top of page

PoCoEng — Privacy Policy

Effective Date: 12 May 2026
Last Updated: 12 May 2026

This Privacy Policy describes how CoEng Pty Ltd (ABN 15 660 263 249) ("CoEng", "we", "us", "our") collects, uses, stores, and protects information in connection with PoCoEng ("Po", "the App"), our AI-powered assistant available through Microsoft Teams.

CoEng is committed to protecting the privacy of its employees, contractors, and authorised users in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

When you interact with Po, we may collect and process the following information:

1.1 User Identity Information

  • Microsoft Teams user ID — your unique identifier within the Teams platform

  • Display name — your name as configured in Microsoft Teams

  • Conversation context — whether you are chatting in a personal chat, group chat, or channel

This information is provided automatically by the Microsoft Teams platform when you interact with Po.

1.2 Conversation Data

  • Messages you send to Po — the text content of your queries and instructions

  • Po's responses — AI-generated replies provided to you

  • Conversation history — stored temporarily to maintain context within ongoing conversations

1.3 Usage Metadata

  • Timestamps of interactions

  • Channel and team identifiers — to determine project context

  • Intent classification data — the type of request detected (e.g., knowledge query, invoice lookup, note saving)

1.4 Business Data Accessed

Po accesses the following CoEng business systems on your behalf:

  • SharePoint — project documents, reports, technical files, and Knowledge Centre resources

  • Xero — invoice data, bill data, contact information, and purchase orders

  • Internal knowledge base — indexed project documentation and embedded search data

Po does not store copies of SharePoint files or Xero records. It queries these systems in real time and returns relevant information within the conversation.

1.5 Information We Do NOT Collect

  • We do not collect personal health information

  • We do not collect personal financial information unrelated to CoEng business

  • We do not collect biometric data

  • We do not access your personal Teams chats, emails, or files outside of direct interactions with Po

2. How We Use Your Information

We use the information collected through Po for the following purposes:

  • Responding to your queriesMessages, conversation history, business data

  • Maintaining conversation contextConversation history (7-day rolling window)

  • Project context detectionChannel name, team identifiers

  • Improving Po's knowledgeAnonymised conversation patterns (via brain learning)

  • User preferences and memoryFacts you explicitly ask Po to remember (e.g., "remember my name is Grant")

  • Drafting invoices and billsYour instructions, Xero contact and project data

  • Project notesNotes you explicitly save through Po in channel contexts

  • System administration and troubleshootingUsage metadata, error logs

3. Data Storage and Retention

3.1 Conversation History

  • Conversation messages are stored in a secure PostgreSQL database hosted on Neon (cloud database provider) in the Asia-Pacific (Sydney) region.

  • Conversation history is automatically deleted after 7 days.

  • Each conversation is isolated by conversation ID — other users cannot access your personal chat history with Po.

3.2 Project Notes

  • Notes you save through Po are stored in the database and retained until explicitly marked as complete.

  • Notes are associated with a project number and are visible to other CoEng staff accessing the same project channel.

3.3 User Memory

  • If you ask Po to "remember" something, that fact is stored in the database linked to your Teams user ID.

  • You can ask Po what she remembers about you at any time.

  • Memory entries are retained until you ask Po to forget them or they are manually removed.

3.4 Brain Learning

  • Po may extract general learnings from conversations (e.g., "Project 422 involved transformer testing") to improve future responses.

  • These learnings are generalised and non-personal — they capture project knowledge, not personal information.

  • Learnings are stored in the database and used to enhance the quality of Po's responses for all users.

3.5 Draft Invoices and Bills

  • Pending draft data (invoice/bill details awaiting your confirmation) is stored temporarily in the database.

  • Once confirmed or cancelled, pending draft data is deleted.

  • Finalised drafts are created in Xero and subject to Xero's own data retention policies.

4. Third-Party Services

Po integrates with the following third-party services:

  • Abacus AI (LLM API)AI response generationYour message text, conversation context, and relevant document excerpts are sent to the LLM for processing

  • Microsoft Teams (Bot Framework)Chat platformMessages, user identity, conversation metadata

  • Microsoft SharePointDocument accessSearch queries, file content retrieval

  • XeroAccounting dataProject numbers, invoice queries, draft creation data

  • Neon (PostgreSQL)Database hostingAll stored data as described in Section 3

Important Note on AI Processing

Your messages and relevant document context are sent to Abacus AI's LLM API for processing. This means your query text and related knowledge base excerpts are transmitted to Abacus AI's servers to generate responses. Abacus AI's own privacy and data handling policies apply to this processing. We recommend reviewing Abacus AI's privacy policy for details.

We do not send personal information to the LLM beyond what is contained in your message and the relevant business documents.

5. Data Security

We implement the following security measures to protect your data:

  • Encryption in transit — all communications between Po and its backend services use HTTPS/TLS encryption

  • Database encryption — the PostgreSQL database uses encrypted connections (SSL/TLS)

  • Access controls — Po is restricted to authorised CoEng Teams users; the backend API is protected by API key authentication

  • No local file storage — Po does not store files on local servers; all document access is performed via authenticated API calls to SharePoint and Xero

  • Automatic data expiry — conversation history is automatically purged after 7 days

  • No-deletion policy — Po cannot delete any data from connected systems (SharePoint, Xero), reducing the risk of accidental data loss

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information.

We may share information in the following limited circumstances:

  • Within CoEng — project notes and knowledge base learnings are accessible to other authorised CoEng staff

  • Third-party service providers — as described in Section 4, solely for the purpose of operating Po

  • Legal requirements — if required by law, regulation, legal process, or government request

  • Business transfers — in the event of a merger, acquisition, or sale of CoEng's assets, data may be transferred as part of the business

7. Your Rights

As an authorised user of Po, you have the right to:

  • Access — request a summary of the data Po holds about you (conversation history, memory, notes)

  • Correction — request correction of any inaccurate information

  • Deletion — request deletion of your memory entries, notes, or conversation history

  • Opt out — stop using Po at any time; no data will be collected from interactions that don't occur

To exercise these rights, contact your CoEng administrator or email us at the address below.

8. Children's Privacy

Po is not intended for use by individuals under the age of 18. We do not knowingly collect information from minors.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in Po's functionality, our data practices, or applicable laws. The updated version will be posted at this URL with a revised "Last Updated" date.

We encourage you to review this policy periodically.

10. Governing Law

This Privacy Policy is governed by the laws of New South Wales, Australia, and the Australian Privacy Act 1988 (Cth).

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or Po's handling of your data, please contact:

CoEng Pty Ltd
Privacy Officer
Email: nathan.spencer@coeng.biz
Website: https://coeng.biz
Phone: +61 439 511 836

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

1300 676 121

  • Youtube
  • LinkedIn

©2025 by CoEng Pty Ltd. 

bottom of page