Back to Home

Privacy Policy

Effective Date: 1 January 2026

Australian Sovereignty

Data stored exclusively in Sydney, Australia

Enterprise Encryption

AES-256 at rest, TLS 1.3 in transit

SOC 2 Type II

Independently audited controls

1. Introduction

VivoAI Pty Ltd (ABN 12 345 678 901) ("VivoAI", "we", "us", or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our stakeholder intelligence platform (the "Service").

We are bound by the Australian Privacy Principles ("APPs") contained in the Privacy Act 1988 (Cth) and applicable state and territory privacy legislation. For government customers, we also comply with relevant information security requirements including the Australian Government's Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).

2. Information We Collect

2.1 Account Information

When you register for an account or are invited by an administrator, we collect:

  • Full name and professional title
  • Work email address and phone number
  • Organization name and ABN/ACN
  • Role and department within your organization
  • Authentication credentials (securely hashed)

2.2 Customer Data

Through your use of the Service, you may upload or create data including:

  • Stakeholder contact information and profiles
  • Interaction records and meeting notes
  • Documents and attachments
  • Campaign content and communications
  • Project and property information

Important: You are the data controller for Customer Data. We process Customer Data on your behalf as a data processor according to your instructions and applicable law.

2.3 Usage and Technical Data

We automatically collect technical information when you access the Service:

  • IP address and device identifiers
  • Browser type and operating system
  • Pages visited and features used
  • Date/time stamps and session duration
  • Referral URLs and search queries

3. How We Use Your Information

We use collected information to:

  • Provide the Service: Operate, maintain, and deliver the features and functionality you expect
  • Process Transactions: Manage subscriptions, billing, and payment processing
  • Communicate: Send service announcements, security alerts, and support messages
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Ensure Security: Detect, prevent, and respond to security incidents and abuse
  • Comply with Law: Meet legal obligations and respond to lawful requests
  • AI Processing: Apply machine learning models for sentiment analysis, theme extraction, and intelligent recommendations (using data only within your tenant)

4. Data Storage and Security

4.1 Australian Data Residency

All Customer Data and personal information is stored and processed exclusively within Australia using our Sydney-based AWS infrastructure (ap-southeast-2 region). Data is never transferred outside of Australia unless expressly authorized by you in writing.

4.2 Security Measures

We implement comprehensive security controls including:

  • AES-256 encryption for all data at rest
  • TLS 1.3 encryption for all data in transit
  • Multi-factor authentication (MFA) support
  • Role-based access controls (RBAC) with tenant isolation
  • Regular vulnerability assessments and penetration testing
  • 24/7 security monitoring and incident response
  • Automated security patching and updates

4.3 Compliance Certifications

VivoAI maintains SOC 2 Type II certification and our infrastructure is ISO 27001 certified. We undergo annual third-party security audits and can provide reports upon request under NDA.

5. Data Sharing and Disclosure

We do not sell, rent, or trade personal information. We may share information only in these circumstances:

5.1 Service Providers

We engage trusted third parties to perform services on our behalf (payment processing, email delivery, cloud hosting). These providers are contractually bound to use information only for the specific services they provide and maintain appropriate security measures.

5.2 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or when necessary to protect our rights, property, or safety, or that of our users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected users before their information becomes subject to a different privacy policy.

6. Data Retention

Active Accounts: We retain personal information and Customer Data for as long as your account is active or as needed to provide the Service.

Terminated Accounts: Upon account termination, we retain Customer Data for 90 days to allow for data export. After this period, data is permanently deleted from our production systems. Backup data is purged within 180 days of termination.

Legal Requirements: We may retain certain information longer if required by law or for legitimate business purposes such as resolving disputes or enforcing agreements.

7. Your Privacy Rights

Under the Privacy Act 1988 and Australian Privacy Principles, you have the right to:

  • Access: Request a copy of personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of personal information (subject to legal retention requirements)
  • Data Portability: Export your data in a standard, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us at privacy@vivoai.ai. We will respond to verified requests within 30 days.

8. Cookies and Tracking

We use essential cookies required for the Service to function (authentication, security, preferences). We also use analytics cookies to understand how the Service is used and improve the user experience.

You can configure your browser to refuse cookies, but this may limit your ability to use certain features of the Service.

9. AI and Machine Learning

Our Service uses AI and machine learning to provide features such as sentiment analysis, theme extraction, and intelligent recommendations. Important points about our AI use:

  • AI processing is performed within your tenant only—your data is never mixed with other customers' data
  • We use AWS Bedrock with Claude Haiku 4.5 for AI features, with data remaining in the ap-southeast-2 region
  • Your data is not used to train general AI models outside of your organization
  • AI-generated insights are provided to assist decision-making, not to replace human judgment

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email to the address associated with your account at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy inquiries, complaints, or to exercise your rights:

Privacy Officer

VivoAI Pty Ltd

Level 10, 123 Pitt Street

Sydney NSW 2000, Australia

Email: privacy@vivoai.ai

Phone: +61 2 9999 8888

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.