Join Early Access

IT Security, AI & Data Compliance Policy

Effective Date: May 15, 2026

Product: Aleverum™
Operated By: Q Interactive Media Pty Ltd
Jurisdiction: New South Wales, Australia

Support Enquiries: support@aleverum.com
Privacy Enquiries: privacy@aleverum.com
Legal Enquiries: legal@aleverum.com

Aleverum™ is a proprietary AI infrastructure intelligence platform developed and licensed by Q Interactive Media Pty Ltd.

1. Purpose

This IT Security, AI & Data Compliance Policy explains how Q Interactive Media Pty Ltd manages security, AI governance, infrastructure protection, and data governance in connection with the Aleverum™ platform and related services.

Aleverum™ is an AI infrastructure intelligence platform designed to support Digital Product Passports, evidence-backed product intelligence, interoperability-ready product data, supplier governance workflows, and machine-readable product ecosystems.

This Policy outlines Aleverum’s approach to:

  • IT security and infrastructure protection
  • AI governance and responsible AI use
  • Product-data governance
  • Evidence handling workflows
  • Digital Product Passport security practices
  • Privacy and data protection
  • Access controls and governance workflows
  • Operational and technical risk management

Aleverum supports enterprise product intelligence and governance workflows. It does not replace legal, regulatory, auditor, certification, or professional advice.

Organisations remain responsible for verifying product information, ensuring regulatory compliance, and validating the accuracy of their own data and evidence.

2. Definitions

For the purposes of this Policy:

“Aleverum Platform”

Means the Aleverum website, platform, systems, APIs, databases, dashboards, workflows, integrations, and related infrastructure.

“Product Data”

Means information relating to products, materials, suppliers, components, certifications, lifecycle events, declarations, sustainability claims, or related records.

“Evidence Data”

Means supporting documents including certificates, declarations, audit records, test reports, compliance documents, chain-of-custody records, or related evidence.

“AI-Assisted Workflow”

Means any workflow involving artificial intelligence, machine learning, automated analysis, or semi-automated processing used to support product-data intelligence, review, evaluation, governance, or related functions.

“Personal Information”

Means information relating to an identifiable individual as defined under applicable privacy laws.

“Authorised Personnel”

Means employees, contractors, service providers, or approved representatives authorised to access relevant systems or information.

3. Platform and Infrastructure Security

Aleverum is designed to support secure and controlled management of product-data workflows, Digital Product Passports, and enterprise product intelligence systems.

Access to backend systems, administrative interfaces, APIs, databases, infrastructure environments, and related technical systems is restricted to authorised personnel only.

Security controls may include:

  • Secure authentication controls
  • Role-based access management
  • Controlled administrative access
  • Access monitoring and logging
  • Secure development workflows
  • Infrastructure maintenance processes
  • Security patching procedures
  • Backup and recovery planning
  • Environment segregation where appropriate
  • Incident escalation and response procedures

Aleverum may use industry-standard encryption protocols for data transmission and secure infrastructure controls where appropriate.

4. Access Controls and Governance

Aleverum is designed to support governance across product-data and evidence workflows.

The platform may support:

  • Role-based permissions
  • Approval workflows
  • Supplier access controls
  • Audit and review visibility
  • Version history
  • Evidence review states
  • Change tracking
  • Governance workflows
  • Verification status tracking
  • Controlled external sharing

Users should only access information and functionality required for their authorised role.

Unauthorised access attempts, misuse of data, credential sharing, or attempts to bypass security controls are prohibited.

5. Responsible AI Governance

Aleverum may use AI-assisted technologies to support:

  • Product-data extraction
  • Evidence analysis
  • Claim-to-evidence matching
  • Product intelligence workflows
  • Missing information detection
  • Supplier risk review
  • Readiness assessments
  • Governance and evaluation workflows
  • Machine-readable product intelligence

AI-assisted outputs are intended to support human review and governance processes and do not replace legal, regulatory, auditor, certification, or professional judgement.

Aleverum’s AI governance approach may include:

  • Human oversight of important workflows
  • Review before external reliance or publication
  • Controls designed to reduce unsupported outputs
  • Privacy and security review of AI workflows
  • Reduction of unnecessary personal information processing
  • Risk review for high-risk or sensitive workflows

Aleverum does not claim that AI replaces auditors, guarantees compliance outcomes, or fully automates regulatory decision-making.

6. Product Data and Evidence Governance

Aleverum is designed to support evidence-backed product intelligence and Digital Product Passport workflows.

