Arkitas Logo
Home Services About Education Hub Book a Call

Privacy Policy

Version: 3 | Effective Date: 01 February 2026

Small Business Status: Arkitas Solutions falls under the small business exemption of the Privacy Act 1988 (Cth). However, to ensure the highest standards of data protection for our enterprise and government clients, we use the Australian Privacy Principles (APPs) as a best-practice framework for our data handling operations.

In this privacy policy, the expressions "Arkitas Solutions", "we", "us" and "our" are a reference to James Cowley (ABN 66 117 469 615), trading as Arkitas Solutions.

Scope: This policy applies to personal information collected by us. We strive to align our data handling practices with the spirit of the Privacy Act 1988 (Cth) and the APPs, which govern the way private sector organisations collect, use, keep secure, and disclose personal information.

1. Definitions

  • Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not.
  • Sensitive Information: A subset of personal information including information about racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or health information.
  • Automated Decision-Making (ADM): Decisions made by computer programs, including AI algorithms, that occur without human intervention or where human intervention is not a key factor in the outcome.

2. Contact Details (APP 1.4 Compliance)

For all privacy-related enquiries, requests for access, or corrections to your data, please contact us:

  • Name James Cowley
  • Email james@arkitas.com.au
  • Phone +61 480 742 262
  • Address PO Box 170, Woden ACT 2606

3. Collection of Your Personal Information

We only collect personal information that is necessary for our business functions. The types of information we may collect include:

a) If you contact us or make an enquiry:

  • Your full name, email address, phone number, and organisation name.
  • Privacy Notice (APP 5): Your express consent to data collection is obtained via required checkbox in our contact form. Form submissions are processed by Google Forms (Google LLC, USA).

b) For our customers and clients:

  • Contact information, billing details (including ABN/ACN), and payment information.
  • Details relating to the consulting and business support services we provide to you, including (but not limited to) Salesforce, Google, and AI consulting.

c) Sensitive Information:

We do not generally collect sensitive information. However, if required for a specific project, we will only do so with your informed, voluntary, and specific consent, or where required by law.

d) Cookies and Embedded Services:

i) Cookies and Similar Technologies: Our website may use cookies to:

  • Remember your preferences and settings
  • Provide essential website functionality
  • Enable the booking widget to function

Purpose: To provide essential website functionality.

Types: Essential cookies (required for website function).

Consent: By continuing to use our website, you consent to our use of essential cookies. You can disable cookies via your browser settings, though this may impact website functionality.

ii) Embedded Booking Widget: Our website includes a Google Calendar booking widget that collects:

  • Your full name
  • Email address
  • Phone number
  • Preferred meeting date and time

Purpose: To enable scheduling of discovery calls and consultations.

Third party: This data is transferred to Google Calendar (Google LLC, United States) and is subject to Google's Privacy Policy.

e) AI Research and Development Tools: During the course of providing services to you, we may use cloud-based AI tools (including but not limited to Gemini and Perplexity) to:

  • Generate or refine proposal documents and communications
  • Review and improve wording in client-facing documents
  • Troubleshoot technical issues and implementation challenges
  • Summarise meeting notes and transcripts
  • Assist with general research and analysis related to your engagement

Data Shared: This may include your company name, proposal content, and technical implementation details.

Exclusion: We strictly prohibit the input of highly sensitive personal information (such as health data, financial credentials, or legally privileged information) into these tools.

Security & Licensing: We strictly utilise paid professional or commercial subscriptions for these tools, with explicit data privacy controls enabled to ensure your input data is not used for public model training.

AI Opt-Out Right: You have the right to request that AI tools are NOT used for your specific engagement. To exercise this right, please email james@arkitas.com.au prior to the commencement of work.

Location: These tools are hosted in the United States and are subject to the privacy policies of Google (Gemini) and Perplexity, Inc. respectively.

Accuracy & Liability: Disclaimers regarding AI-generated content are addressed in our Terms of Service.

Privacy Notice (APP 5): By visiting our website or using our booking widget, and by engaging with us for consulting services, you consent to the collection and use of your information for website functionality, booking purposes, and AI-assisted service delivery as described above.

4. How We Use and Disclose Your Personal Information

We use your information to:

  • Provide consulting and business support services, including Salesforce, Google, and AI consulting.
  • Administer your account, including billing and debt collection.
  • Send you technical updates, newsletters, and marketing communications (subject to your consent).

Automated Decision-Making (ADM) Disclosure:

As of the date of this policy, we do not use automated decision-making or AI algorithms to make decisions that significantly affect the rights or interests of individuals (e.g., determining eligibility for services or pricing). If this changes in the future, this policy will be updated to disclose the logic and data used in such decisions in compliance with the Australian Privacy Principles.

