw, 2.8rem);
      font-weight: 400; line-height: 1.15; margin-bottom: 14px;
    }
    .page-header h1 em { font-style: italic; color: var(--accent); }
    .page-meta {
      display: flex; align-items: center; gap: 16px;
      flex-wrap: wrap; margin-top: 16px;
    }
    .meta-chip {
      display: inline-flex; align-items: center; gap: 6px;
      background: var(--bg-card); border: 1px solid var(--border);
      border-radius: 999px; padding: 4px 12px;
      font-size: 0.75rem; color: var(--text-muted);
    }
    .meta-chip i { font-size: 0.8rem; }

    /* ── Table of contents ───────────────────────────────────────────── */
    .toc {
      background: var(--bg-card); border: 1px solid var(--border);
      border-radius: var(--radius-lg); padding: 24px 28px;
      margin-bottom: 48px;
    }
    .toc-label {
      font-size: 0.7rem; font-weight: 500; letter-spacing: 0.1em;
      text-transform: uppercase; color: var(--text-muted); margin-bottom: 14px;
      display: block;
    }
    .toc ol {
      list-style: none; display: flex; flex-direction: column; gap: 8px;
      padding: 0; counter-reset: toc;
    }
    .toc ol li {
      display: flex; align-items: baseline; gap: 10px;
      counter-increment: toc;
    }
    .toc ol li::before {
      content: counter(toc) ".";
      font-size: 0.72rem; color: var(--text-muted);
      min-width: 18px; flex-shrink: 0;
    }
    .toc ol li a {
      font-size: 0.85rem; color: var(--text-secondary);
      text-decoration: none; transition: color var(--transition);
      line-height: 1.4;
    }
    .toc ol li a:hover { color: var(--accent); opacity: 1; }

    /* ── Policy sections ─────────────────────────────────────────────── */
    .policy-section {
      margin-bottom: 44px;
      padding-bottom: 44px;
      border-bottom: 1px solid var(--border);
    }
    .policy-section:last-of-type { border-bottom: none; }

    .section-anchor { scroll-margin-top: 80px; }

    .policy-section h2 {
      font-family: var(--serif); font-size: 1.4rem; font-weight: 400;
      color: var(--text-primary); margin-bottom: 14px; line-height: 1.2;
      display: flex; align-items: center; gap: 10px;
    }
    .section-num {
      font-family: var(--sans); font-size: 0.72rem; font-weight: 500;
      color: var(--accent); background: var(--accent-dim);
      border: 1px solid rgba(45,220,138,0.2);
      border-radius: 999px; padding: 2px 9px;
      flex-shrink: 0; letter-spacing: 0.05em;
    }

    .policy-section p {
      color: var(--text-secondary); margin-bottom: 14px; font-size: 0.95rem;
    }
    .policy-section p:last-child { margin-bottom: 0; }

    .policy-section ul {
      list-style: none; display: flex; flex-direction: column;
      gap: 10px; padding: 0; margin-bottom: 14px;
    }
    .policy-section ul li {
      display: flex; align-items: flex-start; gap: 10px;
      color: var(--text-secondary); font-size: 0.95rem;
    }
    .policy-section ul li::before {
      content: '';
      width: 5px; height: 5px; border-radius: 50%;
      background: var(--accent); flex-shrink: 0; margin-top: 9px;
    }
    .policy-section ul li strong { color: var(--text-primary); font-weight: 500; }

    /* Highlight box */
    .highlight-box {
      background: var(--accent-dim); border: 1px solid rgba(45,220,138,0.2);
      border-radius: var(--radius); padding: 16px 20px;
      margin: 16px 0; display: flex; gap: 12px; align-items: flex-start;
    }
    .highlight-box i { color: var(--accent); font-size: 1rem; flex-shrink: 0; margin-top: 2px; }
    .highlight-box p {
      color: var(--text-secondary); font-size: 0.88rem;
      margin: 0; line-height: 1.6;
    }

