Privacy Policy.

Last updated: 2 May 2026 · Effective for all visitors and clients of MasterKey IT.

1. About this policy

This Privacy Policy explains how MasterKey IT AI (the trading name under which MasterKey IT delivers AI rollout services, "we", "us", "our") collects, uses, stores, and discloses your personal information. We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), the Notifiable Data Breaches scheme, and the Spam Act 2003 (Cth).

By using our website (getaiandi.com), engaging us as a client, or contacting us, you consent to the practices described below.

2. Information we collect

We collect personal information that is reasonably necessary to provide our services. This may include:

• Identity details — name, role, company name
• Contact details — email address, phone number, business address
• Information you provide voluntarily through our contact form, calls, meetings, or correspondence
• Technical data — IP address, browser type, pages visited, referrer (collected via privacy-respecting analytics)
• Business and operational data shared during audit or build engagements (e.g. workflow descriptions, anonymised customer information, access credentials with permission)

We do not collect sensitive information (as defined under the Privacy Act) unless it is essential to delivering an engagement and you have given express consent.

3. How we collect it

We collect personal information directly from you when you:

• Submit our contact form or email us
• Engage us under a written agreement
• Provide credentials or business data during a build engagement
• Visit our website (technical data only)

We never purchase or scrape personal information from third parties.

4. Why we collect it

We use personal information to:

• Respond to your enquiry and assess fit
• Deliver consulting, audit, and build services we have agreed to provide
• Train AI tools we build for you, where the data has been knowingly shared and authorised
• Send relevant project updates and respond to support queries
• Comply with our legal obligations (tax, contracts, professional conduct)
• Improve our services through aggregated, de-identified analysis

We do not send marketing communications without your consent. You can opt out of any non-essential communication at any time.

5. AI processing and your data

This matters and we want to be explicit. When we build AI tools for you, your business data may be processed by large language model providers (Anthropic, OpenAI, Google) under their API terms.

• We use API-tier access, which means by default no provider trains models on your data.
• We choose Australian-region or zero-retention endpoints wherever the provider supports them.
• API providers typically retain data only for short, security-purpose retention windows (usually under 30 days), after which it is purged.
• We never share your data with model providers outside what is technically necessary to operate the tools we build.
• We will walk you through exactly what data flows where, before any build commences.

6. How we store and protect it

Personal information is stored on cloud infrastructure with reputable providers (Fly.io, AWS, Cloudflare, Google Workspace) in Australian regions where supported. We use:

• Encryption in transit (TLS 1.2+ on all connections)
• Encryption at rest on all storage
• Strong authentication and access controls — only people who need access have access
• Regular security review of any code we ship

No system is 100% secure. If we become aware of a notifiable data breach affecting you, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act and notify you and the Office of the Australian Information Commissioner (OAIC) without undue delay.

7. Sharing your information

We do not sell, rent, or trade your personal information. We may share it with:

• Service providers who help us operate (cloud hosting, payment processing, AI APIs) under confidentiality and data-protection terms
• Professional advisors (lawyers, accountants) where reasonably required
• Law enforcement or regulators where compelled by law

8. Cross-border data transfers

Some of our service providers (notably AI API providers) are based outside Australia, primarily in the United States and Europe. We take reasonable steps to ensure overseas recipients handle your information consistently with the APPs. By engaging us, you acknowledge that your data may be processed outside Australia under those safeguards.

9. Cookies and analytics

Our website uses minimal cookies. We may use privacy-respecting analytics (such as Plausible, Fathom, or Cloudflare Web Analytics) to understand visitor patterns. We do not use third-party advertising trackers. You can disable cookies in your browser without losing any site functionality.

10. Your rights

Under the Privacy Act, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion (subject to legal retention obligations)
• Withdraw consent for non-essential processing
• Lodge a complaint with us, or with the OAIC if unresolved

To exercise any of these rights, email hello@getaiandi.com with your request. We respond to access and correction requests within 30 days.

11. Retention

We retain personal information only as long as needed for the purpose collected and for any legal retention requirements (e.g. tax records, contracts). Operational data is retained for the life of the engagement and a reasonable period afterwards for support and audit purposes. After that, it is securely destroyed or de-identified.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the "Last updated" date above. Continued use of our services after changes means you accept the updated policy.

13. Complaints and contact

If you have any privacy concern or complaint, contact us first at hello@getaiandi.com. We will investigate and respond within 30 days.

If your concern is unresolved, you may contact the Office of the Australian Information Commissioner at oaic.gov.au or by phone on 1300 363 992.

14. Operator

MasterKey IT AI (a trading name of MasterKey IT) · Melbourne, Victoria, Australia · ABN 87 274 343 489 · hello@getaiandi.com