Privacy Policy

1. About this policy

Corporate Agents Pty Ltd (ABN 35 696 774 197) is committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This policy describes how we collect, hold, use, and disclose personal information in connection with our website (corporateagents.com.au) and the AI agent consulting and development services we provide. This policy applies to all personal information we handle, whether collected through our website, by email, by phone, or in the course of providing our services. We only collect personal information that is reasonably necessary for one or more of our functions or activities. We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up to date, complete, and relevant.

2. Anonymity and pseudonymity

Where it is lawful and practicable, you may interact with our website without identifying yourself or by using a pseudonym. However, if you wish to submit an enquiry, request a consultation, or engage us for services, we will need to collect your identity and contact information in order to respond to you and deliver our services.

3. Information we collect

We collect the following categories of personal information:

• Identity and contact information: your name, email address, company name, phone number (if provided), and job title
• Project information: your preferred cloud platform, project description, and any details you include in your enquiry
• Correspondence: the content of emails, meeting notes, and other communications between us
• Technical information: when you visit our website, our servers automatically record your IP address, browser type, device type, operating system, referring URL, and pages visited. When Google Analytics is active, additional usage data including session duration and interactions may be collected via cookies
• Account information: if you access our client dashboard, we collect your email address and password for authentication purposes

4. How we collect information

We collect personal information in the following ways:

• Directly from you: when you submit our contact form, send us an email at info@corporateagents.com.au, book a consultation, or communicate with us during a project engagement
• Automatically: through server logs when you visit our website, and through cookies set by Google Analytics (where enabled) to understand how visitors use our site
• From third parties: in limited circumstances, we may receive your contact details from a colleague or business associate who refers you to us

5. Why we collect and use your information

We collect and use your personal information for the following purposes:

• To respond to your enquiries and provide the services you request
• To send you a confirmation when you submit an enquiry through our website
• To communicate with you about projects, updates, deliverables, and invoicing
• With your consent, to send you information about our services, industry insights, and updates. You can withdraw your consent or unsubscribe at any time
• To improve our website, services, and user experience
• To monitor and resolve technical errors on our website
• To comply with our legal obligations
• To protect our legal rights and the security of our systems

6. Collection notice

At or before the time we collect your personal information, we will take reasonable steps to notify you of the matters required under APP 5, including who we are, the purposes of collection, and the third parties to whom we may disclose your information. When you submit our contact form, the collection notice displayed on the form provides this information and links to this privacy policy. We will not use or disclose your personal information for a purpose other than the primary purpose of collection unless you have consented, or an exception applies under the Privacy Act (such as where a secondary use is directly related to the primary purpose and you would reasonably expect us to use or disclose the information for that secondary purpose).

7. Consequences of not providing information

If you choose not to provide the personal information we request, we may not be able to respond to your enquiry, provide you with a consultation, or deliver our services effectively. You are not required to provide your phone number or preferred cloud platform — these fields are optional.

8. Disclosure of information

We do not sell, rent, or trade your personal information. We may disclose your information to the following categories of recipients, who are bound by contractual obligations (including data processing agreements where applicable) to protect your data:

• Cloud infrastructure providers: Google Cloud Platform hosts our website, database, and application infrastructure in Australia
• Error monitoring: Sentry monitors our website for technical errors. Error reports may include your IP address, browser type, and device information. Sentry stores this data in the European Union
• Email services: our business email is hosted by Google Workspace. When we correspond with you by email, your information is processed by Google
• Transactional email delivery: Zeptomail (by Zoho) delivers automated emails such as enquiry confirmations. Zeptomail processes this data in Australia
• Web analytics: Google Analytics collects anonymised usage data about how visitors interact with our website. This data is processed by Google
• Professional advisors: our accountants, lawyers, or other professional advisors where reasonably necessary
• Regulators and law enforcement: where required or authorised by Australian law, or to comply with a court or tribunal order

9. Overseas disclosure

Some of the third-party services we use are operated by organisations located outside Australia. Before disclosing your personal information to an overseas recipient, we take reasonable steps to ensure they handle your information consistently with the Australian Privacy Principles, including through binding contractual obligations such as data processing agreements. Your personal information may be disclosed to recipients in the following countries:

• European Union — Sentry (error monitoring and technical diagnostics)
• United States — Google LLC (Google Workspace for email and Google Analytics for website analytics)

10. Cookies and analytics

Our website uses Google Analytics 4 (GA4) to understand how visitors interact with our site. GA4 sets first-party cookies on your browser (including _ga and _ga_WG04KTZZ8B) to collect data such as pages visited, session duration, device type, and approximate geographic region (city level). IP addresses are not stored by GA4 — they are used only momentarily to derive coarse geography and then discarded. We retain GA4 event data for 14 months. We do not use Google Signals, advertising features, remarketing, or cross-device tracking. We do not use social media tracking pixels or retargeting technologies. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout) or by enabling 'Do Not Track' or a privacy-focused browser extension. Our server logs may record your IP address, browser type, and pages visited for security and diagnostic purposes. This data is hosted on Google Cloud Platform in Australia and is not linked to your identity.

