Privacy Policy

Last updated: June 2026

Your privacy — and the confidentiality of your exploration data — matters to us. Here's how we collect, use, and protect your information when you use MineDSS.

Our Privacy Commitment

MineDSS (a product of QuestFeed Pty Ltd, ABN 58 632 013 855) is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also respect the rights of individuals under the GDPR, CCPA, and other applicable international privacy regulations.

No Data Selling

We never sell your personal or business information to third parties.

Your Data Stays Yours

Anything you send us is used for your job only — never folded into, or used to train, models for anyone else.

Encrypted & Secure

All data encrypted in transit (TLS) and at rest, with access tightly controlled.

1. About Us

MineDSS is a product name and brand of QuestFeed Pty Ltd. It is not a separately registered business or trademark. This privacy policy is issued by, and all data protection obligations are held by:

Company Name

QuestFeed Pty Ltd

ABN

58 632 013 855

Entity Type

Australian Private Company

Location

Queensland, Australia

2. Information We Collect

Information You Provide

Account Information

Email address, name, company name, password

Project Data

Areas of interest, tenement boundaries, commodities, and the parameters you select for a run

Client Geoscience Data

Any data you choose to upload — assay results, drillhole logs, sample data, or your own datasets

Payment Information

Billing details processed securely via Stripe

Communication

Messages, support requests, and feedback you send us

Automatically Collected

Outputs Generated

Prospectivity maps, ranked targets, evidence, and reports generated by the platform for your runs, associated with your account

Usage Analytics

How you interact with the platform — pages visited, features used, run frequency — to improve our service

Log & Device Data

Standard technical data such as IP address, browser type, and timestamps for security and reliability

3. How We Use Your Information

  • Generate prospectivity maps, ranked targets, and reports for your areas of interest
  • Train and run Custom ML models on your ground when you engage us to do so
  • Process payments and manage your account or engagement
  • Improve our prospectivity methodology, validation, and platform features
  • Provide customer support and respond to your enquiries
  • Comply with legal obligations and enforce our terms
  • Send service-related communications (new coverage, platform updates)

4. What We Do NOT Do

We will NEVER:

  • Sell your personal or business information to third parties
  • Share your project data, uploaded data, or Outputs with other clients or competitors
  • Use your Client Data to train models we provide to anyone else
  • Use your information for advertising without your explicit consent
  • Disclose your exploration data or analysis to unauthorised third parties
  • Store payment card details on our servers (handled by Stripe, PCI-DSS Level 1)

5. Data Security

Encryption

Encrypted in transit (TLS) and at rest. Account information, project data, uploads, and Outputs are protected end-to-end.

Access Controls

Role-based access and least-privilege principles for all internal access. Your data is isolated per client.

Infrastructure

AWS cloud infrastructure (serverless compute and managed database) and Cloudflare. Primary data storage in AWS us-east-1.

Incident Response

Documented incident response procedures, with breach notification consistent with the Notifiable Data Breaches scheme and GDPR (within 72 hours where applicable).

Monitoring

Continuous security monitoring and logging across platform infrastructure.

Regular Reviews

Periodic security assessments of our own infrastructure and application code.

6. Data Retention

We retain personal and project information only for as long as necessary to fulfil the purposes described in this policy:

Information Type Retention Period
Outputs & run results Duration of active account or engagement + 90 days
Client geoscience data (uploads) Duration of the engagement; deleted or returned on request after delivery
Account information Duration of active account + 2 years after deletion
Payment records 7 years (as required by Australian tax law)
Usage analytics 26 months (aggregated and anonymised)
Support communications 3 years from date of resolution

You may request deletion of your data at any time. We will process deletion requests within 30 days, subject to legal retention requirements.

7. Your Rights

Under the Australian Privacy Principles and applicable international regulations (including GDPR and CCPA), you have the right to:

Access

Request a copy of personal information we hold about you

Correction

Request correction of inaccurate or outdated information

Deletion

Request deletion of your personal information ("right to be forgotten")

Data Portability

Receive your data in a structured, machine-readable format

Restrict Processing

Request limitation of how we process your data

Withdraw Consent

Withdraw consent for data processing at any time

How to Exercise Your Rights

To exercise any of these rights, contact us at:

[email protected]

We will respond within 30 days. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local data protection authority.

8. Cookies and Tracking

We use cookies and similar technologies to improve your experience:

Type Purpose Required
Essential Authentication, session management, security Yes
Functional Remember your preferences and settings No
Analytics Understand usage patterns to improve our service No

You can manage cookies through your browser settings. Disabling essential cookies may affect platform functionality. We do not use advertising or tracking cookies.

9. International Data Transfers

MineDSS operates from Australia with cloud infrastructure in the United States. Your data may be processed in:

  • — United States (AWS infrastructure, primary data storage)
  • — Australia (company operations)
  • — Cloudflare global edge network (content delivery)

Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU data transfers and compliance with the Australian Privacy Act cross-border disclosure requirements (APP 8). If your organisation requires data residency within Australia for sensitive exploration datasets, contact us at [email protected] to discuss enterprise arrangements.

10. Third-Party Services

We use the following third-party services to operate our platform:

Stripe

Payment processing (PCI-DSS Level 1 certified)

AWS

Cloud infrastructure, database, and serverless compute

Cloudflare

Content delivery, DDoS protection, and frontend hosting

We share information with these providers only as needed to operate the Services, and they are bound by confidentiality and data-protection obligations. We do not sell your data, and we do not share your project data, uploads, or Outputs beyond what is necessary for processing.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email (for registered users) or by posting a prominent notice on our platform. Your continued use of MineDSS after changes constitutes acceptance of the updated policy.

Contact Us About Privacy

For questions about this Privacy Policy or to exercise your privacy rights:

QuestFeed Pty Ltd

ABN: 58 632 013 855

Email: [email protected]

Web: www.minedss.com

Location: Queensland, Australia

Document Version: 1.0 | Effective: June 2026