Platform Privacy, Data and Security Summary

Overview 

AI Dojo is a secure, Australian‑hosted AI platform purpose‑built for professional services firms. The platform has been designed to meet the confidentiality, privacy, and governance expectations of accounting and advisory firms, with strong controls around data residency, access, and use. 

This statement is a plain-English summary only and should be read together with our Privacy Policy, Data Processing Addendum and Terms of Use.  They can be found here: https://docs.ai-dojo.com.au/ 


Data Storage & Residency 

  • All customer data — including uploaded documents, chat messages, prompts, outputs, logs, and backups — is hosted in Microsoft Azure (Australia East)
  • Data storage, backups, logging, and disaster recovery infrastructure remain within Australian data centres
  • AI Dojo does not offshore customer data for storage purposes. 

Use of Data & AI Model Training 

  • Customer data is not used to train AI models. 
  • Documents, prompts, chats, and outputs submitted through the platform are processed solely to deliver responses to the user. 
  • AI Dojo integrates with leading frontier AI model providers (e.g. OpenAI and Anthropic) via API, but customer data is not retained by AI Dojo for training purposes outside the platform’s operational use. 
  • No data is permanently retained by the AI model providers for chats initiated from the platform. 

Data Segregation & Access Control 

  • AI Dojo operates as a multitenant SaaS platform with strict logical separation between organisations.  (A “tenant” in this context is a customer organisation on our platform). 
  • Each organisation’s data (documents, chats, prompts, and outputs) is isolated by organisation and accessible only to authorised users within that organisation. 
  • Cross‑tenant access to data is prevented through authentication, authorisation, and application‑level controls. 
  • All access is tied to verified user identity and organisation membership. 

Authentication & Identity Management 

  • The platform supports enterprise single signon (SSO) via Microsoft Entra ID (Azure AD) and Google Suite. 
  • No local usernames or passwords are used. 
  • When a user’s Microsoft or Google account is disabled or removed by the client, access to the AI Dojo platform is immediately revoked. 

Data Retention 

  • Chats, prompts, attachments, and outputs are for as long as needed to operate the service, maintain backups, support security and meet legal or record-keeping obligations. 
  • Audit logs are retained to support security, compliance, and investigation requirements. 
  • Backups follow standard Microsoft Azure retention policies, including short‑term hot backups and periodic archived snapshots. 

Retention policies are designed to balance auditability and operational resilience, while allowing for customer‑directed deletion. 


Secure Deletion & Exit 

  • Upon request, AI Dojo will securely delete all data associated with a customer organisation, including:  
  • User accounts 
  • Chats and messages 
  • Uploaded documents and files 
  • Where requested, a deletion summary report can be provided outlining the scope of data removed and audit evidence of deletion activity. 
  • AI Dojo will work cooperatively with clients to support orderly exit and data removal where required. 

Monitoring, Logging & Auditability 

  • Comprehensive audit logs are available covering:  
  • User activity 
  • Administrative actions 
  • Data uploads and downloads 
  • Logs can be accessed by AI Dojo’s security team to support client requests, investigations, or regulatory reviews. 

Application Security 

  • AI Dojo retains responsibility for applicationlevel security, including platform maintenance, patching, and monitoring. 
  • Vulnerability management and security updates are performed regularly as part of the active development cycle. 
  • The platform is hosted on Microsoft Azure infrastructure that already meets recognised security standards, including ISO 27001 and SOC‑aligned controls. 

Customer responsibilities 

  • Customers remain responsible for ensuring they have a lawful basis to collect, upload and process the data they choose to use in the platform. 
  • Customers should only upload sensitive information where necessary and appropriate for their use case. 
  • Customers are also responsible for their own configuration choices and any third-party integrations they connect. 

Summary 

AI Dojo is designed to give firms confidence that: 

  • Their data remains in Australia 
  • Their information is not used to train AI models 
  • Documents and chats are securely isolated 
  • Access is tightly controlled 
  • Deletion and exit are supported in a transparent, auditable manner 

The platform combines enterprise‑grade infrastructure with application‑level security controls tailored for professional services environments. 


Related documents 


Contact: support@ai-dojo.com.au 

Related Articles