    /* ── Contact card ────────────────────────────────────────────────── */
    .contact-card {
      background: var(--bg-1); border: 1px solid var(--border);
      border-radius: var(--radius-lg); padding: 28px 32px;
      display: flex; align-items: center; justify-content: space-between;
      gap: 20px; flex-wrap: wrap; margin-top: 48px;
    }
    .contact-card h3 {
      font-family: var(--serif); font-size: 1.1rem; font-weight: 400;
      margin-bottom: 6px;
    }
    .contact-card p { color: var(--text-secondary); font-size: 0.85rem; margin: 0; }
    .btn {
      display: inline-flex; align-items: center; gap: 7px;
      padding: 10px 20px; border-radius: var(--radius);
      font-family: var(--sans); font-size: 0.85rem; font-weight: 500;
      cursor: pointer; transition: all var(--transition); text-decoration: none;
    }
    .btn-outline {
      background: transparent; color: var(--text-secondary);
      border: 1px solid var(--border-hover);
    }
    .btn-outline:hover { border-color: var(--accent); color: var(--accent); opacity: 1; }

    /* ── Footer ──────────────────────────────────────────────────────── */
    .site-footer {
      border-top: 1px solid var(--border); padding: 28px 0;
    }
    .footer-inner {
      max-width: 900px; margin: 0 auto; padding: 0 24px;
      display: flex; flex-wrap: wrap; align-items: center;
      justify-content: space-between; gap: 16px;
    }
    .footer-copy { font-size: 0.8rem; color: var(--text-muted); }
    .footer-links { display: flex; align-items: center; gap: 20px; }
    .footer-links a {
      font-size: 0.8rem; color: var(--text-muted); text-decoration: none;
      transition: color var(--transition);
    }
    .footer-links a:hover { color: var(--text-secondary); opacity: 1; }

    ::-webkit-scrollbar { width: 5px; }
    ::-webkit-scrollbar-track { background: transparent; }
    ::-webkit-scrollbar-thumb { background: var(--border-hover); border-radius: 3px; }
  </style>
    <!-- Google tag (gtag.js) -->
        <script async src="https://www.googletagmanager.com/gtag/js?id=G-LWEHQVCWEZ"></script>
        <script>
          window.dataLayer = window.dataLayer || [];
          function gtag(){dataLayer.push(arguments);}
          gtag('js', new Date());
          gtag('config', 'G-LWEHQVCWEZ');
        </script>
        
        <!-- Google Tag Manager -->
        <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
        new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
        j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
        'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
        })(window,document,'script','dataLayer','GTM-M5PFLGZT');</script>
        <!-- End Google Tag Manager -->
</head>
<body>
    <!-- Google Tag Manager (noscript) -->
    <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M5PFLGZT"
    height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
    <!-- End Google Tag Manager (noscript) -->

<!-- ── Nav ──────────────────────────────────────────────────────────── -->
<nav class="site-nav">
  <div class="nav-inner">
    <a class="nav-brand" href="/">
      <svg width="22" height="22" viewBox="0 0 28 28" fill="none">
        <rect width="28" height="28" rx="6" fill="var(--accent-dim)" stroke="rgba(45,220,138,0.25)" stroke-width="1"/>
        <path d="M8 20 L14 8 L20 20" stroke="var(--accent)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
        <path d="M10.5 16 L17.5 16" stroke="var(--accent)" stroke-width="1.5" stroke-linecap="round"/>
      </svg>
      Tasmanian Planning Scheme
    </a>
    <div class="nav-links">
      <a href="/">Home</a>
      <a href="/terms">Terms</a>
      <a href="/privacy" class="active">Privacy</a>
    </div>
  </div>
</nav>

<!-- ── Content ───────────────────────────────────────────────────────── -->
<div class="page-wrap">

  <!-- Header -->
  <div class="page-header">
    <div class="page-eyebrow">Legal</div>
    <h1>Privacy <em>Policy</em></h1>
    <div class="page-meta">
      <span class="meta-chip"><i class="bi bi-calendar3"></i> Last updated: 19 September 2025</span>
      <span class="meta-chip"><i class="bi bi-geo-alt"></i> Australian Privacy Act 1988 (Cth)</span>
    </div>
  </div>

