This is not legal advice. It is written to be honest and accurate about what GroundLab does with your data. If anything here is unclear, contact us (§1).
GroundLab keeps as little about you as it can. Your sessions — what you and the AI models say — live on your device, not our servers. We hold only what we need to run your account, take payment, and keep the platform safe (listed in §2).
But the providers behind your sessions keep their own records, and their policies differ. When you address an AI, that turn goes to your selected provider — so choosing a model is also choosing whose data practices apply (their policies are linked in §4). This applies in all modes, including Off the Record: "Off the Record" means we don't retain or publish your session content — but the limited records in §2 still apply (and a moderation trip is still recorded, §5), and the AI provider your turn was sent to still processes it under its own policy. Moderation is the one thing you don't choose: GroundLab picks the safety screener (a cost-based selection with a fallback — §4/§5), the same for everyone.
GroundLab ("we", "us") is the multi-model AI reasoning workspace at groundlab.com.au, operated by sole trader ABN 88 609 151 945, registered in Qld, Australia. Contact: our feedback form.
We collect (the minimum):
| Data | Why | Where it lives |
|---|---|---|
| Account — email, hashed auth credentials | sign-in, account security | Australian (Sydney) infrastructure |
| Waitlist signup — email address, source, signup timestamp | queue launch access, optional marketing updates | Australian (Sydney) infrastructure |
| Agreement acceptance — AUP + pricing version + timestamps | proof of consent (legal) | Australian (Sydney) infrastructure |
| Age verification — date of birth, age_verified_at timestamp | comply with age assurance requirements (and AI-provider developer terms) | Australian (Sydney) infrastructure |
| Billing — payment-processor customer id, prepaid wallet balance, transaction ledger (amounts, dates) | take payment, run the wallet | Australian (Sydney) infrastructure + payment processor |
| Rate-limit events — per-user request counts (no content). For anonymous/unauthenticated requests, a one-way hash of the IP (not the IP itself) stands in for a user id. | fair-use / anti-abuse | Australian (Sydney) infrastructure |
| Moderation-trip evidence — only if your input/output trips the safety screen (see §5) | protect platform + provider access | Australian (Sydney) infrastructure |
| Aggregate usage trends — non-identifying, product-level | improve + develop the product | Australian (Sydney) infrastructure |
| Feedback & complaints — what you submit via the form (§12). Name, email, and contact details are optional — you may submit anonymously, and a contact-consent flag is stored if you allow follow-up. | respond, improve, meet complaint duties | Australian (Sydney) infrastructure — admin-access only |
| Preference signals — a planned feature: likes/dislikes only where you explicitly flag one. Disclosed here so its scope is bounded from the start; not collected until the feature ships. | improve + develop the product | Australian (Sydney) infrastructure |
We deliberately do NOT collect or retain (local-first):
What local-first means for you — the trade-off. Where your sessions live on your device (a folder you choose, or your browser):
We use what we collect for: (a) authenticating and securing your account; (b) processing top-ups and metered usage from your wallet; (c) enforcing fair-use rate limits and the safety/moderation layer; (d) meeting legal obligations (e.g. retaining billing records). We do not sell your personal information, and we do not use your content to train models.
Separately, from aggregate usage and the feedback you choose to share, we may improve and develop the product. Direct marketing: when you create an account, you agree we may send you product updates and occasional news about GroundLab. You can opt out any time — every email has a one-click unsubscribe and you can switch it off in Settings. We only use the details you gave us, and never sell them. (We may also use material you've made public — e.g. a GroundLab video you published yourself.) This opt-out marketing basis rests on consent at signup plus a functional unsubscribe (APP 7.2 / Spam Act 2003), both of which are live.
