Privacy Policy

1. Who This Policy Applies To

This policy applies to:

• Business clients — companies and sole traders who engage Mellon AI for AI automation services
• End users — employees and contractors of client businesses who interact with AI systems we deploy
• Website visitors — individuals who visit mellonai.com.au or related websites
• Prospective clients — individuals who contact us or book a consultation

If you are a business client, your employees' personal information processed through systems we deploy is subject to both this policy and any Data Processing Agreement (DPA) entered into between us.

2. What Personal Information We Collect

2.1 From Clients and Prospective Clients

• Name, job title, and business name
• Email address and phone number
• Business address and ABN/ACN
• Payment and billing details (processed by our payment provider; we do not store card numbers)
• Information shared during onboarding, strategy calls, and support interactions

2.2 From End Users of Deployed AI Systems

When we deploy AI agents, automation workflows, or AI assistants within a client's business environment, those systems may process:

• Names, email addresses, and contact details of the client's customers or staff
• Business communications (emails, messages, meeting transcripts)
• Documents, records, and data submitted to or processed by AI workflows
• Voice recordings or transcriptions where voice-enabled tools are deployed

In these cases, Mellon AI acts as a data processor on behalf of the client, who remains the data controller. Clients are responsible for ensuring they have appropriate consent from their own customers and staff before engaging our services.

2.3 From Website Visitors

• IP address and browser information (via analytics)
• Pages visited, referral source, and session duration
• Contact form submissions and enquiry details
• Cookies (see Section 9)

3. How We Collect Personal Information

We collect personal information:

• Directly from you when you complete a contact form, book a call, or engage our services
• Through strategy calls, onboarding sessions, and ongoing service delivery
• Automatically via website analytics tools when you visit our site
• From third-party platforms (e.g., Calendly, payment processors) when you use them to interact with us
• Through AI systems we operate on behalf of clients, where authorised by the client

4. How We Use Personal Information

We use personal information for the following purposes:

• Service delivery — to set up, configure, manage, and optimise AI automation systems for clients
• Client communication — to respond to enquiries, provide support, and send service-related updates
• Billing and administration — to process payments, issue invoices, and manage contracts
• Product improvement — to improve our methodologies and service quality (using aggregated, anonymised data only)
• Legal compliance — to meet obligations under applicable Australian laws
• Marketing — with your consent, to send newsletters or service updates (you can opt out at any time)

We do not use personal information for any purpose that is incompatible with the reason it was collected.

5. AI Processing and Third-Party AI Providers

Our services involve the use of large language models (LLMs) and AI APIs provided by third parties, including:

• OpenAI (GPT models) — OpenAI Privacy Policy
• Anthropic (Claude models) — Anthropic Privacy Policy
• Google (Gemini models) — Google Privacy Policy

When content is processed through these providers' APIs, that content may be transmitted to servers outside Australia. We take the following steps to protect client data in AI processing:

• We use enterprise or API-tier agreements with AI providers that include data processing protections and, where available, opt-outs from model training on API inputs
• We configure AI systems to minimise the volume of personal information included in prompts where possible
• For clients with strict data residency or privacy requirements, we offer on-premises or local AI deployment options where processing occurs entirely within the client's own infrastructure

Clients with heightened privacy requirements (healthcare, legal, financial services) are advised to contact us before engagement to discuss appropriate deployment configurations.

6. Disclosure of Personal Information

We may disclose personal information to:

• AI model providers — as described in Section 5, where necessary to deliver services
• Cloud infrastructure providers — such as AWS, Google Cloud, or similar, for hosting and data storage
• Payment processors — for billing purposes only
• Professional advisers — lawyers, accountants, or auditors, under confidentiality obligations
• Regulatory authorities — where required by law or court order

We do not sell, rent, or trade personal information to third parties for marketing purposes. We do not disclose client business data to other clients.

7. International Data Transfers

Some of our service providers are located outside Australia, including AI model providers in the United States. When personal information is transferred overseas, we take reasonable steps to ensure it is handled in accordance with the Australian Privacy Principles. This may include relying on contractual protections with overseas recipients or selecting providers who maintain equivalent privacy standards.

By engaging our services, you acknowledge that personal information may be processed by overseas AI providers as necessary to deliver the services requested.

8. Data Retention

We retain personal information for as long as necessary to deliver our services and meet legal obligations:

• Client account data — retained for the duration of the engagement and for 7 years afterwards to meet tax and legal requirements under Australian law
• AI workflow logs and outputs — retained for 90 days by default, or as specified in the client's Data Processing Agreement
• Support and communication records — retained for 3 years
• Website analytics — aggregated data retained indefinitely; raw session data retained for 26 months

At the end of an engagement, clients may request deletion of their data from our systems. We will action deletion requests within 30 days, subject to legal retention requirements.

9. Cookies and Tracking

Our website uses cookies and similar tracking technologies to:

• Understand how visitors use our site (analytics)
• Remember your preferences
• Improve website performance

You can control cookies through your browser settings. Disabling cookies may affect some website functionality. We do not use cookies to serve targeted advertising.

10. Security

We implement technical and organisational security measures to protect personal information against unauthorised access, loss, or disclosure. These include encryption in transit and at rest, access controls, and regular security reviews. For full details, see our Data Security page.

No method of data transmission or storage is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. We will notify affected clients and, where required, the Office of the Australian Information Commissioner (OAIC) in the event of an eligible data breach.

11. Your Privacy Rights

Under the Australian Privacy Act and, where applicable, overseas equivalents such as the GDPR, you have the right to:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate or out-of-date information
• Deletion — request deletion of your personal information, subject to legal retention requirements
• Opt-out of marketing — unsubscribe from marketing communications at any time
• Complain — lodge a complaint with the OAIC if you believe we have mishandled your information

To exercise any of these rights, contact us at daniel@habitedge.app. We will respond within 30 days.

12. Complaints

If you have a complaint about how we have handled your personal information, please contact us at daniel@habitedge.app. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. We will notify current clients of material changes via email. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

Habitedge Pty Ltd
Trading as Mellon AI
Sydney, New South Wales, Australia
Email: daniel@habitedge.app