Where is my data stored?+
All data is stored in Australian data centres (AWS ap-southeast-2, Sydney region). Nothing leaves Australia. We use Supabase with PostgreSQL and Row Level Security to ensure complete tenant isolation. Every database query is scoped to your organisation. No data is ever shared across clients.
Does the AI see my personal information?+
No. Before any user data reaches the AI model, our PII tokenisation engine replaces 17 categories of personal information (names, emails, phone numbers, ABNs, TFNs, bank accounts, addresses and more) with anonymous tokens. The AI works with tokenised data only. Real values are restored in the output after the AI responds. This is zero-knowledge architecture: the AI model never sees your actual personal data.
Can the AI send emails or take actions without my permission?+
Not for anything that matters. Every high-impact action (sending emails to external recipients, creating invoices, modifying CRM records, deleting documents) requires explicit human approval before execution. You see exactly what the AI wants to do, review it, and approve or reject. Low-risk read-only actions like searching your inbox or looking up a contact run automatically to keep things fast.
Is SydClaw compliant with Australian privacy laws?+
Yes. We are designed from the ground up for the Privacy Act 1988 (as amended 2024), Australian Consumer Law, the Spam Act 2003, the Security of Critical Infrastructure Act 2018, and the Copyright Act 1968. We support Australian Privacy Principles (APPs), provide mandatory breach notification procedures, and comply with the right to explanation for automated decisions. We maintain a Data Processing Agreement for every client.
What security certifications do you have?+
Our architecture is built to ISO 27001 and SOC 2 Type II standards. We use AES-256-GCM encryption at rest, TLS 1.3 in transit, enforce multi-factor authentication for all users, and maintain immutable audit trails for every AI action. We are pursuing formal ISO 27001 and ISO 42001 (AI Management System) certification. Every deployment includes a full security review.
What happens if there is a data breach?+
We follow our Incident Response SOP, which includes automated detection via anomaly monitoring, immediate containment within 15 minutes, notification to the OAIC and affected individuals within 72 hours as required by the Notifiable Data Breaches scheme, and a full root cause analysis within 14 days. Every action during an incident is logged to an immutable audit trail.
What exactly does SydClaw do?+
SydClaw is an AI employee that works alongside your team. It manages your inbox (triaging, drafting responses, following up), processes invoices and receipts through Xero, generates documents and reports, manages your CRM data, runs safety compliance checks, schedules meetings, enriches client data, and automates dozens of repetitive workflows. It connects to Gmail, Microsoft 365, Xero, HubSpot, SafetyCulture, SharePoint and 8,000+ apps via Zapier.
How is this different from ChatGPT or other AI tools?+
ChatGPT is a chat interface. SydClaw is a full employee that connects to your actual business systems, takes real actions (sending emails, creating invoices, updating CRM records), and operates within a security framework designed for enterprise use. It has approval workflows, audit trails, PII protection, multi-user access controls, and scheduled autonomous tasks. It's the difference between having a conversation about work and having someone who does the work.
Can I schedule tasks to run automatically?+
Yes. SydClaw supports autonomous scheduled commands, such as a morning email triage at 7 AM, weekly safety report generation, invoice follow-ups on Tuesdays and Thursdays, end-of-day summary digests, and CRM data enrichment every 4 hours. Each scheduled task can be enabled, paused, or customised. All autonomous actions follow the same approval and audit rules as interactive ones.
Does it work with my existing tools?+
Yes. We have native integrations for Gmail, Microsoft 365, Xero, HubSpot, Salesforce, SafetyCulture, SharePoint, Smartsheet, and OneDrive. For everything else, we connect through Zapier, which gives you access to 8,000+ applications. We also support custom webhooks and a REST API for bespoke integrations.
Can multiple people in my team use it?+
Yes. SydClaw is multi-user with role-based access controls. Admins can configure modules, manage connections, and set approval rules. Managers get organisational intelligence dashboards showing what every team member's AI agent is doing. Standard users interact with their own AI agent scoped to their permissions. Every user has their own conversation history, memory, and context.
How much does it cost?+
Setup starts at $5,000, which covers onboarding, integration configuration, custom skill creation, and training. Ongoing management is $360 per user per month, which includes the AI infrastructure, all module access, support, and updates. We offer a free discovery call to scope your needs and provide a tailored quote.
Is there a lock-in contract?+
No. Our standard agreement is month-to-month after the initial setup period. You can scale up, scale down, or cancel with 30 days notice. We believe in earning your business every month, not locking you in.
How long does setup take?+
Typical deployments go live in 2-4 weeks. Week one covers discovery and integration setup. Week two covers skill configuration and testing. Weeks three and four cover training and go-live support. Complex deployments with custom integrations or compliance requirements may take longer.
Do I need technical staff to manage it?+
No. SydClaw is fully managed. We handle deployment, monitoring, updates, and support. Your team interacts with the AI through a simple chat interface, just like messaging a colleague. Admin settings are accessible through a web dashboard with no coding required.
What AI models do you use?+
We are model-agnostic and route to the best model for each task. Complex reasoning uses Claude Opus or Sonnet. Fast classification and validation uses Haiku or Gemini Flash Lite. Data extraction can use Kimi K2. You are never locked into a single AI provider. If a better model appears tomorrow, we can switch without any changes to your workflow.
What if the AI makes a mistake?+
Three safeguards. First, our five-rail guard system (input, dialogue, execution, retrieval, output) validates every step. Second, high-risk actions require human approval so mistakes never reach external parties without your review. Third, every action is logged with full context so mistakes can be traced, understood, and corrected. We also run a reflection and self-evaluation pipeline that scores response quality in real time.
Can the AI access the internet or external websites?+
Only when you ask it to, and only through controlled channels. Web search uses vetted providers (Tavily, Brave Search) with robots.txt compliance. URL fetching strips tracking and validates against SSRF attacks. Research results always require your review before any action is taken. For air-gapped deployments, internet access can be fully disabled.
Who owns the data and AI outputs?+
You do. All data you provide and all outputs generated by SydClaw belong to your organisation. We do not use your data to train AI models. We do not share your data with any third party. Our Data Processing Agreement makes this explicit. On termination, we provide a full data export and securely delete all your data within 30 days.
Is this built for my industry?+
SydClaw is designed for professional services firms broadly: accounting, legal, engineering, construction, property management, consulting, financial planning, and similar businesses. If your team spends time on email, documents, invoices, compliance, and client management, SydClaw can help. We tailor the module selection and AI skills to your specific industry during onboarding.
Can it handle industry-specific compliance requirements?+
Yes. Our module system is configurable per industry. For construction, we integrate with SafetyCulture for WHS compliance. For financial services, we support AFSL and CPS 234 requirements. For legal, we handle matter management and conflict checks. During onboarding, we configure the compliance rules specific to your regulatory environment.