Privacy Policy

This Privacy Policy explains how Kelpie Group Pty Ltd, trading as Kelpie Group, collects, uses, stores and discloses personal information when we provide our managed AI agent services, operate our website, respond to enquiries and work with clients.

In this policy, Kelpie, we, us or our means Kelpie Group Pty Ltd. You or your means a visitor, client, prospective client, supplier, staff member of a client, or another person whose information we handle.

This policy is intended to reflect the Australian Privacy Principles under the Privacy Act 1988 (Cth). It is not a substitute for client-specific privacy, legal or compliance advice.

2.1 Information you provide

We may collect personal information you provide to us directly, including:

• your name, role, business name, email address, phone number and contact details;
• enquiry details, workflow requirements, support requests and meeting notes;
• billing, account administration and client relationship information;
• documents, examples, instructions and approvals you provide for a Kelpie agent setup;
• communications with us, including email, calls, messages and form submissions; and
• information needed to configure, monitor, support or improve agreed workflows.

2.2 Information from client systems

Where a client asks us to build, deploy or manage a Kelpie agent, the service may process information from the client's approved systems. This can include inbox data, documents, CRM records, job notes, task data, calendar information, customer records, reports, files, workflow history, metadata and system logs.

The exact information depends on the scope, permissions and integrations approved by the client. Clients are responsible for deciding what their Kelpie agent may access and for ensuring they have the right notices, consents and permissions in place.

2.3 Website and technical information

When you visit our website or interact with our digital services, we may collect technical information such as IP address, browser type, device details, pages viewed, referring pages, time of visit and basic usage analytics.

We may use cookies, analytics tools and similar technologies to operate the website, understand usage and improve the service. You can usually adjust cookie settings in your browser.

2.4 Sensitive information

We do not seek sensitive information unless it is necessary for an agreed service or you choose to provide it. Sensitive information may include health information, financial details, identity documents, employment details, access credentials or other regulated information.

Where sensitive information is required for an approved workflow, we will handle it in line with the agreed scope, applicable law and any written client instructions.

We use personal information to:

• respond to enquiries and communicate with you;
• prepare proposals, scopes, quotes, onboarding materials and service plans;
• design, configure, test, deploy, monitor, support and improve Kelpie agent workflows;
• operate approval-gated workflows and provide draft outputs for client review;
• provide support, troubleshooting, maintenance, security monitoring and audit records;
• manage billing, administration, contracts and client relationships;
• maintain and improve our website, services, systems, prompts, templates and delivery methods;
• comply with legal obligations, resolve disputes and enforce agreements; and
• protect our systems, clients, users and third parties from misuse, security threats or fraud.

We do not sell personal information. We do not intentionally use client business data to train any third party's general publicly available AI models, and we configure services with that aim where available. Third party providers handle data under their own terms, privacy policies and technical controls.

Kelpie services may use third party AI model providers, hosting providers, workflow tools, browser automation tools, communication platforms, email systems, CRMs, databases, cloud services and API providers.

The information sent to a third party provider depends on the approved workflow, provider settings and technical requirements. We aim to use scoped access, least-privilege permissions and provider settings that reduce unnecessary data exposure where practical.

AI outputs can be inaccurate or incomplete. Unless a written scope clearly says otherwise, Kelpie agents are designed to support draft-first, human-approved workflows. Clients remain responsible for reviewing outputs and deciding whether they are suitable to use.

We may disclose personal information to:

• our employees, contractors and advisers who need it to provide or support the service;
• third party providers that host, process, analyse, transmit, secure or support the service;
• client-approved systems, accounts, platforms and authorised users;
• payment, accounting, legal, insurance and professional service providers;
• regulators, courts, law enforcement or government agencies where required or permitted by law;
• a buyer or adviser in connection with a business sale, merger, restructure or investment process; and
• other parties with your consent or as otherwise required or permitted by law.

Some third party providers may process or store information outside Australia. Where this happens, we take reasonable steps to use reputable providers and appropriate contractual, technical or organisational controls for the nature of the service.

6.1 Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure. Measures may include access controls, scoped permissions, secure credential handling, audit logs, backups, encryption where available, provider security controls and internal handling procedures.

No method of transmission or storage is perfectly secure. Clients should use secure access methods, keep their own user permissions current and promptly revoke access that is no longer required.

6.2 Credentials and access

You should not send passwords, API keys, private keys, recovery codes, OAuth secrets, one-time passcodes or similar credentials through ordinary email, chat or web forms unless we have directed you to an approved secure process.

Where possible, we prefer OAuth, delegated users, limited-permission accounts, scoped API keys, service accounts, secure credential stores and least-privilege permissions.

6.3 Retention

We keep personal information for as long as reasonably needed for the purposes described in this policy, including service delivery, support, billing, audit, security, dispute handling, backup integrity, legal compliance and ordinary business record-keeping.

When information is no longer required, we take reasonable steps to delete, de-identify or securely archive it, subject to legal, technical, backup and operational requirements.

You may ask us to provide access to personal information we hold about you, or to correct information you believe is inaccurate, out of date, incomplete, irrelevant or misleading.

We may need to verify your identity before responding. In some cases, we may refuse access or correction where permitted by law, such as where disclosure would affect another person's privacy, reveal confidential commercial information, prejudice security, or be unlawful.

You may also unsubscribe from marketing communications or ask us not to use your information for direct marketing. We may still send service, billing, security or administrative messages where needed.

Clients using Kelpie services are responsible for:

• deciding what information their Kelpie agent may access, process, store, summarise or act on;
• ensuring privacy notices, customer consents, employee notices, internal policies and permissions are in place where required;
• reviewing and approving outputs before they are sent, actioned or relied on for sensitive matters;
• keeping client-owned systems, accounts and permissions secure and current;
• telling us promptly about changed business rules, revoked access, privacy concerns or security issues; and
• complying with the privacy, employment, consumer, industry and platform obligations that apply to their business.

If you have a privacy question, access or correction request, or complaint, contact us using the details below. Please include enough information for us to understand and respond to your request.

We will aim to respond within a reasonable time. If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner at oaic.gov.au.

Email: lukas@kelpiegroup.com.au

Website: kelpiegroup.com.au

Location: 36 Warry St, Fortitude Valley QLD 4006

We may update this Privacy Policy from time to time. The updated version will be posted on our website with the updated date. If a change materially affects current paid services, we will take reasonable steps to notify affected clients.

Last updated: 26 June 2026.