Running the product means some data passes through providers. Two kinds:
(a) AI providers you choose — your turn goes to the one you selected. Anthropic, Google, Groq (it hosts the open-weight Llama debater), and OpenAI. When you address an AI, the text of that turn is sent to that provider's API to generate a response. These providers are in the United States and/or EU, so that text is disclosed overseas (APP 8) — the "your words pass through provider APIs in the US/EU" transit disclosure shown at induction. Each keeps its own records under its own policy. Their Developer/API terms state that API inputs are not used to train their models (this differs from their consumer apps):
Your model choice determines which apply to your turns.
(b) Infrastructure / safety providers we choose (same for everyone). We rely on third-party providers, some located overseas (United States / EU), for the functions below. We don't name them here to keep our operational surface low, but we describe what each does and where your data sits:
Database & authentication hosting — on Australian (Sydney) infrastructure.
Application hosting — overseas; handles HTTP request metadata (IP, user-agent, timestamps) under its own policy.
Payment processing — overseas, PCI-compliant. We pass a charge amount + your customer id; the processor holds the card data, not us.
Safety screening — every input and output is screened by OpenAI's omni-moderation classifier with a Google fallback. GroundLab's safety infrastructure, applied the same way for everyone regardless of which AI debater you chose.
What it screens — and what it deliberately doesn't: GroundLab's safety boundary is on the act, not the subject. Reasoning about any topic — violence, self-harm, contested politics, extremism — is the product. The screener gates a narrow set of acts: generating instructions for harm, producing illegal content, or material in catastrophic categories (child exploitation, instructions for creating weapons or carrying out mass-casualty attacks). Hard debate is intentionally permitted; only operational harm is blocked.
What OpenAI sees: the moderation endpoint (/v1/moderations) is a free safety tool; for that endpoint OpenAI states the data is not retained and not used for training.
We disclose to no one else except where required by law (see §5 catastrophic carve-out).
If your input or an AI output trips the safety screen, we retain a record to protect the platform and our provider access (one of only two session-derived things we keep):
You can access, correct, or delete your personal information. Deleting your account removes your profile and cascades the deletion of your billing ledger and rate-limit events (Rule 20). Feedback you submitted is retained (content) to support improvement and complaints — your contact details within it are removed. Moderation-evidence rows follow §5 (auto-purged on their own clock; catastrophic = hash-only). A pseudonymous ban/safety reference (hash + reason) may persist for platform protection (§6). Your locally-stored sessions are yours to keep or delete on your own device.
Credentials are hashed; the server holds only the minimum (§2); infrastructure is pinned to Sydney; service-role keys are server-side only. No system is perfectly secure, but the local-first design means the most sensitive thing — your actual reasoning — isn't on our servers to be breached.
Local file access. When you save sessions to a folder on your device, your browser grants GroundLab access to that one folder only — never your wider file system, and never without your explicit permission each time. Your browser also blocks access to system locations, and the Download and Ephemeral storage options don't touch your file system at all. For extra safety, choose a dedicated GroundLab folder rather than a broad one like your Documents or home directory.
Data-breach notification: if a breach likely to result in serious harm occurs, we will notify the OAIC and affected individuals as required by the Notifiable Data Breaches (NDB) scheme (Privacy Act 1988).
GroundLab is for users 18 and over. We apply an age-assurance gate at signup (self-declared date of birth + certification — 10_user_agreement.md §1.1). We don't knowingly collect data from anyone under 18.
We use only the cookies/session tokens needed to keep you signed in (authentication). We load no third-party tracking scripts or cookies — payment is invoked server-side, so no third-party payment script runs on our pages. Telemetry/analytics: we do not run usage telemetry at launch. If we add optional telemetry later, it will be opt-in and content-free (never your goals or session text), and disclosed here first.
We may update this policy; material changes are surfaced at sign-in (the versioned-acceptance rail), not buried. The "last updated" date below always reflects the current version.
If you're concerned about how we've handled your information, contact us first via our feedback form. We aim to acknowledge promptly and resolve within 30 days; if we can't, we'll tell you why. You may also complain to the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au.
Last updated: 2026-06-20 · v1.0.