Participant Privacy Policy

For Dilog Interview Participants

Dilog Pty Ltd (ABN 79 696 521 141)

Effective Date: March 28, 2026  ·  Version 1.0

1. About This Policy

This Privacy Policy explains how Dilog Pty Ltd (Dilog, we, us, or our) collects, uses, discloses, and protects personal information from individuals who participate in our research interview program.

This policy applies to you if you have participated in, or are considering participating in, a Dilog research interview. If you are a business client or platform user, please refer to our Platform Privacy Policy.

Dilog is committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also comply with the New Zealand Privacy Act 2020, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA/CPRA).

2. Who We Are

Dilog creates AI-powered digital agents (we call them ‘Anonymised Reflective Profiles’ or ARPs) based on in-depth interviews with real people. These agents help businesses understand customer attitudes, preferences, and decision-making patterns without needing to contact you every time they have a question.

We are incorporated in New South Wales, Australia. Our contact details are set out in Section 14 of this policy.

3. Information We Collect

3.1 Information You Provide During Interviews

When you participate in a Dilog research interview (typically 2–3 hours), we collect:

  • Identity information: Your name and contact details (stored separately from your interview data — see Section 7)
  • Demographic information: Age range, general location (region, not specific address), household composition
  • Attitudes and opinions: Your views on products, services, brands, and related topics
  • Decision-making patterns: How you make purchasing decisions, what factors influence you
  • Life experiences: Relevant experiences that shape your preferences (as you choose to share them)
  • Behavioural tendencies: Shopping habits, brand loyalty, price sensitivity
  • Industry-specific insights: Responses to questions tailored to specific industries or product categories relevant to our business clients

3.2 Sensitive Information

Our interviews explore your attitudes, beliefs, decision-making patterns, and life experiences. This includes topics classified as ‘sensitive information’ under Australian privacy law, such as:

  • Political opinions
  • Philosophical beliefs
  • Religious beliefs
  • Health-related information
  • Information about racial or ethnic origin

You can always decline to answer specific questions during your interview. However, participation in the Dilog program requires consent to in-depth discussion of your attitudes and beliefs, as this is what makes your ARP valuable and authentic.

3.3 Information from Other Sources

To provide context for your ARP, we may supplement your interview data with:

  • General market data: Publicly available information about economic conditions, market trends, and industry developments
  • Quarterly recalibration: Updated information you provide during periodic check-ins

We do not collect personal information about you from third parties without your knowledge.

4. How We Use Your Information

We use your personal information for the following purposes:

PurposeDescription
Create your ARPBuild an AI-powered digital agent that reflects your attitudes and decision-making patterns
Research panelsInclude your ARP in panels that Dilog's business clients can query for market research insights
Adjacent sharingShare your ARP with non-competing clients in related industries to build deeper segment insights
Service improvementEnhance how accurately our ARPs reflect real people's perspectives
RecalibrationContact you periodically (approximately quarterly) to update your ARP
Incentive administrationManage any payments, rewards, or benefits for your participation
We will NOT: Sell your personal information directly, share your real identity with our clients, use your data for purposes beyond those described in this policy, or train AI models on your data in a way that cannot be deleted.

5. Legal Basis for Processing

We process your personal information based on:

  • Consent: You provide explicit consent when you sign our Participant Consent Form. We will not proceed with any processing of your personal information (from the interview or other communication) unless that consent form is signed.
  • Contract: Processing is necessary to perform our agreement with you, including administering incentives
  • Legitimate interests: For service improvement and security purposes, where these interests do not override your rights

For sensitive information, we rely exclusively on your explicit consent.

6. Who We Share Your Information With

6.1 Business Clients

Our business clients can query panels that include your ARP. However:

  • Clients never see your real identity — only pseudonymised, generalised responses
  • Specific identifying details (suburb names, employer names, exact dates) are generalised before being shown to clients
  • Clients cannot access your raw interview transcript
  • Your ARP will not be shared with competitors of the client who recruited you (if applicable)

6.2 Service Providers

We use the following third-party service providers to operate our platform:

ProviderLocationPurpose
OpenAIUnited StatesAI processing for ARP responses (your data is used as context, not for model training)
GoogleAustralia, United StatesAI processing for ARP responses (your data is used as context, not for model training)
Google AnalyticsUnited StatesSecure data storage
LangfuseUnited StatesAI trace processing and prompt management for improving operations
Amazon Web ServicesAustralia, United StatesApplication hosting

We have data processing agreements with these providers requiring them to protect your information to standards consistent with this policy.

