Privacy Policy

Service Provider: ExpertEase AI/Quantum Pulse Pty Ltd
ABN: 78 671 001 675
Address: Level 21, 25 Grenfell Street, Adelaide, South Australia 5000
Website: https://experteaseai.com
Contact: https://experteaseai.com/contact-us

Effective Date: 21 June 2025
Last Updated: 21 June 2025

COMMITMENT TO PRIVACY

ExpertEase AI (“we,” “us,” “our,” or “the Company”) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use our artificial intelligence services, autonomous AI agents, and related platforms.

Australian Data Sovereignty: All personal information and data is processed and stored within Australian borders unless explicitly agreed otherwise in writing with the user. We are proudly Australian-owned and operated, ensuring your data remains under Australian jurisdiction and protection.

1. INFORMATION WE COLLECT

1.1 Personal Information You Provide

When you use our services, we may collect:

Account Information:

• Full name and business contact details
• Email address and phone number
• Organisation name and ABN/ACN
• Business address and industry sector
• Job title and role within organisation
• Payment and billing information
• User credentials and authentication data

Service Usage Information:

• AI chatbot configurations and customisations
• Training data and knowledge base uploads
• Conversation logs and chat histories
• Voice recordings and transcripts (where Voice AI is used)
• Custom automation workflows and integrations
• Support requests and communications

End User Data (when you deploy our AI services):

• Chat conversations between your customers and AI agents
• Personal information shared during AI interactions
• Customer service inquiries and responses
• Usage analytics and interaction patterns
• Any personal or business information disclosed to AI assistants you create

1.2 Information Automatically Collected

Website Usage Data:

• IP address and location data
• Browser type and operating system
• Device information and screen resolution
• Pages visited and time spent on our website
• Referral sources and exit pages
• Date and time of access

Service Performance Data:

• System logs and error reports
• Response times and service availability
• Feature usage and adoption metrics
• Security event logs and access patterns

1.3 Information from Third Parties

We may receive information about you from:

• Business partners and referral sources
• Third-party integrations you authorise (CRM systems, etc.)
• Public business directories and professional networks
• Payment processors and financial institutions
• Identity verification services

2. USE OF THE WEBSITE

2.1 Lawful Basis for Processing

We process personal information under the following lawful bases:

• Consent: Where you have provided explicit consent
• Contract Performance: To provide services under our Terms and Conditions
• Legitimate Interests: For business operations, security, and service improvement
• Legal Compliance: To meet Australian regulatory requirements

2.2 Purpose of Data Collection

We use your personal information to:

Service Delivery:

• Provide access to AI chatbot and automation services
• Process and respond to AI training data uploads
• Enable voice AI and conversational capabilities
• Facilitate custom integrations and workflows
• Provide customer support and technical assistance

Account Management:

• Create and maintain user accounts
• Process payments and manage subscriptions
• Send service notifications and updates
• Verify identity and prevent unauthorised access
• Manage user permissions and access controls

Business Operations:

• Improve our AI models and service performance
• Develop new features and capabilities
• Conduct research and analytics for service enhancement
• Ensure system security and prevent fraud
• Comply with legal and regulatory obligations

Marketing and Communications:

• Send product updates and announcements
• Provide information about new features
• Conduct customer satisfaction surveys
• Share relevant industry insights and content
• Invite participation in events and webinars

3. COOKIES AND TRACKING TECHNOLOGIES

3.1 Types of Cookies We Use

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance optimisation
• User preference storage

Analytics Cookies:

• Website usage and traffic analysis
• Feature adoption and user behaviour tracking
• Performance monitoring and error reporting
• A/B testing and service optimisation

Marketing Cookies:

• Advertising effectiveness measurement
• Personalised content delivery
• Social media integration
• Remarketing and conversion tracking

3.2 Third-Party Tracking

We may use third-party services for:

• Google Analytics for website traffic analysis
• Microsoft Application Insights for service monitoring
• Customer support platforms for service delivery
• Payment processors for transaction processing

3.3 Cookie Management

You can control cookies through:

• Browser settings to block or delete cookies
• Opt-out mechanisms provided by third-party services
• Our cookie preference centre (where available)
• Direct contact with our privacy team

Note: Disabling essential cookies may impact service functionality.

4. SHARING INFORMATION WITH THIRD PARTIES

4.1 Australian Data Processing Commitment

Primary Principle: All personal information and data is processed and stored within Australian borders unless you provide explicit written consent for alternative arrangements. This ensures your data remains under Australian privacy law protection.

4.2 Limited Third-Party Sharing

We may share personal information with:

Microsoft Azure Services:

• Cloud infrastructure and hosting services
• AI model processing and computation
• Security and monitoring services
• Data backup and disaster recovery
• Location: All Microsoft Azure services are utilised within Australian data centres

Essential Service Providers:

• Payment processors (Stripe, PayPal) for transaction processing
• Customer support platforms for service delivery
• Identity verification services for account security
• Legal and accounting firms for professional services
• Data Transfer: Only when necessary and with appropriate safeguards

Business Transfer Scenarios:

• Merger, acquisition, or sale of business assets
• Corporate restructuring or reorganisation
• Insolvency or bankruptcy proceedings
• Protection: All transfers subject to equivalent privacy protections

Legal Disclosure Requirements:

• Court orders or legal proceedings
• Law enforcement requests with proper authority
• Regulatory investigations and compliance
• Protection of rights, property, or safety
• Scope: Limited to information specifically required

4.3 International Data Transfers

Default Position: No international data transfers without explicit written consent.

Exception Process: If international processing is requested:

• Written consent obtained specifying countries and purposes
• Adequate protection mechanisms implemented
• Regular monitoring and compliance verification
• Right to withdraw consent and repatriate data

5. DATA SUBJECT RIGHTS

Under the Australian Privacy Principles, you have the following rights:

5.1 Access Rights

• Request confirmation of what personal information we hold
• Obtain copies of your personal information
• Understand how your information is being used
• Receive information about data sharing arrangements

5.2 Correction Rights

• Request correction of inaccurate or incomplete information
• Update your account and profile information
• Amend records to reflect current circumstances
• Seek correction of information held by third parties on our behalf

5.3 Deletion Rights

• Request deletion of personal information where appropriate
• Withdraw consent for processing where consent was the lawful basis
• Object to processing based on legitimate interests
• Request cessation of direct marketing communications

5.4 Portability Rights

• Request personal information in a structured, machine-readable format
• Transfer information to another service provider
• Receive assistance with data migration where technically feasible

5.5 Objection Rights

• Object to processing for direct marketing purposes
• Object to automated decision-making affecting you
• Opt-out of non-essential data processing activities
• Restrict processing while disputes are resolved

5.6 Exercising Your Rights

To exercise these rights:

• Email: privacy@experteaseai.com
• Phone: +61 424 014 661
• Mail: Privacy Officer, Level 21, 25 Grenfell Street, Adelaide SA 5000
• Online: Through your account settings (where available)

Response Time: We will respond within 30 days of receiving your request.

6. DATA PROTECTION MECHANISMS

6.1 Technical Safeguards

Infrastructure Security:

• Microsoft Azure enterprise-grade security architecture
• End-to-end encryption for data in transit and at rest
• Multi-factor authentication and access controls
• Regular security assessments and penetration testing
• Intrusion detection and monitoring systems

Access Controls:

• Role-based access permissions
• Principle of least privilege implementation
• Regular access reviews and deprovisioning
• Segregation of duties for sensitive operations
• Audit logging of all access activities

Data Classification:

• Automated data discovery and classification
• Sensitivity labelling and handling procedures
• Data loss prevention (DLP) controls
• Information rights management
• Secure disposal and sanitisation procedures

6.2 Operational Safeguards

Staff Training:

• Regular privacy and security awareness training
• Incident response and breach notification procedures
• Confidentiality agreements and background checks
• Clear policies and procedures for data handling
• Regular compliance monitoring and auditing

Vendor Management:

• Due diligence and security assessments
• Contractual privacy and security obligations
• Regular monitoring and compliance verification
• Incident notification and response requirements
• Data processing agreements with all vendors

6.3 Compliance Frameworks

We maintain compliance with:

• ISO 27001 Information Security Management
• SOC 2 Type II security and availability standards
• Australian Government Information Security Manual (ISM)
• Privacy Act 1988 (Cth) and Australian Privacy Principles
• Industry-specific regulations as applicable

7. DATA STORAGE AND RETENTION

7.1 Storage Location and Infrastructure

Primary Storage:

• All personal information stored in Microsoft Azure Australia regions
• Data centres located in Melbourne and Sydney
• No offshore processing without explicit written consent
• Full data sovereignty under Australian jurisdiction

Microsoft Azure Partnership: We inherit robust privacy and cybersecurity protections from Microsoft Azure, including:

• Enterprise-grade encryption and security controls
• Comprehensive compliance certifications
• Advanced threat protection and monitoring
• Regular security updates and patches
• Disaster recovery and business continuity capabilities

7.2 Data Retention Periods

Account Information:

• Active accounts: Duration of service relationship
• Closed accounts: 7 years for accounting and legal compliance
• Marketing data: Until consent is withdrawn
• Support records: 3 years from last interaction

Service Data:

• AI training data: Until explicitly deleted by user
• Conversation logs: 2 years unless extended retention requested
• Usage analytics: 3 years for service improvement
• Security logs: 7 years for audit and compliance purposes

Legal Requirements:

• Financial records: 7 years (Australian taxation law)
• Employment records: 7 years (Fair Work Act)
• Dispute-related data: Until resolution plus 6 years
• Regulatory compliance data: As required by applicable regulations

7.3 Data Disposal

When retention periods expire:

• Secure deletion using industry-standard methods
• Certificate of destruction provided upon request
• Verification of complete data removal
• Update of all backup and archive systems

8. END USER DATA PROCESSING

8.1 Three-Tier Data Protection Model

When you deploy our AI services that interact with your end users:

Tier 1: Your relationship with ExpertEase AI Tier 2: Your relationship with your end users Tier 3: Our processing on behalf of both you and your end users

8.2 End User Data Categories

Data we may process on behalf of your end users includes:

• Personal information shared during AI conversations
• Customer service inquiries and support requests
• Business information disclosed during interactions
• Usage patterns and interaction analytics
• Voice recordings and transcripts (where applicable)

8.3 Your Responsibilities for End User Data

You must:

• Obtain appropriate consents from your end users
• Maintain your own privacy policy covering end user interactions
• Comply with privacy laws for your end user relationships
• Inform end users about data processing through our platform
• Respond to end user privacy requests and complaints

8.4 Our Commitments for End User Data

We commit to:

• Apply the same security standards to all data tiers
• Prevent cross-contamination between different users’ end user data
• Maintain segregated storage ensuring complete data isolation
• Process end user data only as instructed by you
• Never use end user data for model training without explicit consent

9. AUTOMATED DECISION-MAKING

9.1 AI-Powered Processing

Our services may involve automated decision-making through:

• AI model responses and recommendations
• Content filtering and moderation
• Fraud detection and security monitoring
• Service personalisation and optimisation

9.2 Your Rights

You have the right to:

• Be informed about automated decision-making affecting you
• Request human review of automated decisions
• Challenge or appeal automated decisions
• Understand the logic and implications of automated processing

9.3 Safeguards

We implement safeguards including:

• Regular algorithm auditing and bias testing
• Human oversight of significant automated decisions
• Clear explanation of automated decision-making processes
• Mechanisms for challenging and reviewing decisions

10. CROSS-BORDER DATA TRANSFERS

10.1 Default Australian Processing

Standard Practice: All personal information is processed and stored within Australia using Microsoft Azure’s Australian data centres.