11. Data storage and security

Your personal information is stored securely on servers located in Australia (Google Cloud Platform, Sydney region). We implement reasonable technical and organisational measures to protect your information from unauthorised access, loss, or misuse, including:

• Encryption in transit using TLS (HTTPS) on all connections
• Encryption at rest for all stored data
• Access controls using the principle of least privilege
• Secrets and credentials managed via Google Cloud Secret Manager
• Continuous error monitoring and audit logging

12. Data retention

We retain your personal information only for as long as reasonably necessary for the purposes described in this policy, or as required by law. Specifically:

• Contact form enquiries: retained for the duration of any resulting business relationship, plus a reasonable period afterward. Enquiries that do not proceed are deleted within 12 months
• Email correspondence: retained in accordance with our business records obligations
• Server logs: retained for up to 30 days for security and diagnostic purposes
• Google Analytics event data: retained for 14 months from collection
• Client project data: retained for the duration of the engagement and any applicable retainer period, then deleted or returned to the client upon termination

13. Your rights — access and correction

You have the right to request access to the personal information we hold about you and to request corrections if it is inaccurate, incomplete, or out of date. To make a request, contact us at info@corporateagents.com.au. We will acknowledge your request within 7 days and provide a substantive response within 30 days. We may decline access in limited circumstances permitted by the Privacy Act, such as where providing access would be unlawful or would prejudice law enforcement. If we decline, we will provide written reasons. If we correct personal information that we have previously disclosed to a third party, we will take reasonable steps to notify that third party of the correction, unless it is impracticable or unlawful to do so.

14. Marketing and unsubscribe

We will only send you marketing communications if you have opted in via our contact form or otherwise provided your consent. In accordance with the Spam Act 2003 (Cth), every commercial electronic message we send will contain accurate sender identification (including our entity name, ABN, and a functional contact mechanism), a clear unsubscribe link, and will only be sent with your consent. If you unsubscribe, we will action your request within 5 business days, as required by the Spam Act. Unsubscribing from marketing will not affect transactional communications related to an active engagement, such as project updates or invoices. To opt out, use the unsubscribe link in any marketing email or contact us at info@corporateagents.com.au.

15. Data breach notification

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth). Specifically, we will:

• Assess any suspected eligible data breach within 30 days and take all reasonable steps to contain and remediate the breach
• Prepare a statement for the Office of the Australian Information Commissioner (OAIC) containing the information required under section 26WK of the Privacy Act, including a description of the breach, the kinds of information involved, and our recommendations
• Notify the OAIC as soon as practicable after we become aware that there are reasonable grounds to believe an eligible data breach has occurred
• Notify each affected individual (or, if that is not practicable, publish a notice on our website and take reasonable steps to publicise the contents of the notice) as soon as practicable, including recommendations about the steps they can take in response to the breach

16. Automated decision-making

As at the effective date of this policy, Corporate Agents does not use automated decision-making technology that significantly affects your rights or interests. Our AI agent development and consulting services are provided to our clients, who are responsible for their own privacy disclosures regarding automated decision-making within their systems. If we introduce automated decision-making that affects individuals in the future, we will update this policy to include the disclosures required under the Privacy Act.

17. European visitors

If you are located in the European Economic Area (EEA) or the United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to erasure, data portability, restriction of processing, and the right to object to processing. You also have the right to lodge a complaint with your local data protection supervisory authority. To exercise any of these rights, contact us at info@corporateagents.com.au.

18. Children

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take reasonable steps to delete it.

19. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint by emailing info@corporateagents.com.au. We will acknowledge your complaint within 7 days and investigate and respond within 30 days. If you are not satisfied with our response, or if we do not respond within 30 days, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Post: GPO Box 5288, Sydney NSW 2001

20. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal obligations. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

21. Contact

For any privacy-related enquiries, contact us at info@corporateagents.com.au or write to Corporate Agents Pty Ltd, 52/68 Beeston Street, Newstead, Brisbane, QLD, Australia.