RAG development for Australian teams that need cited answers.

Strong. Indian Standard Time is UTC+5:30, AEDT is UTC+11, so our 9:30am IST is your 3pm AEDT — that gives roughly a four-hour afternoon overlap with Sydney, Melbourne, and Brisbane working days every weekday. For Perth (AWST, UTC+8), the overlap is even stronger — our 9:30am IST is your noon AWST, giving most of a working afternoon together. Daily standups, twice-weekly demos with retrieval-recall and citation-faithfulness numbers, and ad-hoc debugging on a missed retrieval all land inside your business hours without late-night calls on either side. Written async updates with eval-run numbers go out daily before your morning standup.

Yes. Engagement defaults align with the Privacy Act 1988 and the 13 Australian Privacy Principles. Every retrieval and generation call is audit-logged with query, retrieved passage IDs, citation faithfulness score, prompt version, and operator identity — exportable for an OAIC inquiry. A Privacy Impact Assessment is run for engagements processing personal information at scale or operating on sensitive information. For APP 8 (cross-border disclosure), the data flow is mapped explicitly in your DPA — exactly where personal information is processed and which overseas endpoints (if any) receive it. The refusal layer is wired in week one with a measurable out-of-scope rate so the system never fabricates an answer when the corpus is silent. The NDB scheme breach playbook is referenced and tabletop-exercised in week one.

Your call. We default to AWS ap-southeast-2 (Sydney), AWS ap-southeast-4 (Melbourne), Azure Australia East (Sydney), Azure Australia Central (Canberra) for federal-adjacent work, or GCP australia-southeast1 (Sydney) / australia-southeast2 (Melbourne). The vector index (pgvector, Qdrant, or Weaviate) lives where you specify. For LLM inference, we pin Claude or GPT-4o to an Australian or US region depending on what your DPA permits under APP 8, or we self-host Llama 3 on vLLM inside your VPC for zero overseas inference. Embedding models can be Australian-hosted for clients who refuse to send corpus passages to an overseas endpoint.

No — Aiinfox itself does not currently hold an IRAP assessment, and we will not pretend otherwise. We are a foreign engineering provider, not an Australian-hosted SaaS, so IRAP assessment of our own platform is not the relevant control. What we do for federal and defence-adjacent clients is structure the engagement so the RAG runs inside the customer's existing IRAP-assessed cloud boundary (typically AWS Australia or Azure Australia Central at PROTECTED classification); our engineers connect over a privileged-access path the customer's security team controls. If your engagement requires our own IRAP assessment, we will tell you on the first call and recommend an Australian provider that holds one.

A Privacy Act-aligned Data Processing Agreement covering APP entity obligations: processing only on documented instructions, security of personal information (APP 11), access and correction rights (APP 12 / 13), data quality, cross-border disclosure safeguards (APP 8), breach notification under the NDB scheme, and deletion or return of personal information at the end of the engagement. Mutual NDAs are signed before any technical detail or sample corpus is shared. For healthcare RAG, state-level health privacy agreements layer on top (HRIP NSW, HRA VIC, IP ACT QLD). For APRA-regulated clients, our DPA includes the documentation required under CPS 230 (operational risk) and CPS 234 (information security) for third-party service providers.

Either. Most repeat Australian clients move to a Master Services Agreement after the first engagement so subsequent RAG builds, evaluation work, and on-call retainers ship under a per-project Statement of Work without renegotiating the umbrella terms. For a first engagement, a standalone SOW with the DPA appended is the standard pattern. Legal turnaround is usually one to two weeks depending on your privacy officer and procurement review cadence; we work from your legal team's MSA template or provide ours.

Because pure vector retrieval drops obvious keyword matches that legal, financial, and clinical users in Australia notice immediately. The classic failure is a user searching for a specific Corporations Act section, an ASIC instrument number, an ASX ticker, a PBS item code, or a specific drug name — and the vector model returns a semantically similar but lexically wrong document. Hybrid retrieval (BM25 for high-precision keyword matches plus dense vectors for semantic recall, blended via reciprocal rank fusion) gives both. It is the default we ship for Australian legal, financial, and healthcare RAG because regulated users will not accept a system that misses the literal phrase they searched for.

Most v1 RAG engagements at Aiinfox land between AUD $50,000 and AUD $190,000 fixed-price for a focused build — a financial RAG, a medical-inquiry RAG, a legal research copilot, or a knowledge-base copilot. Larger multi-quarter engagements with bespoke embeddings, custom evals, IRAP-boundary integration, and a regulated platform integration typically reach AUD $230,000 to AUD $400,000. The cost difference versus a Sydney or Melbourne AI consultancy lands roughly 30 to 50 percent lower on senior rates — useful, but the headline is the engineer on your kickoff call writes your retrieval pipeline through launch, with no swap-out to a junior pool mid-engagement.