The platform may support:

  • Evidence-linked product claims
  • Source traceability
  • Audit-ready workflows
  • Evidence expiry tracking
  • Verification indicators
  • Supplier governance workflows
  • Readiness assessments
  • Governance controls
  • Change history
  • Review and approval workflows

Organisations remain responsible for:

  • Product-data accuracy
  • Validity of claims
  • Completeness of evidence
  • Regulatory interpretation
  • Compliance obligations
  • Certification submissions
  • Final review before publication or sharing

7. Data Privacy and Protection

Where applicable, Q Interactive Media Pty Ltd manages personal information in accordance with applicable privacy and data protection laws.

Aleverum may collect limited personal information relating to:

  • Website enquiries
  • Product demonstrations
  • Early access requests
  • Platform communications
  • Business relationships
  • Operational support

Aleverum does not sell personal information.

Additional privacy information is available in the Aleverum Privacy Policy.

8. Cookies, Analytics, and Technical Data

The Aleverum website may use cookies, analytics technologies, and similar tools to support:

  • Website functionality
  • Usage analysis
  • Security monitoring
  • Performance improvement
  • Operational diagnostics

These tools may collect technical information such as browser type, device information, usage patterns, and interaction data.

Users may manage cookie settings through browser preferences where available.

9. Third-Party Services and Infrastructure

Aleverum may use third-party providers to support:

  • Cloud infrastructure
  • Hosting environments
  • Analytics
  • Security monitoring
  • Communication systems
  • AI-assisted services
  • Technical operations
  • Platform functionality

Third-party providers may process information under applicable contractual, operational, or technical arrangements.

10. Blockchain Integrity Records

Aleverum™ may support blockchain integrity records as an additional trust and auditability layer for Digital Product Passport workflows, evidence verification, and product transparency records.

Key passport, evidence, and verification events can be recorded to blockchain to support traceability, tamper resistance, audit-readiness, and trusted transparency across connected product-data ecosystems.

Blockchain functions as a supporting integrity layer alongside Aleverum™’s structured product data, evidence governance, verification workflows, and enterprise security controls.

11. Data Storage and Retention

Information may be retained for operational, security, governance, legal, audit, backup, or business continuity purposes.

Data that is no longer required may be:

  • Deleted
  • Archived
  • De-identified
  • Securely destroyed

Retention periods may vary depending on operational, legal, contractual, or governance requirements.

12. International Data Transfers

Depending on infrastructure and service providers used, information may be processed or stored outside Australia.

Where applicable, reasonable steps may be taken to ensure information is handled using appropriate safeguards and protections.

13. Incident Response and Data Breaches

Aleverum maintains procedures for identifying, assessing, escalating, managing, and responding to suspected security incidents or data breaches.

Incident response processes may include:

  • Incident identification and containment
  • Investigation and assessment
  • Evaluation of affected systems or information
  • Risk mitigation activities
  • Restoration of operations
  • Stakeholder notification where required
  • Internal review and remediation

Where required by law, relevant authorities or affected parties may be notified.

14. User Responsibilities

Users, employees, contractors, and authorised personnel must:

  • Protect login credentials
  • Use systems responsibly
  • Follow authorised access requirements
  • Avoid misuse of platform information
  • Avoid uploading unlawful or misleading content
  • Avoid unauthorised disclosure of information
  • Avoid unsafe or non-compliant use of AI-assisted workflows

Users must not:

  • Attempt unauthorised access
  • Bypass access controls
  • Interfere with system security
  • Misrepresent compliance or certification status
  • Upload malicious or unlawful content
  • Misuse supplier or evidence data
  • Share credentials with unauthorised persons

Q Interactive Media Pty Ltd may suspend, restrict, investigate, or terminate access where misuse or security risk is identified.

15. Standards and Interoperability References

Aleverum may reference standards-aligned workflows, interoperability principles, Digital Product Passport ecosystems, assurance workflows, and machine-readable product-data frameworks.

References to standards, interoperability, or ecosystem compatibility are capability-based or design-intent based only unless formally confirmed.

Aleverum does not claim formal endorsement, certification, approval, or partnership with any standards body, regulator, certification organisation, or third-party platform unless officially confirmed.

16. Policy Updates

This Policy may be updated periodically to reflect changes in:

  • Technology
  • Infrastructure
  • AI-assisted workflows
  • Security practices
  • Regulatory guidance
  • Business operations
  • Platform functionality

Updated versions may be published with a revised effective date.

17. Contact Information

For security, privacy, governance, or policy enquiries:

Q Interactive Media Pty Ltd
Aleverum™ Platform

Support:
support@aleverum.com

Privacy:
privacy@aleverum.com

Legal:
legal@aleverum.com

18. Legal Review Notice

This Policy is provided as a draft operational and website policy and should be reviewed by qualified legal counsel before publication or operational reliance.

Scroll to Top