Privacy Policy

Entity: AI Point Pty Ltd ("we", "our", "us")
ABN: 32 667 971 388
Location: Sydney, New South Wales, Australia
Last Updated: 31 oct 2025

‍

1. Our Commitment to Privacy

We respect your privacy and are committed to protecting your personal information in accordance with:

• Privacy Act 1988 (Cth)
• Australian Privacy Principles (APPs)
• Spam Act 2003 (Cth)

This Policy applies to:

• Website visitors
• Consulting and professional services clients
• Course and training participants
• Community members (via Skool platform)
• Marketing and data enrichment service clients

‍

2. What Personal Information We Collect

2.1 Information You Provide

• Name, email address, phone number
• Business name, role/title, and company information
• Payment and billing information
• Communications and interactions with our platform
• LinkedIn profile information (when you engage with our outreach)
• Marketing preferences and communication history

2.2 Information We Collect Automatically

• IP address, browser type, and device information
• Usage data (pages visited, time on site, links clicked)
• Cookies and analytics data

2.3 Lawful Basis for Collection

We collect your personal information because:

• You've given consent (e.g., submitting a form, signing up for a course)
• We need it to perform a contract (e.g., delivering services, processing payments)
• We have a legal obligation (e.g., tax, regulatory requirements)
• We have a legitimate interest (e.g., improving services, marketing, analytics)

Providing information is generally optional, but if you don't provide certain details, we may be unable to deliver some or all of our services.

‍

3. When We Process Data on Your Behalf (Data Processing)

3.1 Data Controller vs. Data Processor

When you engage us for data enrichment, analytics, or automation services:

• You are the data controller (responsible for the data)
• We are the data processor (handling data according to your instructions)
• You remain responsible for:
  • Obtaining legal rights to provide us with the data
  • Obtaining consent from individuals whose data you provide
  • Compliance with Privacy Act 1988 (Cth), Spam Act 2003 (Cth), and GDPR (if applicable)

3.2 Data Processing Addendum (DPA)

NEW: For all data processing engagements, we will execute a Data Processing Addendum that specifies:

• Scope and duration of data processing
• Security measures and compliance obligations
• How long we retain data
• When and how we delete/return your data
• Your rights and our obligations as processor
• Sub-processor arrangements (third-party tools we use)

This DPA is legally binding and protects both you and us.

3.3 Data Enrichment and Third-Party Sources

When we enrich your data using third-party sources:

• We use commercially available data providers (such as Apollo.io, Clay.com, and others)
• Enriched data may come from public records, website data, business directories, and commercial databases
• You warrant that you have legal basis to process and enrich this data
• You are responsible for:
  • Validating enriched data before use in campaigns (checking for accuracy, duplicates, compliance)
  • Obtaining fresh consent from individuals before marketing to enriched contacts
  • Ensuring enriched data complies with Spam Act and Privacy Act
  • Complying with any overseas privacy laws (e.g., GDPR for EU contacts)
  • Testing enriched data in small batches before full-scale deployment
• We are not liable for:
  • Inaccurate or incomplete enriched data
  • Your failure to validate before use
  • Regulatory violations from improper use of enriched data

3.4 Data Retention and Deletion

• During engagement: We retain data as necessary to provide services
• After engagement: We securely delete client customer data within 30 days unless contractually agreed otherwise
• Exceptions: We may retain aggregated, anonymized data for service improvement and analytics
• Your request: You can request deletion of your data at any time (we'll confirm deletion within 30 days, except where legal obligations require retention)

‍

4. International Data Transfers and GDPR Compliance

4.1 When Your Data Involves EU Residents

If you provide us with data that includes individuals located in the European Union or any jurisdiction with GDPR-equivalent protections:

• You warrant: You have legal basis to transfer such data to Australia
• We will:
  • Execute a Data Processing Addendum compliant with GDPR Article 28
  • Implement Standard Contractual Clauses (SCCs) or other legally compliant transfer mechanisms
  • Process data only according to your documented lawful basis
  • Respect data subject rights (access, erasure, portability, objection)
• You must:
  • Obtain valid consent or establish lawful basis under GDPR
  • Conduct a Data Protection Impact Assessment (DPIA) if processing is high-risk
  • Maintain documentation of consent and lawful basis
  • Notify individuals that their data may be transferred to Australia
• We are not liable for your breach of GDPR or other international privacy laws

