Privacy Policy

We collect and process the following categories of information:

Account Information. When you register for an AI AQM account, we collect your name, email address, organisation name, role, and billing details. This information is necessary to provision your account and manage your subscription.

Call Recordings & Transcripts. Our platform processes audio call recordings uploaded by your organisation in WAV, MP3, and M4A formats. These recordings are transcribed and analysed by our AI agents for compliance audit purposes. The resulting transcripts, compliance audit results, agent assessments, and associated metadata are stored within your organisation's isolated tenancy.

Usage Data. We automatically collect information about how you interact with our platform, including access timestamps, feature usage, API calls, and browser or device identifiers. This data helps us improve the service and ensure security.

Audit Logs. All actions taken within the platform are recorded in append-only audit logs. These logs capture user actions, system events, and compliance-related activities to maintain a verifiable chain of custody for regulatory purposes.

We use the information we collect to:

• Provide, operate, and maintain the AI AQM compliance auditing platform
• Process call recordings through our AI agents and generate compliance audit reports
• Administer your account, manage billing, and communicate service updates
• Enforce role-based access controls and maintain organisational data isolation
• Detect, investigate, and prevent security incidents or fraudulent activity
• Comply with applicable Australian financial services regulations, including APRA and ASIC requirements
• Improve platform performance, reliability, and the accuracy of our AI models

We do not sell your personal information to third parties. We do not use your call recordings or transcripts for any purpose other than providing the auditing service to your organisation.

All data processed by AI AQM is hosted exclusively on Microsoft Azure Australia East (Sydney) infrastructure. Your data never leaves Australian jurisdiction.

We implement the following security measures:

• Encryption at rest using AES-256 for all stored data, including call recordings, transcripts, and audit results
• Encryption in transit using TLS 1.3 for all data transmitted between your systems and our platform
• Multi-tenancy with organisation isolation ensuring that each customer's data is logically separated and inaccessible to other tenants
• Role-based access control (RBAC) restricting data access to authorised personnel within your organisation
• Append-only audit logs providing an immutable record of all platform activity

AI AQM is built to SOC 2 Type II and ISO 27001 standards, and maintains APRA CPS 234 compliance certifications. We undergo regular independent security audits and penetration testing to validate our security posture.

AI AQM supports configurable per-organisation data retention policies. By default, compliance audit records and associated data are retained for seven (7) years in accordance with Australian financial services record-keeping obligations.

Your organisation may configure shorter retention periods where permitted by applicable law. Audit logs are retained for the full 7-year period regardless of other retention settings to satisfy regulatory requirements.

Upon account termination, we will delete your organisation's data in accordance with your configured retention policy and applicable legal obligations. Data subject to ongoing regulatory holds will be retained until the hold is released.

We use a limited number of third-party service providers to operate our platform. All third-party providers are contractually bound to process data only within Australian jurisdiction and in compliance with the Australian Privacy Principles.

Infrastructure. Microsoft Azure Australia East (Sydney) provides our cloud computing, storage, and networking infrastructure.

Payment Processing. We use third-party payment processors to handle billing transactions. We do not store full credit card numbers on our systems.

We do not share your call recordings, transcripts, or compliance audit results with any third party unless required by law or with your explicit written consent.

Under the Australian Privacy Act and the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you and request a copy of that information
• Correction of any inaccurate, incomplete, or out-of-date personal information
• Deletion of your personal information, subject to our legal and regulatory retention obligations. We provide a right-to-deletion API for programmatic data removal requests
• Complaint to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at hello@aiaqm.com. We will respond to all requests within thirty (30) days.

AI AQM is bound by the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs). We are committed to handling personal information in an open and transparent manner.

Where we collect sensitive information (including call recordings that may contain personal or financial information about third parties), we do so only with the consent of the uploading organisation and for the primary purpose of providing compliance auditing services. Your organisation remains the data controller and is responsible for ensuring that appropriate consents and disclosures are in place for the individuals whose calls are recorded.

We do not disclose personal information to overseas recipients. All data processing occurs within Australia on Australian-hosted infrastructure.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or through a prominent notice on our platform at least thirty (30) days before the changes take effect.

We encourage you to review this page periodically. Continued use of the platform after changes become effective constitutes acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For complaints about our handling of personal information, you may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.