Privacy Policy

1. Information We Collect

We collect personal information that is reasonably necessary for our business functions. The types of information we collect include:

• →Identity information: name, job title, company name
• →Contact information: email address, phone number, business address
• →Usage data: pages visited, features used, session duration (via analytics)
• →Communication data: emails, messages, and enquiries sent to us
• →Payment information: processed via third-party payment processors; we do not store card details
• →Client business data: documents and content provided for service delivery (e.g., for RAG systems)

We collect information directly from you, from your use of our services, and in some cases from third parties (such as referral partners). We do not collect sensitive information (as defined under the APPs) unless you provide it voluntarily and we have your consent.

2. How We Use Information

We use your personal information for the primary purpose for which it was collected, and for related secondary purposes you would reasonably expect. Specifically, we use information to:

• →Deliver and improve our Services
• →Respond to enquiries and communicate with you
• →Process payments and manage billing
• →Provide technical support
• →Send service updates and relevant communications (with your consent)
• →Comply with legal obligations
• →Analyse usage patterns to improve our products (using anonymised or aggregated data where possible)

3. Disclosure of Information

We do not sell, rent, or trade your personal information. We may disclose your information to:

Service providers: Third-party vendors who assist in delivering our Services, including cloud infrastructure providers, payment processors, and communication tools. We require these providers to handle your information securely and in accordance with applicable privacy laws.

Legal requirements: When required by law, court order, or regulatory authority, or when necessary to protect the rights, property, or safety of SOTAStack AI, our clients, or the public.

Where we disclose information to overseas recipients, we take steps to ensure that the recipient handles the information in a manner consistent with the APPs, as required by APP 8.

4. Data Storage & Security

Our infrastructure is primarily self-hosted in Australia, aligned with our commitment to Australian data sovereignty. Client data processed through our AI systems (including RAG knowledge bases) is stored on infrastructure controlled by SOTAStack AI or our verified Australian hosting partners.

We implement reasonable technical and organisational security measures to protect your information from unauthorised access, disclosure, alteration, or destruction. These measures include access controls, encryption in transit, and regular security reviews.

We retain personal information for as long as necessary to deliver our Services and meet legal obligations. When information is no longer required, we take reasonable steps to destroy or de-identify it, consistent with APP 11.

5. Your Rights

Under the Privacy Act 1988 and the APPs, you have the right to:

• →Request access to the personal information we hold about you (APP 12)
• →Request correction of inaccurate, outdated, or incomplete information (APP 13)
• →Make a complaint about how we handle your personal information
• →Opt out of direct marketing communications at any time

To exercise these rights, please contact us using the details in Section 6. We will respond to access and correction requests within 30 days. In some circumstances, we may be unable to provide access to certain information (for example, where it would reveal information about another individual, or for legal reasons). If we decline a request, we will provide written reasons.

6. Contact & Complaints

If you have questions about this Privacy Policy or how we handle your personal information, please contact us at:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.