4.2 Data Transfers to Third Parties

We may transfer personal information to trusted third-party service providers located outside Australia, including:

• Cloud infrastructure providers (AWS, Google Cloud, Microsoft Azure) - US
• AI service providers (Anthropic, OpenAI) - US
• Data enrichment providers (Apollo.io, Clay.com) - US/EU
• Automation platforms (n8n, Make.com, Zapier) - EU/US

We take reasonable steps to ensure these providers:

• Comply with Australian Privacy Principles or equivalent protections
• Have contractual data protection obligations
• Implement appropriate security measures
• Are certified under frameworks like EU-US Data Privacy Framework (where applicable)

‍

5. How We Use Your Information

We use your personal information to:

• Deliver, operate, and improve our AI automation, data enrichment, and analytics services
• Build and optimize marketing campaigns and workflows
• Enrich marketing databases and customer profiles (with your instruction)
• Provide marketing analytics and insights
• Respond to inquiries and provide customer support
• Process payments and manage subscriptions
• Send service-related and marketing communications (with appropriate consent)
• Perform analytics and research to improve our services
• Manage community membership and deliver training programs
• Comply with legal and regulatory obligations

‍

6. Sensitive Information

We do not intentionally collect sensitive personal information (health, biometric, political, religious data) unless:

• You explicitly consent
• It's required for a specific service you've requested
• We've obtained written authorization

If we need sensitive information, we'll request explicit consent and handle it with enhanced protection measures.

‍

7. AI Services and Data Processing

7.1 AI Service Providers

We use artificial intelligence services (Anthropic Claude, OpenAI, and others) to provide automation, analytics, and enrichment services.

How your data is used with AI services:

• Data sent to AI providers for processing is subject to their terms and privacy policies
• We use enterprise tiers with enhanced privacy protections where available
• Important: Data sent to AI providers for analysis is typically NOT retained by them for model training (but this varies by provider—check their terms)
• We do NOT use your data to train AI Point's proprietary systems
• We may use aggregated, anonymized, de-identified data to improve our services

7.2 Automated Decision-Making

If we use AI to make automated decisions that significantly affect you or your customers:

• We will inform you about the automated processing
• We provide human review and appeal options where required
• We comply with Privacy Act requirements regarding automated decision-making
• If you're using our AI recommendations for decisions affecting individuals: You must comply with privacy laws (including GDPR Article 22 if applicable)

7.3 AI Limitations

• AI-generated outputs may contain inaccuracies, biases, or errors
• You must independently verify AI outputs before critical business decisions
• AI is not a substitute for professional advice (legal, financial, medical, tax)
• AI recommendations are suggestions only, not guaranteed outcomes

‍

8. LinkedIn Data

8.1 LinkedIn Data Collection and Use

If our Services involve LinkedIn profile data or LinkedIn-sourced information:

• You warrant: Your use complies with LinkedIn's Terms of Service and Data Policy
• You agree: Data from LinkedIn will be used only for purposes permitted by LinkedIn
• You warrant: Data will not be re-scraped, re-sold, or combined with other data without LinkedIn consent
• You are responsible for: Immediate compliance if LinkedIn issues a cease-and-desist notice
• We are not liable for: LinkedIn policy violations, account suspension, or changes to LinkedIn's policies

‍

9. Third-Party Services and Integrations

Our Services may integrate with or use third-party platforms:

• Cloud infrastructure (AWS, Azure, Google Cloud)
• AI services (Anthropic, OpenAI, others)
• Data enrichment tools (Apollo.io, Clay.com, etc.)
• Automation platforms (n8n, Make.com, Zapier)
• Community platform (Skool)
• Analytics tools (Google Analytics, etc.)

Important:

• Your use of these services is subject to their respective terms and privacy policies
• We are not responsible for third-party service failures, data breaches, or policy changes
• You are responsible for reviewing third-party terms before using integrated services

‍

10. Cookies & Analytics

We use cookies and analytics tools (Google Analytics, Segment, etc.) to:

• Understand user behavior and site usage
• Improve our website and services
• Personalize your experience

Your choices:

• Manage cookie settings via your browser preferences
• Opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout
• Email us to request no-tracking

‍

11. Marketing Communications

11.1 Marketing Emails and Communications

We may send you marketing emails about our services, courses, community, and industry insights.