  <!-- Table of contents -->
  <div class="toc">
    <span class="toc-label">Contents</span>
    <ol>
      <li><a href="#overview">Overview</a></li>
      <li><a href="#collect">Information we collect</a></li>
      <li><a href="#use">How we use your information</a></li>
      <li><a href="#ai">AI/LLM processing</a></li>
      <li><a href="#legal">Legal bases</a></li>
      <li><a href="#sharing">Sharing your information</a></li>
      <li><a href="#retention">Data location &amp; retention</a></li>
      <li><a href="#security">Security</a></li>
      <li><a href="#rights">Your choices &amp; rights</a></li>
      <li><a href="#children">Children</a></li>
      <li><a href="#links">Third-party links</a></li>
      <li><a href="#changes">Changes to this Policy</a></li>
      <li><a href="#contact">Contact</a></li>
    </ol>
  </div>

  <!-- Sections -->
  <div class="policy-section">
    <h2 id="overview" class="section-anchor"><span class="section-num">1</span> Overview</h2>
    <p>
      We respect your privacy. This Privacy Policy describes how we collect, use, disclose,
      and protect personal information when you use the Tasmanian Planning Scheme Assistant
      (the "Service"). We comply with the Australian Privacy Act 1988 (Cth) and the
      Australian Privacy Principles (APPs) to the extent they apply to us.
    </p>
  </div>

  <div class="policy-section">
    <h2 id="collect" class="section-anchor"><span class="section-num">2</span> Information we collect</h2>
    <ul>
      <li><strong>Usage data:</strong> pages visited, features used, timestamps, device/browser information, and aggregated analytics.</li>
      <li><strong>Query data:</strong> text you enter (e.g., addresses, planning questions) so the Service can generate results.</li>
      <li><strong>Contact details (if provided):</strong> name, email, and messages when you contact us or join the waitlist.</li>
      <li><strong>Cookies and similar technologies:</strong> to maintain sessions, preferences, basic analytics, and performance.</li>
      <li><strong>API keys (BYOK):</strong> if you choose to use your own API key, it is stored only in your browser's local storage and is never transmitted to our servers.</li>
    </ul>
  </div>

  <div class="policy-section">
    <h2 id="use" class="section-anchor"><span class="section-num">3</span> How we use your information</h2>
    <ul>
      <li>To operate, maintain, and improve the Service and its accuracy.</li>
      <li>To provide support and respond to enquiries.</li>
      <li>To monitor usage, detect fraud or abuse, and ensure security.</li>
      <li>To analyse aggregated trends and enhance user experience.</li>
      <li>To send waitlist communications where you have opted in.</li>
      <li>To comply with law and enforce our <a href="/terms">Terms of Use</a>.</li>
    </ul>
  </div>

  <div class="policy-section">
    <h2 id="ai" class="section-anchor"><span class="section-num">4</span> AI/LLM processing</h2>
    <p>
      To generate responses, your queries are processed by our systems using retrieval-augmented
      generation (RAG) against Tasmanian Planning Scheme documents stored in our vector database.
      The final answer generation may use our hosted language model (Ollama/llama3.1) or,
      if you choose the "Bring Your Own Key" option, your chosen external provider
      (Anthropic, OpenAI, or xAI Grok).
    </p>
    <div class="highlight-box">
      <i class="bi bi-key"></i>
      <p>
        When using BYOK mode, your API key and the final LLM request are sent directly
        from your browser to the provider — they never pass through our servers.
        Only the anonymised retrieval context (planning clause excerpts) is fetched
        from our backend.
      </p>
    </div>
    <p>
      We take steps to minimise personal information in prompts where possible and handle
      all data in accordance with this Policy.
    </p>
  </div>

  <div class="policy-section">
    <h2 id="legal" class="section-anchor"><span class="section-num">5</span> Legal bases</h2>
    <p>
      Where privacy laws require a legal basis, we rely on legitimate interests
      (to operate and improve the Service), consent (where you provide it, such as
      joining the waitlist), and compliance with legal obligations.
    </p>
  </div>

