This Privacy Policy explains how Daring Flow ("we," "us," or "our"), a sole proprietorship registered in New South Wales, Australia, collects, uses, stores, and discloses your personal information when you use Ogadu ("the Service"), available at ogadu.com.
We are committed to protecting your privacy and handling your data transparently, in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and, where applicable, the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR.
By using the Service, you agree to the collection and use of information in accordance with this Policy.
Privacy-related questions, requests, or complaints
contact@ogadu.comThe data controller and operator of Ogadu is:
Daring Flow
New South Wales, Australia
contact@ogadu.com
For users located in the European Union or United Kingdom, Daring Flow acts as the data controller in respect of your personal data.
We only collect personal data that is necessary to provide the Service. We do not collect data for advertising, marketing profiling, or analytics purposes.
Payments are processed entirely by Stripe. We do not receive, store, or process your card number, CVV, or full payment details. We receive only:
We use your data for the following purposes:
| Purpose | Legal Basis (GDPR) | Australian APP Basis |
|---|---|---|
| Providing and operating the Service | Performance of a contract | Necessary for service delivery |
| Processing payments and managing credits | Performance of a contract | Necessary for service delivery |
| Sending transactional emails | Performance of a contract | Necessary for service delivery |
| Enabling AI features via Amazon Bedrock | Performance of a contract | Necessary for service delivery |
| Enabling team collaboration features | Performance of a contract | Necessary for service delivery |
| Maintaining security and preventing fraud | Legitimate interests | Legitimate interests |
| Complying with legal obligations | Legal obligation | Legal obligation |
| Responding to support requests | Legitimate interests / contract | Necessary for service delivery |
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
This section is important. Please read it carefully.
When you send a message to the AI, your message content (and any relevant context from your knowledge base) is transmitted to Amazon Bedrock, an AI model inference service operated by Amazon Web Services (AWS). We currently use Anthropic Claude models for chat and Amazon Titan for knowledge base features. We may add additional AI models in the future and will update this Policy accordingly.
According to AWS documentation: "Amazon Bedrock doesn't store or log your prompts and completions. Amazon Bedrock doesn't use your prompts and completions to train any AWS models and doesn't distribute them to third parties." Model providers, including Anthropic, do not have access to Amazon Bedrock customer data, logs, or prompts. Your conversations are not used to train AI models.
When you upload documents to a project's knowledge base, we process that content to enable AI-assisted search and retrieval. The processed content and original documents are stored on our own infrastructure. When you or a project admin deletes a document or project, all associated processed data is also deleted.
Only the content necessary for the AI to respond to your query is transmitted to Amazon Bedrock. We do not send unnecessary personal data.
We use Amazon Web Services (AWS) to host and operate the Service. Where possible, we use AWS infrastructure located in the EU (Frankfurt, Germany). By using the Service, you acknowledge that your data is processed on infrastructure located primarily in the EU.
Payments are processed by Stripe. Your payment data is subject to Stripe's own infrastructure and security practices.
You may delete your account at any time from within the Service. Upon account deletion:
Billing records are retained for legal compliance as described above, even after account deletion.
We do not sell, rent, or trade your personal data. We share data only in the following circumstances:
| Provider | Purpose | Data Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, hosting, and AI model inference via Amazon Bedrock | Primarily EU (Frankfurt) |
| Stripe | Payment processing | United States |
Both providers are bound by their own privacy policies and data processing agreements. We have data processing agreements in place with AWS. Stripe operates under applicable data protection frameworks.
We may disclose your data if required by law, court order, or government authority, or where we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.
If Daring Flow is sold, merged, or transfers its assets, your data may transfer to the successor entity. We will notify you by email before your data is transferred and becomes subject to a different privacy policy.
We will share data with other parties only with your explicit consent.
If you are a member of an organisation or a shared project, please be aware:
If you are an organisation admin, you are responsible for informing your members that their usage data is visible to you, and for complying with applicable privacy laws in relation to your members.
We use only the following cookies:
We do not use advertising or tracking cookies, third-party analytics cookies, or persistent marketing cookies.
Under the Australian Privacy Principles, you have the right to:
In addition to the above, if you are located in the EU or UK, you have the right to:
To exercise any of these rights, contact us at contact@ogadu.com. We will respond within 30 days. We may need to verify your identity before processing your request.
Daring Flow is based in Australia. We primarily store and process data in the EU (AWS Frankfurt region).
Where data is transferred outside the EU/EEA (for example, through Stripe or global AWS infrastructure), such transfers are subject to appropriate safeguards including Standard Contractual Clauses (SCCs) and applicable data transfer frameworks.
We take reasonable technical and organisational measures to protect your data, including:
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security and you use the Service at your own risk in this respect.
If we become aware of a data breach that is likely to result in serious harm, we will notify affected users and, where required, the relevant authorities, in accordance with the Notifiable Data Breaches scheme under the Australian Privacy Act and GDPR Articles 33 and 34.
The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a person under 18, we will delete that data promptly.
If you believe a minor has registered without parental consent, please contact us at contact@ogadu.com.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
If you are unhappy with how we have handled your personal information: