Privacy Policy | AIBotza

1. About This Policy

This Privacy Policy sets out how AIBotza (Salim Zakkour trading as AIBotza, ABN 22 838 356 145) collects, holds, uses, and discloses personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme.

This policy applies to all personal information collected by AIBotza through the provision of our AI digital worker services, our website (aibotza.com), and any related communications.

We are committed to protecting your privacy and handling your personal information in an open and transparent way. If you have any questions about this policy, please contact us at scarlett@aibotza.com.

2. Anonymity and Pseudonymity

Where practicable, you have the option of not identifying yourself or using a pseudonym when dealing with AIBotza. However, in some circumstances we may need to verify your identity to provide our services or comply with legal obligations. For example, we require identification when entering into a service agreement or responding to data access requests.

3. Collection of Personal Information

We collect personal information only when it is reasonably necessary for our business functions and activities. The types of personal information we collect depend on how you interact with us.

3.1 MSP Client Personnel

When your organisation engages AIBotza, we may collect:

Full name and job title
Business email address and phone number
Organisation name and ABN
Billing and payment information
Technical contact details for PSA and system integration

3.2 End-User Data via PSA Integration

When our AI digital workers process IT support tickets through your PSA (ConnectWise, Autotask, or HaloPSA), they may access:

End-user names and email addresses as recorded in tickets
Ticket content, descriptions, and notes
Device identifiers and system diagnostic information
IP addresses and network configuration data relevant to ticket resolution

This data is accessed via API on a per-ticket basis. We do not perform bulk data exports from your PSA system.

3.3 Website Visitors

When you visit aibotza.com, we may collect:

IP address and browser type
Pages visited and time spent on pages
Referring website URL
Information you voluntarily provide via forms (name, email, organisation)

3.4 What We Do Not Collect

AIBotza does not collect:

Sensitive information (as defined under the Privacy Act) unless explicitly required and consented to
Passwords or authentication credentials (AI agents use delegated API access, not user credentials)
Financial information of end-users (only MSP client billing details)
Health, biometric, or genetic information
Information about children under 16

4. Use and Disclosure of Personal Information

We use personal information for the following purposes:

Providing, maintaining, and improving our AI digital worker services
Processing IT support tickets on behalf of our MSP clients
Communicating with clients about their accounts, services, and support
Billing and payment processing
Responding to enquiries and providing customer support
Complying with legal obligations and resolving disputes
Internal analytics to improve service quality (using aggregated, de-identified data only)

We do not sell, rent, or trade personal information to third parties. We do not use personal information for direct marketing without consent.

5. Cross-Border Disclosure

All persistent data is stored on Australian infrastructure. However, in the course of providing AI-powered ticket resolution, ticket content is transiently processed by the following overseas service:

Provider	Service	Location	Purpose	Data Retention
Anthropic PBC	Claude API	United States	AI inference for ticket classification and resolution	No data retained for training; transient processing only under enterprise API terms

Anthropic's enterprise API terms explicitly state that customer data submitted via the API is not used to train AI models and is not retained beyond the duration required to process the request. AIBotza has reviewed these terms and considers them consistent with our obligations under APP 8 (cross-border disclosure).

6. Data Security

AIBotza takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

Encryption in transit: All data transmitted between systems is encrypted using TLS 1.3
Encryption at rest: All stored data is encrypted using AES-256
Network security: Zero-trust mesh VPN architecture between all infrastructure components
Access control: Role-based access controls with least-privilege principles
Audit logging: All AI agent actions are logged with timestamps, identities, and outcomes
Infrastructure: Self-hosted Australian systems and AWS Sydney (ap-southeast-2)

In the event of an eligible data breach, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.

7. Access and Correction

Under APP 12 and APP 13, you have the right to:

Access the personal information we hold about you
Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading

To request access or correction, please contact us at scarlett@aibotza.com. We will respond to your request within 30 days. There is no fee for making a request, but we may charge a reasonable fee for providing access if the request requires substantial effort.

If we refuse a request for access or correction, we will provide you with written reasons and information about how to complain.

8. Complaints

If you believe we have breached the Australian Privacy Principles or handled your personal information inappropriately, you may lodge a complaint with us by contacting:

Privacy Officer

Email: scarlett@aibotza.com

Subject line: Privacy Complaint

We will acknowledge your complaint within 5 business days and provide a written response within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

9. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Data Type	Retention Period
Client account and billing records	Duration of contract + 7 years (tax/legal obligations)
Ticket data and AI agent logs	30 days after contract termination
Website analytics data	26 months (rolling)
Enquiry and communication records	2 years from last contact

Upon contract termination, all client-specific ticket data and AI agent logs are securely deleted within 30 days unless otherwise agreed in writing or required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify clients of material changes via email. The current version is always available at aibotza.com/privacy.

11. Contact Us

Salim Zakkour trading as AIBotza

ABN: 22 838 356 145

Privacy enquiries: scarlett@aibotza.com

Website: aibotza.com