Legal

Privacy Policy

Last updated: 15 April 2026

NodusAI Systems PTY LTD (ABN 63 694 785 389) ("Nodus", "we", "us") respects your privacy. This policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the EU General Data Protection Regulation (GDPR) and UK GDPR.

1. Information we collect

Information you provide

Account data: name, email, phone, business name, ABN, billing address.
Configuration data: business descriptions, ICP definitions, scripts, FAQs, escalation numbers, knowledge bases.
Integration credentials: OAuth tokens for Gmail, calendar providers, CRM systems, and advertising platforms — stored AES-256 encrypted and accessible only to the services you connect.
Customer Data: contact records, leads, call recordings, transcripts, SMS/email content, pipeline data you upload or your agents collect on your behalf.

Information collected automatically

Usage telemetry (features accessed, session duration, error logs).
Device and network information (IP address, browser type, operating system).
Cookies and similar technologies for authentication, session management, and analytics.

2. How we use information

We process personal information to:

Provide, maintain, and improve the Services.
Deploy and operate the AI agents you configure.
Process subscription payments and report usage.
Communicate service notices, onboarding emails, and support responses.
Detect fraud, abuse, and security incidents.
Comply with legal obligations.

3. AI processing & model training

We do not train foundation models on your Customer Data. Prompts and inputs sent to third-party large language models (Anthropic Claude) are processed under the provider's zero-retention terms and are not used for general model improvement.

Your Customer Data is used only to operate your agents and is accessible only to you and to authorised Nodus personnel for support, security, and service delivery.

4. Sharing & disclosure

We share personal information only with:

Service providers strictly necessary to deliver the Services: Stripe (payments), Twilio (telephony/SMS), Retell AI (voice), Anthropic (language model), Apollo.io (B2B prospecting), Resend (system email), Google (Gmail OAuth), Meta (advertising), and CRM providers you explicitly connect.
Your connected CRM — contact records you or your agents create are mirrored to the CRM platform you selected during onboarding.
Regulators, courts, or law enforcement where legally compelled.
Successors in the event of a merger, acquisition, or sale of assets, with notice to affected users.

We do not sell personal information. We do not share personal information with third parties for their own marketing.

5. International transfers

The Services are hosted primarily in the United States, the European Union, and Australia. By using the Services you acknowledge that personal information may be transferred internationally. Where transfers originate from the EU/UK, we rely on Standard Contractual Clauses or equivalent mechanisms.

6. Data retention

Account data — retained while your account is active and for up to 7 years after closure to meet tax and regulatory obligations.
Customer Data — retained while your account is active. On termination, exportable on request for 30 days, then deleted or anonymised.
Call recordings & transcripts — retained for 90 days by default; configurable in dashboard settings.
Billing records — retained for the period required under Australian tax law.

7. Security

We implement administrative, technical, and physical safeguards including: AES-256 encryption at rest for credentials, TLS 1.2+ in transit, role-based access controls, secret rotation, audit logging, and least-privilege infrastructure access. No method of transmission is 100% secure; we cannot guarantee absolute security.

8. Your rights

Under Australian law and, where applicable, GDPR you have the right to: access the personal information we hold about you; request correction or deletion; restrict or object to processing; data portability; withdraw consent; and lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local supervisory authority.

To exercise any right, contact hello@nodusaisystems.com. We respond within 30 days.

9. Recording & telephony consent

AI voice agents may record calls for training, transcription, quality assurance, and legal compliance. You, as the operator, are responsible for ensuring your greeting and workflows provide appropriate consent disclosures in accordance with the jurisdictions you operate in (including two-party consent states in the U.S. and applicable Australian state laws).

10. Cookies

The platform uses strictly necessary cookies for authentication and session management, and optional analytics cookies for product improvement. You can control cookies in your browser settings; disabling strictly necessary cookies will impair the Services.

11. Children

The Services are not directed to individuals under 18. We do not knowingly collect personal information from children.

12. Changes

We may update this policy. Material changes will be notified by email or in-platform notice at least 14 days before taking effect.

13. Contact

NodusAI Systems PTY LTD
81-83 Campbell Street, Surry Hills, NSW, 2010, Australia
hello@nodusaisystems.com · +61 468 016 602