1. Who We Are
AI Lab Australia Pty Ltd (ABN to be registered) operates the SydClaw AI Workforce Platform. We are based in Sydney, New South Wales, Australia. This policy covers how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. What Personal Information We Collect
SydClaw processes personal information on behalf of our clients (businesses). The types of personal information we may process include:
- Contact information (names, email addresses, phone numbers)
- Business information (job titles, company names, ABNs)
- Communication content (emails, calendar entries, meeting notes)
- Financial information (invoice details, payment amounts)
- Safety and compliance data (inspection results, incident reports)
- Account credentials (encrypted OAuth tokens for connected services)
We collect this information from our clients' connected systems (Gmail, Xero, SafetyCulture, etc.) only with their explicit authorization via OAuth consent flows.
3. Automated Decision-Making and AI
SydClaw uses artificial intelligence (AI) to assist with business tasks. In accordance with the Privacy and Other Legislation Amendment Act 2024, we disclose the following about our automated decision-making:
3.1 How AI Is Used
Our AI agent performs the following types of tasks using personal information:
- Email classification and prioritization — categorizes emails by urgency and type
- Email drafting — generates draft responses based on conversation context
- Invoice processing — extracts data from invoices, matches to purchase orders
- Contact enrichment — looks up professional profiles for meeting preparation
- Safety compliance monitoring — tracks inspection status and overdue items
- Report generation — compiles data into structured reports
- Calendar management — scheduling, conflict detection, meeting preparation
3.2 Human Oversight
SydClaw implements a mandatory human-in-the-loop approval system:
- All external communications (emails to external recipients) require human approval before sending
- All financial actions (invoice creation, payment processing) require human approval
- All data deletion or modification actions require human approval
- Actions are classified by risk level (low, medium, high, critical) with appropriate approval routing
- No AI-generated action that could significantly affect an individual is executed without human review
3.3 PII Tokenization (Zero-Knowledge AI)
Before any personal information is sent to external AI model providers (such as Anthropic Claude or OpenAI), all personally identifiable information (PII) is tokenized — replaced with reversible pseudonymous tokens. The AI model never sees real names, email addresses, phone numbers, or other personal identifiers. Tokenization covers 17+ PII categories including names, emails, phone numbers, ABNs, TFNs, addresses, and financial account details.
3.4 Decision Transparency
Every AI decision and action is recorded in an immutable audit log that includes: the timestamp, what action was taken, what data was used (in tokenized form), what the AI's reasoning was, and whether the action was approved or denied by a human. Clients can access their complete audit trail at any time through the admin dashboard.
3.5 Right to Contest AI Decisions
If you believe an AI-assisted decision has significantly affected your rights or interests, you may request a review. Contact your organization's SydClaw administrator, or email us at info@ailabaustralia.com. We will provide a human review of the decision within 10 business days, including an explanation of the factors that contributed to the decision.
3.6 Welfare Disclosure Detection
When the welfare-disclosure module is enabled by your employer, the chat additionally watches every message for signals that an employee may be experiencing one of the following workplace welfare concerns:
- Bullying (per Fair Work Act 2009 s.789FF)
- Sexual harassment (per Sex Discrimination Act 1984 + Respect@Work positive duty)
- Discrimination on a protected attribute
- Psychosocial harm (per the WHS Code of Practice on Managing Psychosocial Hazards at Work)
- Wage theft / underpayment / sham contracting
- Imminent self-harm or suicide ideation
- Imminent danger to another person
What happens when a signal is detected:
- The chat returns a deterministic, trauma-informed response with Australian crisis resources (Lifeline, Beyond Blue, 1800RESPECT, Fair Work Commission, AHRC, etc.) — not an LLM-paraphrased message.
- An encrypted record is created in the
welfare_disclosures table, accessible only to the org's designated Welfare Officer (a role distinct from administrators and managers — separation of duties). - The Welfare Officer is notified by email (with the original message decrypted using the org's encryption key); no other person — including your manager — sees the disclosure.
- For imminent-harm signals, the chat ends and surfaces emergency numbers (000, Lifeline 13 11 14) directly; the Welfare Officer is paged immediately.
- Every detection is recorded in the hash-chained audit log with category and severity (the message content itself is encrypted at rest).
Confidentiality limits. The chat is confidential by default. The Welfare Officer is the only role in your workplace authorised to read disclosure content, and they will not share it with your manager or admin without your consent. The only exception is if you tell the chat you (or another person) are in immediate danger — in that case the system surfaces emergency numbers and notifies the Welfare Officer regardless. Any decision to formalise a disclosure into a workplace grievance is yours; the Welfare Officer cannot lodge one without your consent.
