Legal
Privacy Policy
How nterprise AI collects, uses, and discloses personal information under the Australian Privacy Act 1988.
- Jurisdiction
- Australia
Kalpa Solutions Pty Ltd (trading as nterprise.ai) ("nterprise", "we", "us", "our") is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, hold, and disclose personal information.
By using our website at nterprise.ai or any of our related services (the "Services"), you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Services.
What Personal Information We Collect
We collect personal information that is reasonably necessary to provide the Services. This may include:
- Identity information — name, job title, company name
- Contact information — email address, phone number, mailing address
- Account information — username, password (hashed), account preferences
- Payment information — billing address, payment method details (processed by Stripe; we do not store raw card numbers)
- Usage data — pages visited, features used, session duration, click-stream data
- Technical data — IP address, browser type and version, device identifiers, operating system
- Communications — messages you send to our support team or via contact forms
- AI interaction data — prompts and queries you submit to AI-powered features within the Services
Where possible, we allow you to interact with us anonymously or using a pseudonym, unless it is impracticable to do so or unless we are required by law to deal with identified individuals.
How We Collect Personal Information
We collect personal information:
- directly from you when you register, subscribe, purchase, or contact us;
- automatically through cookies, analytics tools, and server logs when you use the Services; and
- from third parties such as payment processors, identity verification providers, or referral partners, where permitted by law.
We will notify you at or before the time of collection (or as soon as practicable afterwards) about the purposes for which we are collecting your information.
How We Use Personal Information
We use personal information to:
- create and manage your account and provide the Services;
- process payments and manage subscriptions;
- send transactional communications (authentication links, receipts, service notices);
- respond to support requests and enquiries;
- improve and develop the Services through aggregated analytics;
- detect and prevent fraud, abuse, and security incidents;
- comply with legal obligations, court orders, and regulatory requirements; and
- send marketing communications where you have provided consent or where we have a legitimate interest, with an easy opt-out mechanism.
We will not use your personal information for a secondary purpose that is unrelated to the primary purpose of collection unless you have consented, or unless an exception under the Privacy Act applies.
We do not use Customer Content (including AI prompts) to train, fine-tune, or improve any AI model.
Cookies and Tracking Technologies
We use cookies and similar technologies to maintain sessions, remember preferences, and collect usage analytics. You may control cookies through your browser settings; however, disabling certain cookies may limit functionality. For details, please see our cookie banner when you first visit the site.
Disclosure of Personal Information
We may disclose personal information to:
- our employees, contractors, and related entities who need access to provide the Services;
- third-party service providers (sub-processors) who assist us in operating the Services, subject to confidentiality obligations; and
- law enforcement or regulatory bodies where required or authorised by law.
We do not sell, trade, or rent personal information to third parties for their own marketing purposes.
Overseas Disclosure — APP 8 Register
Under APP 8 of the Privacy Act, we are required to take reasonable steps to ensure that overseas recipients of personal information protect it in accordance with the APPs. The following table lists the overseas sub-processors to whom we currently disclose personal information, together with the nature of that disclosure. This section is automatically generated from our APP 8 register.
We disclose personal information to the following overseas sub-processors. Each recipient is contractually required to handle personal information in a manner consistent with the Australian Privacy Principles, including through Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable.
| Sub-processor | Purpose | Residency | Legal Basis | Privacy Policy |
|---|---|---|---|---|
| Anthropic | AI model provider — powers all AI-assisted features via the Claude API | United States | Contractual necessity; Standard Contractual Clauses (SCCs) | Privacy Policy |
| Vercel | Cloud hosting and edge infrastructure for web applications | United States | Contractual necessity; Standard Contractual Clauses (SCCs) | Privacy Policy |
| Neon | Serverless Postgres database — stores application and user data | United States | Contractual necessity; Standard Contractual Clauses (SCCs) | Privacy Policy |
| Resend | Transactional email delivery — sends authentication and notification emails | United States | Contractual necessity; Standard Contractual Clauses (SCCs) | Privacy Policy |
| Trigger.dev | Background job orchestration — manages async tasks and scheduled workflows | United States | Contractual necessity; Standard Contractual Clauses (SCCs) | Privacy Policy |
| GitHub | Source code hosting and version control | United States | Legitimate interests (software development operations); Standard Contractual Clauses (SCCs) | Privacy Policy |
| Linear | Project tracking and issue management | United States | Legitimate interests (project management); Standard Contractual Clauses (SCCs) | Privacy Policy |
| Stripe | Payment processing and subscription billing | United States | Contractual necessity; Legal obligation (financial record-keeping) | Privacy Policy |
| PostHog | Product analytics — session recording, event tracking, and feature flags | United States / European Union | Legitimate interests (product improvement); Consent where required | Privacy Policy |
| Firecrawl | Web scraping and content extraction for AI context enrichment | United States | Contractual necessity; Standard Contractual Clauses (SCCs) | Privacy Policy |
| NewsAPI | News article aggregation for research and context features | United States | Contractual necessity; Standard Contractual Clauses (SCCs) | Privacy Policy |
| BetterStack | Infrastructure monitoring, log management, and uptime alerting | European Union | Legitimate interests (operational reliability); Standard Contractual Clauses (SCCs) | Privacy Policy |
| Sentry | Application error tracking and performance monitoring | United States | Legitimate interests (debugging and reliability); Standard Contractual Clauses (SCCs) | Privacy Policy |
Security
We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include encryption in transit (TLS), encryption at rest, role-based access controls, and regular security reviews.
No method of internet transmission or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a notifiable data breach as defined by the Notifiable Data Breaches (NDB) scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.
Data Retention
We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it securely. Account data is deleted within 30 days of account closure on request.
Your Rights Under the Privacy Act
Under the Privacy Act you have the right to:
- Access — request a copy of the personal information we hold about you;
- Correction — ask us to correct personal information that is inaccurate, out-of-date, incomplete, or misleading;
- Complaint — lodge a complaint with us if you believe we have breached the APPs; and
- Complaint to OAIC — if you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at www.oaic.gov.au or on 1300 363 992.
To exercise any of these rights, please contact us. We will respond within 30 days.
Children
Our Services are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy on our website with a revised "last updated" date. Where required by law, we will obtain your consent before making material changes.
Contact Us
For any privacy enquiries, access or correction requests, or complaints, please contact us or write to:
Privacy Officer Kalpa Solutions Pty Ltd (trading as nterprise.ai) privacy@nterprise.ai
Last updated: 1 April 2025
Questions about this document? hello@nterprise.ai
Kalpa Solutions Pty Ltd · ABN 96 602 432 879 · NTERPRISE Corp · Sydney / San Francisco