Privacy Policy

Last Updated: September 15, 2025

1. INTRODUCTION

LudoX Pty Ltd ABN [64 686 414 773] ("LudoX," "we," "our," or "us") is committed to protecting your privacy and maintaining the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including the LudoX platform accessible at ludox.com.au and any related applications (collectively, the "Services").

We understand the sensitive nature of financial data and take our responsibility to protect it seriously. This policy has been created in compliance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and explains your rights regarding your personal information.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

For specific information about our security practices, encryption methods, and data protection measures, please refer to our Security Statement.

2. PRIVACY OFFICER

LudoX has appointed an internal Privacy Officer to handle privacy-related inquiries and concerns. If you have any questions about our privacy practices or would like to exercise your privacy rights, please contact our Privacy Officer at:

Email: privacy@ludox.com.au

Phone: 0414 238 812

Address: Suite 48, Level 9, 88 Pitt Street, Sydney NSW 2000

3. INFORMATION WE COLLECT

3.1 Personal Information

We collect several types of information from and about users of our Services, including:

  • Account Information: When you register for an account, we collect your name, email, phone number, and company details
  • Billing Information: If applicable, payment details and billing address
  • User Profile Information: Information you provide in your user profile, such as profile pictures or job titles

3.2 Financial Data

Our primary service involves processing financial information from wealth management platforms. This includes:

  • CSV or Excel Files: The content of CSV or Excel files you upload containing financial data
  • Report Configurations: Settings and preferences related to how you want your reports generated

Important: LudoX operates under a zero-retention policy for customer financial data. All customer financial information is automatically and permanently deleted after processing and report generation. We do not retain, backup, or store customer financial data beyond the time necessary to provide the service.

AI Commentary (Optional): If you enable AI-powered commentary features, only anonymized summaries (such as asset allocation percentages and high-level performance metrics without names or account identifiers) are sent to AWS Bedrock in the Sydney region for processing. No raw financial data or personally identifiable information is shared with AI services.

3.3 Usage Data

We automatically collect certain information about how you interact with our Services:

  • Interaction Data: Information about how you navigate and use our Services, including features used and processing actions taken
  • Device Information: Information about the device you use to access our Services, including IP address, browser type, operating system, and device identifiers
  • Log Data: Information that our servers automatically collect when you access our Services such as access times, pages viewed, and system activity

3.4 Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our Services and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

4. HOW WE USE YOUR INFORMATION

We use the information we collect for various purposes, including:

4.1 Providing and Maintaining the Services

  • Processing and delivering the functionality of the LudoX platform
  • Converting CSV or Excel files into PowerPoint presentations
  • Authentication and account management
  • Responding to your requests and inquiries
  • Generating AI-powered commentary on reports (optional, customer-enabled feature)

4.2 Improving and Developing the Services

  • Analyzing usage patterns to enhance user experience
  • Developing new features and functionality
  • Testing and debugging to improve performance
  • Conducting research and analysis to better understand our users' needs

4.3 Communication

  • Sending service-related notifications and updates
  • Responding to your comments, questions, and customer service requests

4.4 Security and Compliance

  • Protecting against unauthorized access and fraudulent activity
  • Enforcing our Terms of Service and other legal rights
  • Complying with legal obligations
  • Resolving disputes and troubleshooting problems
  • Maintaining SOC 2 and ISO 27001 compliance standards we are implementing

5. DATA RETENTION AND DELETION

5.1 Zero-Retention Policy for Financial Data

LudoX implements a strict zero-retention policy for all customer financial data:

  • Customer financial information is automatically deleted immediately after processing
  • No backups or copies of financial data are retained
  • One-file-per-user system ensures previous uploads are automatically overwritten

5.2 Other Data Retention

We retain your personal information (excluding financial data) only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you
  • Whether there is a legal obligation to which we are subject
  • Whether retention is advisable in light of our legal position

For detailed information about our data storage, security measures, and file retention policies, please refer to our Security Statement.

6. DISCLOSURE OF YOUR INFORMATION

6.1 Service Providers

We may share your information with third-party service providers that perform services on our behalf, such as:

  • Cloud Infrastructure: AWS (Sydney region) for secure cloud infrastructure, temporary data processing, and optional AI services
  • AI Services (Optional): AWS Bedrock (Sydney region) for generating AI commentary on reports when enabled by customer. Only anonymized, aggregated data summaries are sent (Portfolio data including asset allocation, portfolio performance and portfolio attribution). No personal or identifying information is shared with this service.
  • Development Tools: GitHub for source code management and development workflows
  • Compliance Platforms: Vanta for compliance monitoring and audit support
  • Payment Processors: For billing purposes when applicable
  • Customer Support Services: For technical assistance and account management

We require all third-party service providers to respect the security of your personal information and to treat it in accordance with applicable laws and our zero-retention policies.

6.2 Business Transfers

If LudoX is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services of any change in ownership or uses of your personal information.

6.3 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

6.4 With Your Consent

We may share your personal information with third parties when we have your consent to do so.

6.5 Aggregated and De-identified Data

We may use and share aggregated or de-identified information that cannot reasonably be used to identify you for any lawful business purpose.

7. DATA SECURITY AND COMPLIANCE

LudoX implements enterprise-grade security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Multi-Tenant Isolation: Complete separation between different client environments
  • Access Controls: Strict authentication and authorization procedures
  • Compliance Standards: Implementation of SOC 2 Type II and ISO 27001 frameworks
  • Regular Auditing: Continuous monitoring and regular security assessments
  • Incident Response: Comprehensive procedures for handling any security incidents

8. INTERNATIONAL DATA TRANSFERS

Our primary infrastructure is located in Australia (AWS ap-southeast-2 Sydney region). However, some of our service providers may process data internationally. When personal information is transferred outside of Australia, we ensure appropriate safeguards are in place to protect your information in accordance with Australian privacy laws.

For clients located in the European Union, we implement appropriate safeguards including standard contractual clauses where necessary to ensure GDPR compliance.

9. YOUR PRIVACY RIGHTS

9.1 Under Australian Privacy Principles

You have certain rights regarding your personal information:

  • Access and Correction: You can review and update your account information directly through your account settings or by contacting us at privacy@ludox.com.au
  • Deletion: You may request deletion of your personal information by contacting us. Due to our zero-retention policy, financial data is automatically deleted after processing
  • Communication Preferences: You can opt out of receiving marketing communications by following unsubscribe instructions or contacting us

9.2 For EU Residents (GDPR Rights)

If you are located in the European Union, you have additional rights including:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right of data portability
  • Right to object
  • Rights related to automated decision making

9.3 Complaint Handling

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@ludox.com.au or with the Office of the Australian Information Commissioner (OAIC).

10. CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at privacy@ludox.com.au.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date. If we make material changes to this Privacy Policy, we will notify you by email or by a notice on our Services prior to the changes becoming effective.

We recommend reviewing this Privacy Policy periodically to stay informed of any updates.

12. CONTACT INFORMATION

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

LudoX Pty Ltd

📧 Email: privacy@ludox.com.au

📞 Phone: 0414 238 812

📫 Address: Suite 48, Level 9, 88 Pitt Street, Sydney NSW 2000

For general inquiries: support@ludox.com.au

For security concerns: security@ludox.com.au