Eplex AI Privacy Policy

(a) Eplex AI respects your right to privacy and is committed to safeguarding the privacy of our customers and website visitors. This policy sets out how we collect and treat your personal information.

(b) We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (“GDPR”).

(c) Personal Information is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly (“Personal Information”).

(d) This policy also covers Service Data, which is defined as the content and data you submit, send, or display through the Eplex AI services, such as the text from emails you choose to process (“Service Data”).

(e) You may contact us in writing at 81-83 Campbell St, Sydney, New South Wales, 2010 for further information about this Privacy Policy.

(a) Eplex AI will, from time to time, receive and store Personal Information you submit to our website, provide to us directly, or give to us in other forms.

(b) You may provide basic information such as your name, organisation and email address to enable us to send you information, provide updates and process your product or service order.

(c) We may collect additional Personal Information at other times, including but not limited to, when you provide feedback, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.

(d) Additionally, we may also collect any other information you provide while interacting with us.

(a) Eplex AI collects Personal Information from you in a variety of ways, including when you interact with us electronically or in person, when you access our website and when we engage in business activities with you. We may receive Personal Information from third parties. If we do, we will protect it as set out in this Privacy Policy.

(b) By providing us with Personal Information, you consent to the supply of that information subject to the terms of this Privacy Policy.

(a) Eplex AI may use Personal Information collected from you to provide you with information about our products or services. We may also make you aware of new and additional products, services and opportunities available to you.

(b) Eplex AI will use Personal Information and Service Data only for the purposes that you consent to. This may include to:

• (i) provide you with products and services during the usual course of our business activities;
• (ii) administer our business activities;
• (iii) manage, research and develop our products and services;
• (iv) provide you with information about our products and services;
• (v) communicate with you by a variety of measures including, but not limited to, by telephone, email or mail; and
• (vi) investigate any complaints.

(c) Our handling of your Service Data is subject to specific rules:

• (i) Purpose of use: we process your Service Data only for the purpose of providing, maintaining, and improving the Services for you. All processing is performed on your instruction and for your benefit.
• (ii) Human access: access to your Service Data by Eplex AI personnel is strictly limited. Human review of Service Data will only occur under specific, limited circumstances, such as when required to resolve a customer-initiated support ticket, to investigate a suspected violation of our Terms of Service, or as strictly necessary to address a security incident or technical bug. All such access is subject to strict confidentiality obligations.
• (iii) Metadata: we may store and process metadata associated with your Service Data, such as sender and recipient information, timestamps, deal stages, and subject lines, for the purpose of providing the Service, for security, and to enable features within your user account.
• (iv) Linguistic and cultural models: to provide features such as drafting and summarisation, our Service uses proprietary frameworks. These frameworks use generalised rules and content relating to language and communication styles to enhance the quality of the Service. We do not store or create profiles based on any inferred cultural preferences of individual users.

(d) Use of data for AI model training: Eplex AI is committed to protecting the confidentiality of your Service Data. We do not use your Service Data, or any personal information contained within it, to train our own or any third-party artificial intelligence models. We delete or irreversibly anonymise data 30 days after account closure, or sooner upon request.

(e) We may disclose your Personal Information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.

(a) Eplex AI may disclose your Personal Information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy.

(b) If we do disclose your Personal Information to a third party, we will protect it in accordance with this privacy policy.

(c) Sub-processors: To provide our Services, we engage third-party services (“Sub-processors”) to process your data. By using our Services, you acknowledge and consent to our use of these Sub-processors:

• (i) Google Cloud Platform (“GCP”): For all application hosting, data storage, and infrastructure. Data is processed in secure, designated cloud regions.
• (ii) OpenAI, L.L.C.: To provide the core artificial intelligence and language processing features of our Services. We send your Service Data to the OpenAI API for processing and receive the result. As per our policy, this data is not used for training OpenAI models.

(d) If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

(a) Eplex AI will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

(b) We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

(c) We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

(d) We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

(e) We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

(f) We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

(g) We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

(h) You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

(a) If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Eplex AI complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.

(b) Except as otherwise provided in the GDPR, you have the following rights:

• (i) to be informed how your personal information is being used;
• (ii) access your personal information (we will provide you with a free copy of it);
• (iii) to correct your personal information if it is inaccurate or incomplete;
• (iv) to delete your personal information (also known as "the right to be forgotten");
• (v) to restrict processing of your personal information;
• (vi) to retain and reuse your personal information for your own purposes;
• (vii) to object to your personal information being used; and
• (viii) to object against automated decision making and profiling.

(c) Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.

(d) We may ask you to verify your identity before acting on any of your requests.

(a) Information that we collect will be stored and processed by our Sub-processors (as defined in Section 5(c)) in countries that may be outside of Australia, including but not limited to the USA and various EU countries where Google Cloud Platform and OpenAI operate data centers.

(b) Transfers to each of these countries will be protected by appropriate safeguards, including the use of Standard Contractual Clauses (SCCs) as approved by the European Commission under Article 46 of the GDPR, binding corporate rules, and other technical and organizational measures.

(c) You acknowledge that Personal Information and Service Data that you submit through our services may be transferred and processed by these Sub-processors in accordance with this policy. We cannot prevent the use (or misuse) of such data by others once it is made publicly available by you.

(a) Eplex AI is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

(b) Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

(c) The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

(d) We secure data with TLS 1.3 in transit and AES-256 at rest. If an eligible data breach occurs, we will notify affected customers and the OAIC (or relevant authority) within 72 hours.

(a) You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at info@eplex.ai.

(b) We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.

(a) When you visit our website: When you come to our website (www.eplex.ai), we may collect certain information such as browser type, operating system, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.

(b) Cookies: We may from time to time use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. Non-essential cookies load only after you accept our cookie banner. Our website may from time to time use cookies to analyse website traffic and help us provide a better website visitor experience.

(c) Third party sites: Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Eplex AI is not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.