Privacy Policy

Privacy Policy — Abilitix Consulting Pty Ltd

Last updated: 9 April 2026

1. About This Policy

This Privacy Policy explains how Abilitix Consulting Pty Ltd (ABN 94 600 726 136) ("Abilitix", "we", "us", "our") collects, uses, discloses, stores, and protects personal information.

It applies to:

  • visitors to abilitix.com.au (the "Website")
  • users of the Abilitix platform, including the Listen, Ask, and Govern products (the "Platform")
  • client organisations and their authorised users ("Clients")

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We are also subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act.

If you have questions about this Policy or wish to make a privacy request, contact us at:

Privacy Officer

Abilitix Consulting Pty Ltd

privacy@abilitix.com.au

Level 1/457-459 Elizabeth Street, Surry Hills NSW 2010, Australia

2. What Personal Information We Collect

2.1 Website Visitors

When you visit abilitix.com.au, we may collect:

  • name and work email address (if you submit an enquiry or sign up for communications)
  • IP address, browser type, and usage data collected via analytics tools
  • cookies and similar tracking data (see Section 10)

2.2 Platform Users (Workspace Accounts)

When you register for or use the Platform, we collect:

  • name, work email address, job title, and organisation name
  • authentication credentials — the method varies by product; no credentials are stored in plain text
  • usage data, access logs, and feature interaction data
  • billing and payment information (processed by our payment provider; we do not store full card details)

Authentication methods vary by product and may include email and password, magic link sign-in, or single sign-on. No authentication credentials are stored in plain text.

2.3 Client Data Processed on Behalf of Clients

In providing the Listen, Ask, and Govern products, we process data that Clients upload or transmit to the Platform. This data is processed on behalf of the Client (as data controller) and may include personal information. The nature of this data varies by product:

ProductData ProcessedListen / AbilitixAudio recordings and transcripts of customer calls handled by the Client's contact centre or BPOAsk / AbilitixInternal documents, knowledge base content, and queries submitted by the Client's team membersGovern / AbilitixOrganisation details, AI system descriptions, assessment responses, and Privacy Impact Assessment content submitted by the Client

We process this data solely to provide the contracted services. Our obligations regarding Client data are governed by our SaaS Agreement and Data Processing terms with each Client.

For product-specific data handling details, refer to the applicable product terms or contact privacy@abilitix.com.au.

3. How We Collect Personal Information

We collect personal information:

  • directly from you when you visit the Website, create an account, or use the Platform
  • from Client organisations when they onboard their users or upload data to the Platform
  • automatically through usage logs, cookies, and analytics tools

We collect personal information only by lawful and fair means, and only where reasonably necessary for our functions and activities.

4. Why We Collect and Use Personal Information

4.1 Website and Account Data

We use personal information collected from website visitors and platform users to:

  • respond to enquiries and provide information about our products
  • create and manage your account
  • provide, operate, and improve the Platform
  • send service-related communications (e.g., account notices, security alerts)
  • send marketing communications where you have consented or where permitted under the Spam Act 2003 (Cth)
  • comply with our legal obligations
  • detect and prevent fraud, security incidents, and misuse of the Platform

4.2 Client Data

We process Client data solely to:

  • deliver the contracted product features (call scoring, knowledge assistance, governance assessments)
  • maintain, secure, and improve the technical operation of the Platform
  • comply with legal obligations

We do not use Client data to train, fine-tune, or improve our AI models or those of our sub-processors.

5. Disclosure of Personal Information

5.1 Technical Service Providers

We engage third-party technical service providers to operate and deliver the Platform. These providers act as processors under our instruction and are engaged under contractual terms that require them to handle personal information in accordance with applicable privacy law.

Our current key service providers include:

ProviderPurposeLocationAnthropic (Claude)AI inferenceUnited StatesDeepgramSpeech-to-text transcriptionUnited StatesGoogle (Gemini)AI inferenceUnited StatesSupabase (Postgres)Database and data storageAustralia (Sydney)Fly.ioPlatform hosting and computeAustraliaVercelFrontend hosting and deliveryUnited StatesStripePayment processingUnited States

Not all service providers are engaged for every product. For product-specific details, refer to the applicable product terms or contact privacy@abilitix.com.au.