10.2 International Transfer Exceptions

International transfers may occur only:

• With your explicit written consent
• For specific business purposes you have approved
• With adequate protection mechanisms in place
• Under emergency circumstances to protect vital interests

10.3 Protection Mechanisms

When international transfers are authorised:

• Standard contractual clauses implementation
• Adequacy assessments of destination countries
• Binding corporate rules compliance
• Regular monitoring and compliance verification

11. SECURITY INCIDENT RESPONSE

11.1 Incident Detection and Response

We maintain 24/7 monitoring and incident response capabilities:

• Automated threat detection and alerting
• Rapid containment and mitigation procedures
• Forensic investigation and root cause analysis
• Communication and notification protocols

11.2 Breach Notification

In the event of a privacy breach:

• Immediate: Internal incident response team activation
• Within 24 hours: Initial risk assessment and containment
• Within 72 hours: Notification to relevant authorities if required
• Without delay: Notification to affected individuals if high risk to rights and freedoms

11.3 Post-Incident Actions

Following any security incident:

• Comprehensive investigation and reporting
• Implementation of additional safeguards
• Review and update of security procedures
• Communication of lessons learned and improvements

12. PRIVACY BY DESIGN

12.1 Proactive Approach

We embed privacy protection throughout our service design:

• Privacy impact assessments for new features
• Data minimisation and purpose limitation principles
• Privacy-enhancing technologies implementation
• Regular privacy reviews and audits

12.2 Default Privacy Settings

Our services are configured with privacy-protective defaults:

• Minimum necessary data collection
• Opt-in rather than opt-out for non-essential processing
• Clear and granular privacy controls
• Transparent privacy settings and preferences

13. CHILDREN’S PRIVACY

13.1 Age Restrictions

Our services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

13.2 Parental Rights

If we become aware that we have collected personal information from a child under 18:

• We will take steps to delete such information promptly
• We will implement additional safeguards if child data processing is necessary
• We will obtain verifiable parental consent where required
• We will provide parents with access and control over their child’s information

14. UPDATES TO THIS PRIVACY POLICY

14.1 Change Notification

We may update this Privacy Policy to reflect:

• Changes in our services or business practices
• Updates to privacy laws and regulations
• Implementation of new security technologies
• Feedback from privacy audits and assessments

14.2 Notice Period

We will provide:

• 30 days’ advance notice for material changes
• Prominent notification on our website and via email
• Clear explanation of changes and their impact
• Opportunity to withdraw consent where applicable

15. QUESTIONS, CONCERNS, OR COMPLAINTS

15.1 Contact Information

For any privacy-related inquiries, concerns, or complaints:

Privacy Officer
ExpertEase AI/Quantum Pulse Pty Ltd
Level 21, 25 Grenfell Street
Adelaide, South Australia 5000

Email: privacy@experteaseai.com
Phone: +61 424 014 661
Website: https://experteaseai.com/privacy

15.2 Response Commitment

We commit to:

• Acknowledge receipt of your inquiry within 3 business days
• Provide initial response within 7 business days
• Complete investigation within 30 days
• Implement resolution promptly following investigation

15.3 Complaint Process

If you are not satisfied with our response:

Step 1: Contact our Privacy Officer directly

Step 2: Request escalation to senior management

Step 3: Lodge complaint with the Office of the Australian Information Commissioner (OAIC)

OAIC Contact Details:

• Website: https://www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Mail: GPO Box 5218, Sydney NSW 2001

15.4 Alternative Dispute Resolution

We are committed to resolving privacy disputes through:

• Direct negotiation and dialogue
• Mediation services where appropriate
• Industry complaint resolution schemes
• Regulatory guidance and oversight

16. PRIVACY GOVERNANCE

16.1 Privacy Management Framework

Our privacy governance includes:

• Dedicated Privacy Officer and privacy team
• Privacy steering committee with executive oversight
• Regular privacy training and awareness programs
• Annual privacy audits and compliance assessments

16.2 Continuous Improvement

We continuously improve our privacy practices through:

• Regular review of policies and procedures
• Implementation of privacy-enhancing technologies
• Monitoring of regulatory developments and best practices
• Engagement with privacy professionals and industry groups

ACKNOWLEDGMENT

By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy. Your continued use of our services constitutes acceptance of any updates to this policy.

Document Version: 21062025-1
Effective Date: 21 June 2025

ExpertEase AI – Proudly Australian. Your Privacy. Our Commitment.