You can opt out at any time by:

• Clicking the "unsubscribe" link in any email
• Updating preferences in your account settings
• Contacting us directly

We will continue to send:

• Transactional emails (receipts, confirmations, invoices)
• Service-related communications (important updates, security notices)

11.2 Spam Act Compliance

All marketing communications comply with the Spam Act 2003 (Cth):

• We include clear identification of our business
• We include valid contact information
• We honor unsubscribe requests within 5 business days

‍

12. Your Rights

12.1 Access and Correction

You have the right to access and correct personal information we hold about you.

To request access or correction:

• Contact us (details at end of this policy)
• We may verify your identity before providing access
• We will respond within 30 days (or explain why we need more time)
• We may charge a small administrative fee where permitted by law

12.2 Right to Delete ("Right to be Forgotten")

You may request deletion of your personal data at any time.

Important:

• Some data may be retained in backup systems for a limited period
• We may retain aggregated, de-identified data
• Legal, accounting, or regulatory requirements may require retention of certain records
• We will confirm deletion within 30 days or explain why deletion isn't possible

12.3 Other Rights (GDPR and Privacy Act)

If you're an EU resident, you also have the right to:

• Data portability (receive your data in structured, portable format)
• Object to processing
• Restrict processing
• Lodge a complaint with supervisory authority

Contact us to exercise these rights.

‍

13. Data Security

We take reasonable steps to protect your personal information using:

• Encrypted communications (HTTPS, SSL/TLS)
• Access controls and authentication mechanisms
• Secure cloud infrastructure (AWS with security best practices)
• Regular security assessments and updates
• Staff training on privacy and security
• Secure deletion and disposal procedures

Important: No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we maintain industry best practices.

‍

14. Data Breach Notification

14.1 If a Data Breach Occurs

If we experience a data breach that's likely to cause serious harm, we will:

• Notify affected individuals as soon as practicable (without undue delay)
• Notify the Office of the Australian Information Commissioner (OAIC)
• Take steps to remediate the breach and prevent recurrence
• This complies with the Notifiable Data Breaches scheme under the Privacy Act

14.2 If a Third-Party Tool is Breached

If a third-party service provider (AWS, n8n, Apollo.io, etc.) experiences a breach:

• We will notify you as soon as we become aware
• We will provide guidance on steps to take
• We are not liable for third-party breaches (see Terms & Conditions)

‍

15. Your Consent and Warranties

15.1 If You Provide Us with Others' Data

If you provide us with personal data of third parties:

• You warrant:
  • You have legal authority to provide this data to us
  • Individuals have consented to our use, OR you have another lawful basis under Privacy Act/GDPR
  • Data is accurate and current
  • You've informed individuals about our data processing (reference to this Privacy Policy)
  • You'll promptly notify us if individuals withdraw consent
• You indemnify us against claims that data provision violates privacy law or individuals' rights

‍

16. Children's Privacy

Our Services are not directed to individuals under 18 years old. We do not knowingly collect personal information from children.

If we become aware we've collected information from a child, we will delete it promptly.

‍

17. Retention of Your Data

We retain personal data only as long as needed to:

• Fulfill the purposes for which it was collected
• Comply with legal obligations (typically 7 years for financial records)

Once no longer needed, data is securely destroyed or de-identified.

Data retention periods:

• Marketing list data: 3 years (or until you unsubscribe + 6 months)
• Client project data: Duration of engagement + 30 days
• Financial records: 7 years (tax and accounting requirements)
• Course access data: 2 years after course completion
• Community data: Until membership cancellation + 1 year

‍

18. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in legal obligations
• New technology or practices
• Changes to our business

How we'll notify you:

• Material changes will be posted on our website
• We'll send email notification for significant changes
• The "Last Updated" date at the top will be revised
• Continued use of our services after changes indicates your acceptance

‍

19. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

AI Point Pty Ltd
Sydney, NSW 2085, Australia
ABN: 32 667 971 388

‍

20. Complaints and Escalation

If you have concerns about how we handle your personal information:

Step 1: Contact Us

• Email us with your complaint and what happened
• We will investigate and respond within 30 days
• If resolved, no further action needed

Step 2: Escalate to OAIC (if not satisfied)If you're not satisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

For EU Residents: You may also lodge a complaint with your local data protection authority (supervisory authority).

‍

21. Governing Law

This Privacy Policy is governed by the laws of New South Wales, Australia, and the Privacy Act 1988 (Cth).

By using AI Point's Services, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices.