Privacy Policy
Sunny AIOS — Sunburnt AI Pty Ltd (ABN 61 690 890 825)
Effective Date: 17 May 2025 | Last Updated: 17 May 2025
Privacy Policy
Sunny AIOS — Sunburnt AI Pty Ltd (ABN 61 690 890 825)
Effective Date: 17 May 2025 | Last Updated: 17 May 2025
1. Introduction
1. Introduction
Sunburnt AI Pty Ltd (ABN 61 690 890 825) ("we", "us", "our") operates the Sunny AIOS platform — an AI Operating System for Australian professional services firms. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in connection with our platform, website, and services.
We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We take data privacy seriously — particularly given the sensitive professional context in which our clients operate, including law, accounting, migration, financial advice, and advocacy.
By accessing or using Sunny AIOS, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.
Sunburnt AI Pty Ltd (ABN 61 690 890 825) ("we", "us", "our") operates the Sunny AIOS platform — an AI Operating System for Australian professional services firms. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in connection with our platform, website, and services.
We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We take data privacy seriously — particularly given the sensitive professional context in which our clients operate, including law, accounting, migration, financial advice, and advocacy.
By accessing or using Sunny AIOS, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.
2. Who This Policy Applies To
2. Who This Policy Applies To
This Policy applies to:
• Visitors to our website at sunburntai.com.au
• Individuals who register for the Sunny AIOS waitlist
• Clients and authorised users of the Sunny AIOS platform
• Contacts who communicate with us via email, phone, or other channels
This Policy applies to:
• Visitors to our website at sunburntai.com.au
• Individuals who register for the Sunny AIOS waitlist
• Clients and authorised users of the Sunny AIOS platform
• Contacts who communicate with us via email, phone, or other channels
3. What Personal Information We Collect
3. What Personal Information We Collect
3.1 Information You Provide Directly
We collect personal information you provide when you:
• Register for a waitlist, demo, or account (name, email address, organisation, role)
• Subscribe to a Sunny AIOS plan (billing contact details, organisation name)
• Contact us via our website, email, or phone
• Participate in onboarding, training, or support sessions
3.1 Information You Provide Directly
We collect personal information you provide when you:
• Register for a waitlist, demo, or account (name, email address, organisation, role)
• Subscribe to a Sunny AIOS plan (billing contact details, organisation name)
• Contact us via our website, email, or phone
• Participate in onboarding, training, or support sessions
3.2 Information Collected Through Platform Use
When you use Sunny AIOS, we may collect:
• Email metadata and content (where email integration is enabled)
• Calendar events and meeting data (where calendar integration is enabled)
• CRM records and contact data (where CRM integration is enabled)
• Document content processed through the platform
• Call transcripts and summaries (where voice agent features are enabled)
• Action logs generated by AI agents operating on your behalf
• Usage data including feature interactions, session duration, and error logs
3.2 Information Collected Through Platform Use
When you use Sunny AIOS, we may collect:
• Email metadata and content (where email integration is enabled)
• Calendar events and meeting data (where calendar integration is enabled)
• CRM records and contact data (where CRM integration is enabled)
• Document content processed through the platform
• Call transcripts and summaries (where voice agent features are enabled)
• Action logs generated by AI agents operating on your behalf
• Usage data including feature interactions, session duration, and error logs
3.3 Information Collected Automatically
We automatically collect:
• IP addresses and approximate location data
• Browser type, device information, and operating system
• Pages visited and time spent on our website
• Referral sources and search terms
3.3 Information Collected Automatically
We automatically collect:
• IP addresses and approximate location data
• Browser type, device information, and operating system
• Pages visited and time spent on our website
• Referral sources and search terms
4. How We Use Personal Information
4. How We Use Personal Information
We use personal information to:
• Provide, operate, and improve the Sunny AIOS platform
• Process subscriptions, billing, and account management
• Deliver AI-powered features including agent actions, document processing, and call handling
• Send service communications, including platform updates, security notices, and invoices
• Respond to support requests and enquiries
• Conduct internal analytics to improve product performance
• Meet our legal and regulatory obligations
We do not use your data to train AI models. Your client and organisational data remains yours.
We use personal information to:
• Provide, operate, and improve the Sunny AIOS platform
• Process subscriptions, billing, and account management
• Deliver AI-powered features including agent actions, document processing, and call handling
• Send service communications, including platform updates, security notices, and invoices
• Respond to support requests and enquiries
• Conduct internal analytics to improve product performance
• Meet our legal and regulatory obligations
We do not use your data to train AI models. Your client and organisational data remains yours.
5. AI features and Data Processing
5. AI features and Data Processing
Sunny AIOS uses AI agents to perform tasks on behalf of authorised users. The following principles govern AI data handling:
• Read-only by default: AI agents operate in read-only mode unless explicitly authorised by a user to take action
• Full action logging: every AI-initiated action is logged with a timestamp, the authorising user, and the action performed
• No model training: your data is not used to train or fine-tune any AI model
• Human oversight: all significant agent actions require human authorisation before execution
Sunny AIOS integrates with third-party services to deliver its functionality (see Section 7). Data shared with these services is governed by both this Policy and their respective privacy policies.
Sunny AIOS uses AI agents to perform tasks on behalf of authorised users. The following principles govern AI data handling:
• Read-only by default: AI agents operate in read-only mode unless explicitly authorised by a user to take action
• Full action logging: every AI-initiated action is logged with a timestamp, the authorising user, and the action performed
• No model training: your data is not used to train or fine-tune any AI model
• Human oversight: all significant agent actions require human authorisation before execution
Sunny AIOS integrates with third-party services to deliver its functionality (see Section 7). Data shared with these services is governed by both this Policy and their respective privacy policies.
