1. Introduction
WIDEN Migration Consultancy ("we", "us", "our") operates the WIDEN AI Assistant platform at ai.widen.com.au. We are committed to protecting the privacy and security of your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform.
2. Information We Collect
2.1 Account Information
- Name, email address, phone number
- Company name and MARN (Migration Agent Registration Number)
- Password (stored securely using bcrypt hashing)
2.2 Gmail Data (with your explicit consent)
When you connect your Gmail account via Google OAuth, we access:
- Email messages — sender, recipient, subject, body, and date of emails in your inbox
- Contact information — email addresses extracted from your email correspondence
- Email metadata — thread IDs, read status, and labels
Important: We only access emails from the Gmail account you explicitly authorise. You can revoke access at any time through your Google Account settings.
2.3 Documents
- Passport images and travel documents you upload for data extraction
- Extracted data (names, passport numbers, dates, nationality)
- Other immigration-related documents
2.4 Client Data
- Client contact details, visa types, and case notes you enter into the system
- Campaign and communication records
3. How We Use Your Information
We use your information solely to provide migration agent services through our AI-powered platform:
- AI Email Analysis — Emails are analysed using Anthropic's Claude AI to categorise, prioritise, and suggest responses relevant to migration work
- Client Management — Organising client data, tracking visa applications, and managing communications
- Document Processing — Extracting data from passports and travel documents using AI
- Smart Replies & Drafting — Generating professional email responses tailored to migration consultancy
- Lead Scoring & Follow-ups — Identifying high-priority clients and pending follow-ups
- Campaign Management — Sending personalised communications to client groups
4. AI Processing
We use Anthropic's Claude AI to process and analyse your data. When emails or documents are sent to Claude for analysis:
- Data is transmitted securely via encrypted API calls
- Anthropic does not use your data to train their models (per their commercial API terms)
- AI responses are generated in real-time and not stored by Anthropic
5. Data Isolation & Security
Strict User Data Isolation: Each user's data is completely separated. You can only view and access your own emails, clients, documents, and campaigns. Every database query is filtered by your authenticated user ID.
- All data is stored on secure servers hosted by Railway (cloud infrastructure provider)
- Passwords are hashed using bcrypt and never stored in plain text
- Sessions are encrypted and expire after 30 days of inactivity
- Gmail OAuth tokens are stored per-user and encrypted
- All connections use HTTPS/TLS encryption in transit
- Gmail authentication includes profile verification to prevent cross-account access
6. Data Sharing & Disclosure
We do not sell, trade, or rent your personal information to third parties.
We may share your information only in the following limited circumstances:
- Anthropic (Claude AI) — For AI processing as described above
- Google — OAuth authentication to access your Gmail (with your consent)
- Legal obligations — If required by Australian law, court order, or regulatory authority
7. Data Retention
- Your account data is retained for as long as your account is active
- Synced emails are stored to provide ongoing analysis and search functionality
- You may request deletion of your data at any time by contacting us
- Upon account deletion, all associated data (emails, clients, documents) is permanently removed
8. Your Rights Under the Australian Privacy Act
Under the Australian Privacy Principles, you have the right to:
- Access your personal information held by us (APP 12)
- Correct any inaccurate or outdated information (APP 13)
- Know how your information is collected, used, and disclosed (APP 1 & 5)
- Opt out of direct marketing communications (APP 7)
- Complain if you believe your privacy has been breached (APP 1)
If you are unsatisfied with our response to a privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
9. Google API Services User Data Policy
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only request access to Gmail data that is necessary for providing our migration consultancy AI features
- We do not use Gmail data for advertising purposes
- We do not allow humans to read your email content unless required for security purposes, to comply with applicable law, or with your explicit consent
- We do not transfer Gmail data to third parties except as necessary to provide our services (AI analysis via Anthropic)
10. Cookies & Sessions
We use session cookies to maintain your login state. These cookies:
- Are essential for the platform to function
- Do not track you across other websites
- Expire after 30 days
We do not use analytics cookies, advertising trackers, or third-party tracking scripts.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the platform after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Back to Home