Privacy Policy
Our commitment to protecting your data.
Last Updated: March 2025
1. Introduction
This Privacy Policy describes how Infonex Pty Ltd (ABN 93 632 080 427) ("we", "us", "our"), operating the SentientOne platform at sentientone.ai and app.sentientone.ai, collects, uses, stores, and protects your personal information. By accessing or using SentientOne, you consent to the practices described in this policy. We are committed to compliance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable international privacy regulations.
2. Information We Collect
We collect the following categories of information: • Account Information: Name, email address, password (hashed), and billing details when you register for an account. • Agent Configuration Data: System prompts, agent names, model preferences, temperature settings, and other configuration parameters you set for your AI agents. • Conversation Data: Messages sent to and received from AI agents, including chat history and conversation metadata, whether through the API, dashboard, or embedded chatbot widget. • Document Data: PDF files and other documents you upload to agent knowledge bases, including extracted text content used for retrieval. • FAQ & Knowledge Base Data: Custom FAQ entries and knowledge base content you create and associate with your agents. • API Usage Data: API keys (partially masked in the dashboard), request logs, token usage, response times, and endpoint activity. • Chatbot Widget Data: Interactions between your website visitors and embedded chatbot widgets, including messages and session metadata. • Payment Information: Billing details processed securely through Stripe. We do not store full credit card numbers on our servers. • Technical Data: IP addresses, browser type, device information, access times, and pages viewed. • Cookies & Analytics: We use essential cookies for authentication and session management, and analytics tools to understand platform usage patterns.
3. How We Use Your Information
We use the information we collect for the following purposes: • Service Delivery: To create and manage your AI agents, process API requests, serve chatbot widget interactions, facilitate document uploads, manage FAQ/knowledge bases, and deliver accurate AI-powered responses. • Authentication & Security: To verify your identity, manage API keys, enforce rate limits, and protect against unauthorized access. • Billing & Payments: To process subscription payments, manage plan upgrades/downgrades, and maintain billing records through our Stripe integration. • Analytics & Monitoring: To provide you with per-agent analytics including request volume, token usage, cost tracking, and API log history. • Platform Improvement: To improve the reliability, performance, and features of the SentientOne platform. • Customer Support: To respond to your inquiries and provide technical assistance. • Communications: To send service-related notifications, security alerts, and (with your consent) product updates.
4. Data Storage and Retention
Your data is stored on secure cloud infrastructure. We retain your data as follows: • Account Data: Retained for the duration of your account and for a reasonable period after account closure for legal and business purposes. • Conversation & Chat Data: Retained according to the log retention period configured in your plan settings. • Uploaded Documents: Retained until you delete them or close your account. • FAQ & Knowledge Base Data: Retained until you delete entries or close your account. • API Logs: Retained based on your plan's configurable retention period. • Billing Records: Retained as required by applicable tax and accounting laws. • Soft-Deleted Agents: Agents you soft-delete are retained for a recovery period before permanent deletion.
5. Third-Party Services and Data Sharing
We share data with third parties only as necessary to operate the platform: • LLM Providers: When your agents process requests, conversation data is sent to the selected AI model provider (e.g., OpenAI for GPT-4o, Anthropic for Claude). Each provider's own privacy policy governs their handling of that data. Your API keys for these providers are stored securely and used solely for routing requests. • MCP Servers: If you connect external tools and data sources via the Model Context Protocol (MCP), data may be transmitted to those configured servers as part of agent tool usage. • Stripe: Payment processing is handled by Stripe Inc. Your billing information is subject to Stripe's privacy policy. • Hosting & Infrastructure: We use cloud hosting providers to store and process data, with appropriate data processing agreements in place. We do not sell your personal information to third parties. We do not use your conversation data or uploaded documents to train AI models.
6. Chatbot Widget & End-User Data
If you deploy a SentientOne chatbot widget on your website, interactions between your website visitors and the chatbot are processed through our platform. You are responsible for informing your website visitors about data collection through the chatbot and obtaining any necessary consents. We process end-user chatbot data on your behalf as a data processor, and you remain the data controller for your end users' information.
7. Data Security
We implement robust security measures to protect your data: • Encryption: Data is encrypted in transit (TLS/SSL) and at rest. • Access Controls: Strict role-based access controls limit who can access your data internally. • API Key Security: API keys are partially masked in the dashboard and transmitted securely. • Account Isolation: Each account's agents, data, documents, and conversations are fully isolated from other accounts. • Infrastructure Security: Regular security audits, monitoring, and incident response procedures are in place. • Password Security: Passwords are hashed using industry-standard algorithms and never stored in plain text.
8. Your Rights
Under the Australian Privacy Act and applicable international regulations, you have the right to: • Access: Request a copy of the personal information we hold about you. • Correction: Request correction of inaccurate or incomplete personal information. • Deletion: Request deletion of your personal information, subject to legal retention requirements. • Data Portability: Request your data in a structured, commonly used format. • Withdraw Consent: Withdraw consent for optional data processing at any time. • Complain: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached. To exercise any of these rights, contact us at team@infonex.com.au. We will respond within 30 days.
9. International Data Transfers
Your data may be processed in jurisdictions outside of Australia where our cloud infrastructure and third-party service providers operate. We ensure appropriate safeguards are in place for any international data transfers, consistent with the requirements of the Australian Privacy Act.
10. Children's Privacy
SentientOne is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the platform after changes are posted constitutes acceptance of the revised policy.
12. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: • Email: team@infonex.com.au • Company: Infonex Pty Ltd • Website: https://sentientone.ai