  <div class="policy-section">
    <h2 id="sharing" class="section-anchor"><span class="section-num">6</span> Sharing your information</h2>
    <ul>
      <li><strong>Service providers:</strong> hosting, analytics, monitoring, and security partners who assist us in operating the Service.</li>
      <li><strong>External LLM providers (BYOK only):</strong> if you opt in, your query is sent directly from your browser to Anthropic, OpenAI, or xAI using your own API key.</li>
      <li><strong>Legal and safety:</strong> where required by law or necessary to protect rights, safety, or property.</li>
      <li><strong>Business changes:</strong> in connection with a merger, acquisition, or similar event, subject to confidentiality safeguards.</li>
    </ul>
    <p>We do not sell personal information to third parties.</p>
  </div>

  <div class="policy-section">
    <h2 id="retention" class="section-anchor"><span class="section-num">7</span> Data location &amp; retention</h2>
    <p>
      Service data is primarily processed and stored in Australia. Some service providers
      may process data in other jurisdictions. We retain personal information only as long
      as necessary for the purposes described in this Policy or as required by law, after
      which we securely delete or de-identify it.
    </p>
    <p>
      Query logs stored in our telemetry database contain hashed IP addresses (not reversible)
      and anonymised session identifiers. Raw query text is retained for up to 90 days for
      service improvement, then deleted.
    </p>
  </div>

  <div class="policy-section">
    <h2 id="security" class="section-anchor"><span class="section-num">8</span> Security</h2>
    <p>
      We use reasonable technical and organisational measures to protect personal information,
      including encrypted connections (HTTPS), hashed identifiers in logs, and access controls
      on data stores. However, no method of transmission or storage is 100% secure, and we
      cannot guarantee absolute security.
    </p>
  </div>

  <div class="policy-section">
    <h2 id="rights" class="section-anchor"><span class="section-num">9</span> Your choices &amp; rights</h2>
    <ul>
      <li>You may choose not to provide certain information, though this may limit functionality.</li>
      <li>You may request access to, or correction of, your personal information we hold.</li>
      <li>You may opt out of waitlist communications by replying "unsubscribe" to any email we send.</li>
      <li>You may clear your browser's local storage at any time to remove any stored API keys or session data.</li>
    </ul>
  </div>

  <div class="policy-section">
    <h2 id="children" class="section-anchor"><span class="section-num">10</span> Children</h2>
    <p>
      The Service is not directed to children under 16. If you believe a child has provided
      personal information, please contact us so we can delete it.
    </p>
  </div>

  <div class="policy-section">
    <h2 id="links" class="section-anchor"><span class="section-num">11</span> Third-party links</h2>
    <p>
      The Service may link to third-party sites including the Tasmanian Planning Scheme
      Online (TPSO) viewer and council websites. Their privacy practices are not covered
      by this Policy.
    </p>
  </div>

  <div class="policy-section">
    <h2 id="changes" class="section-anchor"><span class="section-num">12</span> Changes to this Policy</h2>
    <p>
      We may update this Policy by posting a revised version with a new "Last updated" date.
      Your continued use of the Service after changes are posted indicates acceptance of
      the updated Policy.
    </p>
  </div>

  <div class="policy-section">
    <h2 id="contact" class="section-anchor"><span class="section-num">13</span> Contact</h2>
    <p>
      If you have questions or requests about privacy — including access, correction, or
      deletion of your personal information — please contact us via the details below.
    </p>
  </div>

  <!-- Contact card -->
  <div class="contact-card">
    <div>
      <h3>Get in touch</h3>
      <p>Privacy enquiries, access requests, or unsubscribe from communications.</p>
    </div>
    <a href="mailto:privacy@tasplanning.report" class="btn btn-outline">
      <i class="bi bi-envelope"></i> privacy@tasplanning.report
    </a>
  </div>

</div>

<!-- ── Footer ────────────────────────────────────────────────────────── -->
<footer class="site-footer">
  <div class="footer-inner">
    <div class="footer-copy">© <span id="y"></span> Tasmanian Planning Scheme Assistant</div>
    <div class="footer-links">
      <a href="/">Home</a>
      <a href="/terms">Terms</a>
      <a href="/privacy">Privacy</a>
      <a href="/faq">FAQ</a>
    </div>
  </div>
</footer>

<script>
  document.getElementById('y').textContent = new Date().getFullYear();
</script>
</body>
</html>