We take reasonable steps to ensure these providers maintain appropriate privacy and security standards.

5.2 AI Sub-Processors

Certain products use third-party AI providers (Anthropic, Deepgram, and Google) to process data as part of service delivery. These providers are engaged under commercial API terms configured so that Client data is not used for AI model training by those providers.

5.3 Other Disclosures

We may also disclose personal information to:

  • professional advisors (lawyers, accountants, auditors) under confidentiality obligations
  • law enforcement or regulatory bodies where required or authorised by law
  • a successor entity in the event of a business sale, merger, or restructure (with prior notice to affected individuals where practicable)

We do not sell personal information to third parties.

6. Cross-Border Disclosure

Certain AI inference and frontend delivery services used by the Platform are operated by providers located in the United States (Anthropic, Deepgram, Google, and Vercel). Data storage and platform compute infrastructure is hosted in Australia.

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure those recipients handle the information consistently with the APPs. We do this primarily through contractual data processing agreements.

Where we are unable to ensure APP-equivalent protections, we will seek your consent before disclosure, or rely on another applicable exception under APP 8.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

  • Account data: retained for the duration of your account and for a reasonable period after closure to meet legal and audit obligations
  • Client data (Listen, Ask, Govern): retained for the period specified in the applicable SaaS Agreement; data is purged after the defined retention period expires
  • Usage and access logs: retained for 12 months for security and operational purposes
  • Marketing data: retained until you withdraw consent or unsubscribe

For product-specific retention details, refer to the applicable product terms or contact privacy@abilitix.com.au.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

8. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • encryption of data in transit (TLS) and at rest
  • role-based access controls and authentication requirements
  • regular security reviews of our infrastructure and sub-processors
  • incident response procedures aligned with the NDB scheme

No method of transmission over the internet is completely secure. If you become aware of a security concern, please contact us immediately at privacy@abilitix.com.au.

9. Notifiable Data Breaches

If we have reasonable grounds to believe an eligible data breach has occurred (i.e., a breach likely to result in serious harm to affected individuals), we will:

  • assess the breach as quickly as practicable
  • notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under Part IIIC of the Privacy Act
  • take steps to contain the breach and prevent recurrence

Clients who process personal information through the Platform should ensure their own NDB obligations are met. We will notify Clients of any breach affecting their data without undue delay.

10. Cookies and Tracking

Our Website uses cookies and similar technologies to:

  • maintain session state and authentication
  • analyse website traffic and usage patterns
  • improve the Website experience

You can control cookie settings through your browser. Disabling cookies may affect the functionality of the Website or Platform.

11. Your Privacy Rights

Under the Privacy Act, you have the right to:

  • access the personal information we hold about you
  • correct personal information that is inaccurate, out of date, incomplete, or misleading
  • complain about a breach of the APPs

To make an access, correction, or complaint request, contact our Privacy Officer at privacy@abilitix.com.au. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the OAIC at www.oaic.gov.au or by calling 1300 363 992.

12. Marketing Communications

We may send you marketing communications about our products and services where you have consented or where permitted by law. You can opt out at any time by:

  • clicking the unsubscribe link in any marketing email
  • contacting us at privacy@abilitix.com.au

We will process opt-out requests promptly and within a reasonable timeframe.

13. Links to Third-Party Sites

Our Website may contain links to third-party websites. This Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via the Platform.

Continued use of the Website or Platform after changes are posted constitutes acceptance of the updated Policy.

15. Contact Us

For any privacy-related questions, requests, or complaints:

Privacy Officer

Abilitix Consulting Pty Ltd

ABN 94 600 726 136

privacy@abilitix.com.au

Level 1/457-459 Elizabeth Street, Surry Hills NSW 2010, Australia

abilitix.com.au