5. Disclosure to Third Parties

We do not sell, trade, or rent your personal information to third parties for their independent marketing purposes. We may disclose your personal information to:

  • Platform vendors (including Salesforce and Google) for delivering consulting and business support services to you.
  • AI research tools (including Gemini and Perplexity) for internal research, troubleshooting and service improvement as described in Section 3(e).
  • Booking services: Google Calendar (for your name, email, phone number, and preferred meeting time when you use our booking widget).
  • Email marketing services: Mailchimp (for your name and email address when you subscribe to our newsletters or marketing communications).
  • Third-party service providers: Accounting, legal, IT support, and other business service providers.
  • Regulatory bodies: As required or authorised by law.

We take reasonable steps to ensure that third-party recipients handle your personal information securely and in a manner consistent with this policy.

6. Direct Marketing and Spam Act Compliance

a) Consent: We only send direct marketing communications where we have your express or inferred consent.

b) Spam Act 2003: All commercial electronic messages sent by us comply with the Spam Act 2003. This means unsubscribe requests are processed within 5 business days, and all messages clearly identify us as the sender and contain our contact details.

c) Record-Keeping: We maintain records of marketing consent for at least 3 years as required by the Spam Act 2003. You may request evidence of your consent at any time.

7. Cross Border Disclosure

We utilise cloud-based technology and may work with overseas service providers. Your personal information may be transferred to, and stored at, destinations outside Australia, primarily the United States (including hosting for Salesforce, Google, Gemini, and Perplexity).

Your Consent to Overseas Transfer: By providing your personal information to us, you consent to the disclosure of your information to the overseas recipients listed in Section 5. You acknowledge that:

  • We take reasonable steps to ensure these providers maintain high standards of data security.
  • However, Australian Privacy Principle 8.1 (APP 8.1) may not apply to overseas recipients once your data leaves Australia.
  • If a data breach occurs at an overseas recipient's end, you may have limited recourse under Australian law. While we do not accept liability for breaches caused solely by the overseas recipient's negligence or misconduct, we remain committed to assisting you in such an event to the extent required by law.

Data Protections in Place:

  • Google Workspace: Protected by the Google Cloud Data Processing Addendum (CDPA), which includes APP 8-equivalent protections, EU Standard Contractual Clauses, and maintains ISO 27001 and SOC 2 Type II certifications. Google contractually prohibits the use of customer data for public model training.
  • Perplexity Pro: We utilise paid premium subscriptions. While this tool does not operate under a B2B enterprise contract, we enforce strict internal data hygiene policies and actively utilise the platform's privacy controls to opt our account out of all public AI model training.
  • Subprocessors: Google may engage new subprocessors with 30 days notice. Current subprocessor list: workspace.google.com/terms/subprocessors

8. Access and Correction

You are entitled to access the personal information we hold about you. To request access or correction, please contact us using the details in Section 2.

9. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes set out in this policy, or as required by law. We adhere to the following retention schedules:

  • Financial/Tax Records: 7 years (Required by ATO).
  • Client Project Data: 3 years post-completion (unless otherwise agreed).
  • Marketing Data: Until you opt-out/unsubscribe.
  • AI Tool Inputs: Retained by AI tool providers (Google Workspace, Perplexity) per their respective data retention policies. We do not maintain local copies of AI chat logs beyond project completion. We actively utilise platform privacy controls to restrict data retention, enforcing auto-expiration and manual deletion where supported by the vendor. Under the Google Workspace Cloud Data Processing Addendum (CDPA), data is permanently purged from their servers within 180 days of expiration or deletion, and Google contractually prohibits the use of our data for model training. For Perplexity Pro, we utilise platform privacy controls to opt our account out of data retention for model training.

When personal information is no longer required, we take reasonable steps to destroy or permanently de-identify it.

10. Data Security and Breaches

We take reasonable physical and digital security measures to protect your data. In the event of a suspected data breach likely to cause serious harm, we will conduct a prompt assessment of the breach. If your data is compromised, we will notify you directly and provide recommendations on steps you should take to protect yourself.

11. Consent and Changes

By using our website, you agree to the terms of this policy. We reserve the right to modify our policy as our business needs require. Continued use of our services constitutes agreement to the modified terms.

12. Complaints and Disputes

If you have a concern about how we have handled your data, you may lodge a complaint with us using the contact details in Section 2. Your complaint will be:

  • Acknowledged within 5 business days.
  • Investigated and responded to within 30 days.

We are committed to resolving all disputes fairly and transparently in accordance with our internal policies.