Privacy Policy - Backableai Pty Ltd

1. What personal information we collect

• Identity and contact - name, job title, business name, ABN, email address, phone number, postal address.
• Account and billing - login credentials, subscription tier, payment method details (processed by secure third-party gateways; we do not store full card numbers).
• Usage and device - IP address, browser type, device identifiers, time zone, pages viewed, interactions, error logs.
• Business data you upload - files, text, financial figures, scripts, or other content you choose to input into the platform ("Customer Data").
• Support and feedback - correspondence, survey responses, feature requests, beta feedback.

We do not intentionally collect sensitive information (for example, health data) and ask that you do not provide it.

2. How we collect personal information

• Directly from you when you create an account, subscribe, fill in forms, upload data, or communicate with us.
• Automatically via cookies, pixels, and similar technologies when you browse our website or use the app.
• From integrations you authorise (for example, connecting an accounting platform or CRM).
• You may disable cookies via your browser; however, core features may not function correctly.

3. Purposes for which we use personal information

• Provide, operate, and maintain the Backable.AI Services.
• Process payments and manage subscriptions.
• Personalise your experience and deliver suggestions.
• Monitor, analyse, and improve platform performance and security.
• Develop new products, services, and machine-learning models (see Section 6).
• Communicate updates, newsletters, and promotional offers (you may opt out at any time).
• Comply with legal obligations and resolve disputes.

4. Disclosure of personal information

• Cloud and infrastructure providers - Microsoft Azure, Google Cloud Platform, Firebase, AWS (backup), and content-delivery networks.
• AI model providers - OpenAI, Anthropic, Mistral, or similar third-party LLM hosts engaged to process text and generate outputs.
• Payment processors - Stripe, PayPal, or Australian acquiring banks.
• Professional advisers - accountants, auditors, insurers, lawyers.
• Government agencies or regulators where required by law or to protect our rights.
• Related bodies corporate within the Backable group.

5. Third-party links and services

Our website may contain links to external sites or widgets we do not control. Your use of those services is governed by their own privacy policies and terms. We are not responsible for their handling of your information.

6. Machine-learning and analytics

We may anonymise and aggregate Customer Data and usage logs to train and evaluate our SME Intelligence Layer and other AI models. Aggregation removes direct identifiers. You can opt out of your data being retained for model training by emailing privacy@backable.ai.

7. Security

We employ administrative, technical, and physical safeguards, including:

• TLS 1.2+ encryption in transit and AES-256 encryption at rest.
• Role-based access controls and MFA for staff accounts.
• Regular penetration testing and vulnerability scanning.
• Secure development lifecycle with code review and dependency monitoring.

Despite our efforts, no system is 100% secure. You are responsible for keeping your credentials confidential.

8. Data retention and destruction

We retain personal information only as long as necessary:

• Account data - while the account is active and for 7 years after closure to meet taxation and record-keeping laws.
• Customer Data - until you delete it or 90 days after subscription expiry, whichever is earlier, unless required for legal defence.
• Back-ups - encrypted back-ups are automatically purged on a 30-day rolling basis.

When data is no longer needed, we securely destroy or de-identify it.

9. Access and correction

You may request access to or correction of your personal information by contacting privacy@backable.ai. We will respond within 30 days. If we refuse your request, we will explain why and how to complain.

10. Notifiable Data Breaches (NDB) scheme

If we experience a data breach that is likely to result in serious harm, we will promptly:

• Contain the breach and assess impact;
• Notify the Office of the Australian Information Commissioner (OAIC); and
• Notify affected individuals with recommended steps.

11. Marketing communications

We may send you emails about product updates or promotions. You can opt out at any time by clicking "unsubscribe" in the message or contacting privacy@backable.ai.

12. Complaints

If you believe we have breached the APPs you may lodge a written complaint to privacy@backable.ai. We will acknowledge receipt within 5 business days and aim to resolve the complaint within 30 days. If you are not satisfied, you may refer the complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

13. Changes to this Privacy Policy

We may update this policy periodically. We will post the new version on our website and, where material changes are made, provide 30 days notice via email or in-app alert.

14. Contact us