Privacy Policy

Last updated: 30 May 2026

KAIVORI is operated by Katalyst Pty Ltd (ABN: 69 693 684 114) of Perth, Western Australia. This policy explains how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What we collect

We collect personal information you provide when creating an account and using KAIVORI, including:

  • Name, email address, phone number, business name, and ABN
  • Business information: industry, location, team members, job and client records
  • Payment information (processed by Stripe — we do not store card details)
  • Usage data: AI conversations, documents uploaded, workflow runs, and feature activity
  • Technical data: IP address, browser type, device identifiers, and log data

2. How we use it

  • To provide and improve the KAIVORI platform
  • To personalise AI agent responses to your business context
  • To send transactional emails (invoices, receipts, platform notifications)
  • To send product updates and growth reports (you can opt out at any time)
  • To comply with legal obligations and prevent fraud

Platform learning

KAIVORI may use anonymised, non-identifying signals from your business activity (such as industry category, Australian state, and high-level outcome patterns) to improve recommendations for all users. This data never includes your business name, client names, email addresses, ABN, or any personally identifiable information. You can opt out at any time in Settings → Privacy. This practice is consistent with the Australian Privacy Principles (APP 1, APP 3) under the Privacy Act 1988 (Cth).

3. Who we share it with

We do not sell your personal information. We share data only with:

  • Supabase — database and authentication (Sydney, AU region)
  • Vercel — hosting and edge functions
  • Stripe — payment processing
  • OpenRouter (and underlying model providers such as Anthropic when routed) — AI inference; Amazon Web Services (Bedrock) may be used as a failover region (e.g. ap-southeast-2)
  • OpenAI — text embeddings and lightweight summarisation where those features are enabled
  • Resend — transactional email delivery
  • Twilio — SMS and voice transport where those features are enabled
  • Sentry — error monitoring (may include request paths and anonymised diagnostics)
  • PostHog — product analytics (you can limit cookies; see Cookies below)
  • Prospecting and enrichment (where you use Scout or related features): providers such as Apollo, Hunter, Firecrawl, Brave Search, and Google Places / Maps — only queries and results needed for the feature
  • Other third-party services you connect (Google, Microsoft, Xero, MYOB, QuickBooks, Meta, LinkedIn, Dropbox, Calendly, WordPress, etc.) — governed by their own privacy policies and your OAuth consent

All third-party providers are contractually bound to protect your data. Where possible, we use Australian or GDPR-compliant infrastructure.

4. Data storage and security

Your data is stored in Supabase (Sydney, AWS ap-southeast-2). We use:

  • AES-256-GCM encryption for third-party OAuth tokens
  • Row-level security (RLS) on all database tables
  • HTTPS for all data in transit
  • Regular automated database backups

5. Your rights

Under the Australian Privacy Act, you have the right to:

  • Access — request a copy of personal information we hold about you
  • Correction — ask us to correct inaccurate information
  • Deletion — request deletion of your account and associated data (Settings → Data & Privacy → Delete Account)
  • Data export — download your business data at any time (Settings → Data & Privacy → Export Data)
  • Opt-out — unsubscribe from marketing emails at any time

6. Data retention

We retain your data for as long as your account is active or as needed to provide services. On account deletion, personal data is permanently deleted within 30 days. Anonymised aggregate analytics data may be retained indefinitely.

Your data rights

Under the Privacy Act 1988 (Cth), you have the right to access the personal information we hold about you, request correction of inaccurate information, request deletion of your account and associated data, and lodge a complaint with the Office of the Australian Information Commissioner.

To exercise these rights, use Settings → Data & Privacy in the app, or email privacy@kaivori.com.au.

Data retention: when you request account deletion, we retain your data for 30 days before permanent deletion to allow disputes or recovery. After 30 days, data is permanently deleted from our systems.

Data residency: all data is stored in ap-southeast-2 (Sydney, Australia).

7. AI-generated content

KAIVORI uses large language models to generate content, recommendations, and documents. AI outputs are provided for reference only and should be reviewed before use. We are not liable for reliance on AI-generated content without independent verification.

8. Cookies

KAIVORI uses cookies for authentication sessions and analytics (PostHog). No advertising cookies are used. You can disable cookies in your browser settings, though this may affect functionality.

9. New Zealand users

If you are located in New Zealand, KAIVORI also complies with the Privacy Act 2020 (NZ) and the Information Privacy Principles (IPPs) administered by the Office of the Privacy Commissioner. New Zealand users have the right to access and correct their personal information held by us. For privacy enquiries from NZ users, contact privacy@kaivori.com.au — we aim to respond within 20 working days as required under the Privacy Act 2020.

10. Contact us

For privacy enquiries, access requests, or complaints, contact us at:

Privacy Officer
Katalyst Pty Ltd
Email: privacy@kaivori.com.au
Perth, Western Australia

If you are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

Privacy Policy — KAIVORI