Sensitive information (APP 3.3). Welfare disclosures contain sensitive information as defined by the Privacy Act 1988 — your collection of this information is treated under the employee-records exemption (Section 7B(3)) where directly related to your employment relationship, with additional encryption-at-rest protections beyond the baseline APP 11 obligations. Detection content is never sent to third-party AI providers in raw form: the underlying model sees tokenised PII (per section 3.3), and your direct disclosure is stored encrypted under your employer's organisation-specific encryption key.
Right to opt out. If you do not want welfare-signal detection on your messages, your employer's administrator can disable the module entirely or configure a no-monitoring channel. Detection accuracy is held above 90% precision and 80% recall by a continuously running evaluation dataset; review of any specific decision can be requested per section 3.5 above.
3.7 Sandbox Demos — Token-Gated Trial Workspaces
When you click a SydClaw sandbox demo URL (typically https://<your-company>.sandbox.sydclaw.com.au/...), you are entering a time-bound, read-only demo workspace SydClaw provisioned for your organisation's evaluation. The following applies:
- What we collect. We do not require an email or password. The URL itself contains a signed token (HS256 JWT) that authenticates you. If your colleague provided an email address when requesting the demo, that email may have been used to label the demo user account. Your IP address, browser user-agent, and chat conversations within the sandbox are recorded in our audit log per APP 11.
- What was crawled. Before sending you the URL, our crawler fetched up to 50–100 publicly-accessible pages from your organisation's website (the URL you provided when requesting the demo). The crawler honours
robots.txt per RFC 9309 and respects 2 MB body caps and 20 second timeouts. Only public pages are accessed — never authenticated or paywalled content. - What the demo CAN do. Read-only chat against the crawled pages, with citations back to the source URL. Search and ask questions about your website's content.
- What the demo CANNOT do. Send emails, create tasks, change records, talk to your real systems (Gmail, payroll, HR), or affect any data outside the sandbox. Six independent layers of enforcement (orchestrator filter, handler check, route guard, database trigger, Inngest worker filter, audit log) prevent any write attempt from succeeding.
- Retention. The sandbox auto-expires after 30 days (or longer if explicitly configured at your request) and is hard-deleted 7 days past expiry. All ingested website content, conversation history, and the demo user account are removed at deletion.
- Conversion. If your organisation signs up for a real SydClaw workspace, the sandbox is preserved as a sales-history archive (excluded from auto-deletion) and a new dedicated-per-client tenant is provisioned. The sandbox URL stops working at conversion; you receive new credentials for the real workspace.
- Cross-tenant isolation. Sandboxes for different prospects share the same infrastructure but are isolated by Postgres row-level security. Property tests verify, on every release, that a user of one sandbox cannot read another sandbox's data.
- How to stop. Closing the browser tab ends your session. To force-delete the sandbox before it expires, contact info@ailabaustralia.com.
4. Data Storage and Security
- Location: All data is stored in Australia (AWS ap-southeast-2, Sydney)
- Encryption at rest: AES-256-GCM with per-organization encryption keys derived via scrypt
- Encryption in transit: TLS 1.3 for all connections
- Access control: Row Level Security (RLS) on all database tables, role-based access control (RBAC), multi-factor authentication (MFA)
- Tenant isolation: Each client receives a logically isolated deployment with dedicated database and encryption keys
- Credential storage: OAuth tokens and API keys encrypted with AES-256-GCM, never stored in plaintext
5. Cross-Border Data Disclosure
SydClaw uses the following third-party services that may process data outside Australia:
| Service | Purpose | Data Sent |
|---|
| Anthropic (Claude) | AI inference | Tokenized only — no PII in plaintext |
| OpenAI (fallback) | AI inference fallback | Tokenized only — no PII in plaintext |
| Stripe | Payment processing | Billing data only (no operational data) |
| Inngest | Background job scheduling | Job metadata only (no personal information) |
6. Data Retention
- Operational data: Retained for the duration of the service agreement + 60 days
- Financial records: Retained for 7 years (Australian tax law)
- Safety records: Retained for 7 years (WHS Act)
- Audit logs: Retained per client agreement (minimum 2 years)
- Upon termination: All data exported to client within 30 days, deleted within 60 days, with written confirmation provided
7. Data Breach Notification
In the event of a data breach affecting personal information, we will:
- Notify the affected client within 24 hours
- Assess and notify the Office of the Australian Information Commissioner (OAIC) within 72 hours if required under the Notifiable Data Breaches scheme
- Assist in notifying affected individuals as required
8. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Request access to personal information we hold about you
- Request correction of inaccurate information
- Request a review of any automated decision that affects you
- Make a complaint about our handling of your personal information
9. Contact
For privacy enquiries, data access requests, or to contest an AI decision:
Email: info@ailabaustralia.com
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.