Privacy policy

Last updated: June 2026

OpenForte Group Pty Ltd (ACN 690 067 424; "we", "us", "our") operates Lemmatica, a web-based Goal Structuring Notation (GSN) editor for collaborative assurance case development. This Privacy policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information we collect

We collect information in the following categories:

• Account information — your name and email address, provided through our authentication provider (Kinde) when you create an account.
• Document content — assurance cases, GSN nodes, edges, and related data that you create and store within the service.
• Usage data— page views, feature usage, and interaction patterns collected to help us understand how the service is used and where to improve it.

2. How we use your information

We use the information we collect to:

• Provide, operate, and maintain the Lemmatica service.
• Authenticate your identity and manage your account.
• Enable real-time collaboration features, including shared editing, presence indicators, and document synchronisation.
• Analyse usage patterns to improve the service, fix issues, and develop new features.
• Communicate with you about service updates, security notices, and support inquiries.

3. Third-party services

We use the following third-party services to operate Lemmatica. Each service processes data in accordance with its own privacy policy:

• Kinde— authentication and user management. Processes your name, email, and login credentials. Tenant region: Sydney, Australia.
• Liveblocks— real-time collaboration infrastructure. Processes document content and presence data during active editing sessions. Region: United States (default).
• Railway— application and PostgreSQL database hosting. Region: us-west2 (Oregon, USA).
• PostHog— product analytics and session replay. We collect usage events (page views, feature interactions) and continuous session recordings to understand how the service is used and to diagnose issues. Form inputs are masked by default in recordings, and anonymous visitors are not profiled (only authenticated users are identified). Data is stored in the EU (Frankfurt).
• Sentry— error tracking, performance monitoring, and session replay. Captures uncaught exceptions with stack traces and breadcrumbs (the actions that led up to the error), plus performance traces for a sample of requests. Session replay records around 10% of sessions and 100% of sessions that encountered an error; by default, all text and form inputs are masked. Reports may include personal identifiers (IP address, user ID) and the URL of the affected request. Data is stored in the EU (Germany).

For each of these services, we rely on our legitimate interest in operating and improving Lemmatica as the lawful basis for processing under GDPR.

4. Data storage and security

The data controller is OpenForte Group Pty Ltd (ACN 690 067 424), an Australian company. Your data is stored across the regions of the third-party services listed above — the application and primary PostgreSQL database in Oregon (USA), authentication in Sydney (Australia), analytics and error tracking in Germany (EU), and real-time collaboration in the United States.

All data is encrypted in transit using TLS. We take reasonable measures to protect your information from unauthorised access, alteration, disclosure, or destruction.

While we implement industry-standard security practices, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

5. Data retention

We retain your account data for as long as your account remains active. Document content is retained for as long as your account is active or as required by the project owner. If you request deletion of your account, we will remove your personal data within 30 days, subject to any legal obligations requiring us to retain certain information.

Document data is owned by you and your organisation. You may export or delete your data at any time through the service.

6. Your rights

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete personal information.
• Delete your personal information and account.
• Export your data in a portable format.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

To exercise any of these rights, contact us at [email protected].

7. Cookies

Lemmatica uses minimal cookies, limited to those required for authentication session management. We do not use advertising cookies or third-party tracking cookies. Session cookies are essential for the service to function and cannot be disabled while using Lemmatica.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or an in-app notification. Your continued use of the service after any changes constitutes acceptance of the updated policy.

9. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

OpenForte Group Pty Ltd (ACN 690 067 424)
Canberra, Australia
[email protected]