6. Data Storage and Australian Hosting
6. Data Storage and Australian Hosting
Sunny AIOS is designed with Australian data sovereignty as a core requirement. Where technically possible:
• Data is stored in Australian-based infrastructure
• We document and disclose where data crosses international borders
• We take reasonable steps to ensure offshore processors comply with standards comparable to the APPs
Clients on the Sovereign tier receive enhanced data residency controls and dedicated infrastructure documentation. Contact us at contact@sunburntai.com.au for details.
Sunny AIOS is designed with Australian data sovereignty as a core requirement. Where technically possible:
• Data is stored in Australian-based infrastructure
• We document and disclose where data crosses international borders
• We take reasonable steps to ensure offshore processors comply with standards comparable to the APPs
Clients on the Sovereign tier receive enhanced data residency controls and dedicated infrastructure documentation. Contact us at contact@sunburntai.com.au for details.
7. Third-Party Service Providers (Sub-processors)
7. Third-Party Service Providers (Sub-processors)
To deliver the platform, we engage third-party sub-processors. These may include:
• Hosting and infrastructure providers (Australian-based where available)
• Email and calendar integration services (e.g. Microsoft 365, Google Workspace)
• CRM platforms (e.g. Zoho, Salesforce)
• Voice AI providers (e.g. VAPI, ElevenLabs)
• Workflow automation tools (e.g. n8n)
• Payment processors
We maintain a current list of sub-processors and will notify clients of material changes. All sub-processors are required to handle data in accordance with applicable privacy laws.
To deliver the platform, we engage third-party sub-processors. These may include:
• Hosting and infrastructure providers (Australian-based where available)
• Email and calendar integration services (e.g. Microsoft 365, Google Workspace)
• CRM platforms (e.g. Zoho, Salesforce)
• Voice AI providers (e.g. VAPI, ElevenLabs)
• Workflow automation tools (e.g. n8n)
• Payment processors
We maintain a current list of sub-processors and will notify clients of material changes. All sub-processors are required to handle data in accordance with applicable privacy laws.
8. Disclosure of Personal Information
8. Disclosure of Personal Information
We do not sell, rent, or trade personal information. We may disclose information:
• To sub-processors as described in Section 7
• Where required by Australian law, court order, or regulatory authority
• To enforce our Terms of Service or protect our legal rights
• With your explicit consent
We do not disclose personal information for marketing purposes to third parties.
We do not sell, rent, or trade personal information. We may disclose information:
• To sub-processors as described in Section 7
• Where required by Australian law, court order, or regulatory authority
• To enforce our Terms of Service or protect our legal rights
• With your explicit consent
We do not disclose personal information for marketing purposes to third parties.
9. Security
9. Security
We take reasonable technical and organisational measures to protect personal information from unauthorised access, loss, misuse, or disclosure. Measures include:
• Encryption of data in transit (TLS) and at rest
• Role-based access controls
• Comprehensive action logging and audit trails
• Regular security reviews
No system is completely secure. In the event of a data breach that is likely to cause serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth), including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.
We take reasonable technical and organisational measures to protect personal information from unauthorised access, loss, misuse, or disclosure. Measures include:
• Encryption of data in transit (TLS) and at rest
• Role-based access controls
• Comprehensive action logging and audit trails
• Regular security reviews
No system is completely secure. In the event of a data breach that is likely to cause serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth), including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.
`10. Your Rights and Choices
`10. Your Rights and Choices
Under the APPs and applicable Australian law, you have the right to:
• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information, subject to any applicable legal obligations
• Opt out of marketing communications at any time
• Lodge a complaint with the OAIC if you believe your privacy rights have been breached
To exercise these rights, contact us at contact@sunburntai.com.au. We will respond within 30 days.
Under the APPs and applicable Australian law, you have the right to:
• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information, subject to any applicable legal obligations
• Opt out of marketing communications at any time
• Lodge a complaint with the OAIC if you believe your privacy rights have been breached
To exercise these rights, contact us at contact@sunburntai.com.au. We will respond within 30 days.
`11. Children's Privacy
`11. Children's Privacy
Sunny AIOS is a business-to-business platform intended for use by professional services firms. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately.
Sunny AIOS is a business-to-business platform intended for use by professional services firms. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately.
`12. Changes to This Policy
`12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify clients of material changes via email or in-platform notification at least 14 days before the changes take effect. The date at the top of this document reflects the most recent update.
Continued use of Sunny AIOS after a policy change takes effect constitutes acceptance of the updated policy.
We may update this Privacy Policy from time to time. We will notify clients of material changes via email or in-platform notification at least 14 days before the changes take effect. The date at the top of this document reflects the most recent update.
Continued use of Sunny AIOS after a policy change takes effect constitutes acceptance of the updated policy.
`13. Contact Us and Complaints
`13. Contact Us and Complaints
For privacy-related enquiries, requests, or complaints:
Privacy Officer
Sunburnt AI Pty Ltd
Email: contact@sunburntai.com.au
Website: sunburntai.com.au
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
For privacy-related enquiries, requests, or complaints:
Privacy Officer
Sunburnt AI Pty Ltd
Email: contact@sunburntai.com.au
Website: sunburntai.com.au
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.