Privacy Policy

1. Introduction

GoannaAI ("GoannaAI", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs") contained in Schedule 1 of the Privacy Act.

By accessing our website at goannaai.com or engaging our services, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our website and services.

This policy applies to all personal information we collect through our website, client portal, and any services we provide.

2. What Is Personal Information?

"Personal information" has the meaning given to it in the Privacy Act — information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether it is recorded in a material form or not.

"Sensitive information" is a subset of personal information and includes health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, and criminal records. We do not intentionally collect sensitive information unless strictly necessary and with your explicit consent.

3. Information We Collect

We may collect the following categories of personal information:

3.1 Information You Provide Directly

• Contact and identity details — name, email address, phone number, job title, and company name when you submit an enquiry, sign up for services, or communicate with us.
• Client portal credentials — username and securely hashed password when you register for our client portal.
• Project and business information — details you share with us during onboarding, project briefings, or consultations.
• Payment information — billing details processed via our payment processors. We do not store full card numbers on our systems.
• Communications — the content of emails, messages, or support requests you send to us.

3.2 Information Collected Automatically

• Usage data — pages visited, links clicked, time spent on pages, and navigation paths.
• Technical data — IP address, browser type and version, device type, operating system, and referring URLs.
• Cookies and similar technologies — session data and preferences stored via cookies. See Section 10 for details.

3.3 Information from Third Parties

We may receive information about you from third parties such as referral partners, social media platforms (where you choose to interact with us), or publicly available sources where permitted by law.

4. How We Collect Personal Information

Consistent with APP 3, we collect personal information only by lawful and fair means, and not in an unreasonably intrusive way. We collect information:

• Directly from you via our website contact form or email;
• When you engage or contract with us for services;
• Automatically through your use of our website (via server logs and analytics);
• From third parties where you have authorised that third party to share your information with us.

Where it is reasonable and practicable to do so, we will give you the option of not identifying yourself or using a pseudonym when interacting with us (APP 2). However, certain services require accurate identification to be delivered properly.

5. How We Use Your Personal Information

Consistent with APP 6, we use personal information for the primary purpose for which it was collected and related secondary purposes that you would reasonably expect. These purposes include:

• Responding to your enquiries, requests, and communications;
• Providing, managing, and improving our software development, AI automation, web, mobile, and cloud hosting services;
• Managing our contractual relationship with you as a client;
• Sending service-related communications including project updates, invoices, and support;
• Sending marketing and promotional communications where you have provided consent or we are otherwise permitted to do so under the Spam Act 2003 (Cth);
• Improving, personalising, and developing our website and services;
• Complying with our legal obligations and resolving disputes;
• Detecting, investigating, and preventing fraud, security breaches, and other prohibited activities.

6. Disclosure of Personal Information

We may disclose personal information to the following categories of third parties:

• Service providers and contractors — including cloud infrastructure providers, payment processors, email and communication platforms (Microsoft Office 365), analytics providers, and other technology partners who assist in delivering our services. These parties are bound by confidentiality obligations and are only permitted to use your information as directed by us.
• Professional advisers — lawyers, accountants, and auditors, under duties of confidentiality.
• Regulatory and government authorities — where required or authorised by law, court order, or regulatory obligation.
• Business successors — in the event of a merger, acquisition, or sale of all or part of our business assets, subject to confidentiality protections.

We will not sell, rent, or trade your personal information to third parties for their own marketing purposes.

7. Cross-Border Disclosure

Consistent with APP 8, some of our service providers and tools are located outside Australia, including in the United States and European Union. Where we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle your information in accordance with the APPs or a comparable standard of protection.

By providing us with personal information, you consent to the transfer of that information to overseas recipients for the purposes described in this policy.

8. Data Security

Consistent with APP 11, we take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

• Transport Layer Security (TLS/HTTPS) encryption for all data in transit;
• Secure password hashing and salting for stored credentials;
• Access controls and role-based permissions on internal systems;
• Regular security reviews and updates to software dependencies;
• Strict Content Security Policy (CSP) headers on our web properties.

While we implement industry-standard safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Notifiable Data Breaches: In the event of a data breach that is likely to result in serious harm, we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act, including notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals as required.

9. Data Retention

We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, to provide our services, to comply with our legal obligations (including tax and corporate record-keeping requirements under Australian law), to resolve disputes, and to enforce our agreements.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it in a secure manner (APP 11.2).

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and collect usage data. Types of cookies we use:

• Essential cookies — necessary for the website to function (e.g., session management, security tokens). These cannot be disabled.
• Analytics cookies — help us understand how visitors interact with our website so we can improve it.
• Preference cookies — remember your choices (e.g., dark/light theme preference).

You can control cookies through your browser settings. Disabling non-essential cookies will not prevent you from accessing our core content.

11. Your Rights and Accessing Your Information

Under the Privacy Act and APPs 12 and 13, you have the right to:

• Access the personal information we hold about you (APP 12);
• Correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13);
• Complain about a breach of the APPs (see Section 13 below);
• Opt out of direct marketing communications at any time by using the unsubscribe mechanism in our emails or by contacting us.

To exercise these rights, please contact us using the details in Section 14. We will respond to access and correction requests within a reasonable time (generally 30 days) and at no charge, unless an exception under the Privacy Act applies.

12. Direct Marketing

We may use your personal information to send you marketing communications about our services where you have provided consent or we are otherwise permitted to do so. Consistent with APP 7 and the Spam Act 2003 (Cth), all marketing emails will include a clear and functional unsubscribe mechanism. You may opt out at any time.

13. Complaints

If you believe we have breached the Privacy Act or the APPs, you may lodge a complaint with us in the first instance by contacting us at hello@goannaai.com. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

14. Contact Us

For privacy-related enquiries, requests, or complaints, please contact our Privacy Officer:

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website or services after any changes constitutes your acceptance of the updated policy.