RDTI.
Estimate your claim Sign in

Effective 23 June 2026

Privacy Policy

This policy explains what personal information RDTI collects, how we use and protect it, and the choices you have. RDTI is operated by Secus Digital Pty Ltd (ABN 67 643 505 819). We handle personal information in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Who we are

RDTI is a service that helps Australian software companies prepare an R&D Tax Incentive claim from their development history. In this policy, "we", "us", and "RDTI" mean Secus Digital Pty Ltd (ABN 67 643 505 819), of Level 1, 4 Forbes Lane, Turramurra NSW 2074. If you have any question about this policy or your personal information, contact us at support@secus.digital.

What we collect

To deliver the service we collect and process:

  • Account and identity data: your email address, a securely hashed password, and account confirmation status.
  • Organisation and billing data: your organisation name and a billing customer reference held by our payment provider. We do not store full card numbers.
  • Company data: details about the claiming company, such as its name, ABN, turnover band, incorporation date, and financial year end.
  • Connected source code and repository content: when you connect a code repository, we read its development history, including pull requests, commits, contributor and timestamp metadata, file paths, and the contents of specific files we fetch to substantiate the claim.
  • Contributor data: information about the people who authored the work, such as name or identity, email address, code-hosting handle, cost rate, and working hours.
  • Interview answers: the questions, answers, and transcripts produced during the guided interview.
  • Usage data: operational records such as processing metrics and logs needed to run, secure, and bill for the service.

How we use it

We use this information to:

  • prepare and substantiate your R&D Tax Incentive claim package;
  • run the guided interview that surfaces and tests candidate R&D activities;
  • provide, secure, support, and improve the service;
  • bill you for the service and keep records we are required to keep.

We do not use your code or your data to train artificial intelligence models.

How AI processing works

To generate and assess the claim narrative, summaries of your source code and your interview answers are sent to a third-party artificial intelligence processor that returns analysis and draft text. This processing is necessary to deliver the service. We do not permit that processor to use your content to train its models. If you do not want your content processed this way, do not connect a repository or start an interview.

Who else processes your data

We use a small number of trusted service providers to run RDTI. We share only what each provider needs, and each is bound by its own contractual and security obligations. These providers fall into the following categories:

  • Code hosting and source ingestion to connect and read your repositories;
  • Artificial intelligence processing to analyse code summaries and interview answers;
  • Payment processing to take and record payment;
  • Email delivery to send account and transactional messages;
  • Cloud hosting and infrastructure to run and store the application.

Some of these providers may store or process data outside Australia. Where that happens, we take reasonable steps to ensure the information is handled consistently with this policy and the APPs.

Storage, security, and retention

We use reasonable technical and organisational measures to protect your information, including encryption of credentials and access tokens, access controls, and secure infrastructure. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

We retain your information for as long as needed to provide the service, to support a prepared claim, and to meet our legal and record-keeping obligations. You can ask us to delete your information, and we will do so where we are not required to retain it.

When we disclose information

We do not sell your personal information. We disclose it only to the service-provider categories described above, to you and people you authorise within your organisation, and where we are required or permitted to by law.

Your rights

You can ask to access or correct the personal information we hold about you, and you can make a privacy complaint. Contact us at support@secus.digital and we will respond within a reasonable time. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC).

Cookies

We use only essential cookies needed to keep you signed in and to keep the service secure. We do not use third-party advertising or analytics cookies.

Changes to this policy

We may update this policy from time to time. When we do, we will change the effective date above, and material changes will be made clear on this page.

Contact

Questions about your privacy can be sent to support@secus.digital.