6.3 Other Disclosures

We may also disclose your information:

  • Where required by law, court order, or government authority
  • To protect the rights, property, or safety of Dilog, our users, or the public
  • In connection with a merger, acquisition, or sale of assets (with notice to you where practicable)

7. How We Protect Your Information

7.1 Identity Separation & Security

Your name and contact details are stored separately from your interview data in a separate system:

  • Identity system: Your real name, email, and contact information linked to an anonymised ID.
  • ARP system: Your interview data, personality profile, and demographics linked only to your anonymised ID
  • These systems are connected only through documented procedures for specific purposes (quarterly recalibration, deletion requests, incentive payments).

This means that even if the main ARP system were compromised, an attacker could not identify you without also breaching the separate identity system.

7.2 Pseudonymisation and Output Filtering

We apply multiple layers of protection:

  • Direct identifiers (name, email, phone) are never stored with your interview data
  • Specific details are generalised before clients see responses (e.g., 'inner Sydney' instead of specific suburb)
  • Distinctive combinations of information that could identify you are filtered from client-facing outputs

7.3 Technical Security

  • All data is encrypted at rest and in transit
  • Access controls restrict who within Dilog can view your information
  • We maintain audit logs of data access
  • Regular security assessments and updates

7.4 Architecture That Supports Deletion

Unlike AI systems that train models on personal data (making deletion technically impossible), your interview data is stored as discrete, deletable records. Your data is provided as context to AI queries — it is not ‘baked into’ any model. This means we can genuinely delete all your information if you withdraw consent (see Section 10).

8. International Data Transfers

As described in Section 6.2, we use service providers located in the United States. When your data is transferred outside Australia, we ensure appropriate safeguards are in place, including:

  • Data processing agreements requiring recipients to protect your information
  • Standard Contractual Clauses (for EU data subjects)
  • Verification that recipients have appropriate security measures

9. Your Rights

Depending on your location, you have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Ask us to correct inaccurate or incomplete information
  • Deletion: Request that we delete your personal information and deactivate your ARP
  • Portability: Receive your data in a structured, commonly used format (GDPR/CCPA)
  • Objection: Object to certain processing activities
  • Restriction: Request that we limit how we use your data
  • Withdraw consent: Withdraw your consent at any time (see Section 10)

To exercise any of these rights, contact us at privacy@dilog.ai. We will respond within 30 days (or sooner where required by law).

10. Withdrawal of Consent and Data Deletion

You can withdraw your consent at any time by contacting us at privacy@dilog.ai.

When you withdraw consent, we will:

  1. Delete your interview transcript and all derived data from our ARP system
  2. Permanently deactivate your ARP and remove it from all panels
  3. Delete your identity mapping from our air-gapped identity system
  4. Purge any cached outputs or logs containing your data
  5. Provide written confirmation when deletion is complete

Because your data is stored as discrete records (not trained into models), we can completely remove your information. After deletion, our systems genuinely cannot reconstruct or output your personal information.

Important: Effect on Incentives
If you are receiving ongoing incentives for your participation (such as periodic payments, rewards, or other benefits), withdrawing consent and requesting deletion will result in cancellation of these ongoing incentives. Incentives already paid prior to your withdrawal will not be affected.

11. Data Retention

We retain your information as follows:

  • Active participants: For as long as you remain an active participant, with quarterly recalibration
  • Inactive participants: If you do not respond to quarterly check-ins for 12 months, we will contact you to confirm whether you wish to continue. If we cannot reach you, we may deactivate your ARP but retain your data for up to 24 months
  • After consent withdrawal: Deleted within 30 days of your request
  • Legal obligations: We may retain certain records where required by law (e.g., for tax purposes related to incentive payments)

12. Children’s Privacy

Dilog does not knowingly collect personal information from individuals under 18 years of age. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@dilog.ai.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email (using the contact information you provided) and will update the ‘Effective Date’ at the top of this policy. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this policy or wish to exercise your rights:

Dilog Pty Ltd

Email: privacy@dilog.ai

Address: PO Box 630, Pyrmont NSW 2009

Website: www.dilog.ai

15. Complaints

If you believe we have breached your privacy, you can:

  1. Contact us first at privacy@dilog.ai — we will investigate and respond within 30 days
  2. If unsatisfied with our response, lodge a complaint with the relevant authority:
    • Australia: Office of the Australian Information Commissioner (OAIC)www.oaic.gov.au
    • New Zealand: Office of the Privacy Commissionerwww.privacy.org.nz
    • EU: Your local Data Protection Authority
    • California: California Privacy Protection Agencycppa.ca.gov

— End of Participant Privacy Policy —

All privacy policies