Privacy Policy

Last updated: 29 March 2026

KAIVORI is operated by Katalyst IT Pty Ltd (ABN: [ABN — set NEXT_PUBLIC_KATALYST_ABN]) of Perth, Western Australia. This policy explains how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What we collect

We collect personal information you provide when creating an account and using KAIVORI, including:

  • Name, email address, phone number, business name, and ABN
  • Business information: industry, location, team members, job and client records
  • Payment information (processed by Stripe — we do not store card details)
  • Usage data: AI conversations, documents uploaded, workflow runs, and feature activity
  • Technical data: IP address, browser type, device identifiers, and log data

2. How we use it

  • To provide and improve the KAIVORI platform
  • To personalise AI agent responses to your business context
  • To send transactional emails (invoices, receipts, platform notifications)
  • To send product updates and growth reports (you can opt out at any time)
  • To comply with legal obligations and prevent fraud

3. Who we share it with

We do not sell your personal information. We share data only with:

  • Supabase — database and authentication (Sydney, AU region)
  • Vercel — hosting and edge functions
  • Stripe — payment processing
  • OpenRouter / Anthropic — AI model inference (your data is used only to generate responses, not for model training)
  • Resend — transactional email delivery
  • Twilio — SMS communications
  • Other third-party services you connect (Google, Xero, MYOB, Meta) — governed by their own privacy policies

All third-party providers are contractually bound to protect your data. Where possible, we use Australian or GDPR-compliant infrastructure.

4. Data storage and security

Your data is stored in Supabase (Sydney, AWS ap-southeast-2). We use:

  • AES-256-GCM encryption for third-party OAuth tokens
  • Row-level security (RLS) on all database tables
  • HTTPS for all data in transit
  • Regular automated database backups

5. Your rights

Under the Australian Privacy Act, you have the right to:

  • Access — request a copy of personal information we hold about you
  • Correction — ask us to correct inaccurate information
  • Deletion — request deletion of your account and associated data (Settings → Data & Privacy → Delete Account)
  • Data export — download your business data at any time (Settings → Data & Privacy → Export Data)
  • Opt-out — unsubscribe from marketing emails at any time

6. Data retention

We retain your data for as long as your account is active or as needed to provide services. On account deletion, personal data is permanently deleted within 30 days. Anonymised aggregate analytics data may be retained indefinitely.

7. AI-generated content

KAIVORI uses large language models to generate content, recommendations, and documents. AI outputs are provided for reference only and should be reviewed before use. We are not liable for reliance on AI-generated content without independent verification.

8. Cookies

KAIVORI uses cookies for authentication sessions and analytics (PostHog). No advertising cookies are used. You can disable cookies in your browser settings, though this may affect functionality.

9. Contact us

For privacy enquiries, access requests, or complaints, contact us at:

Privacy Officer
Katalyst IT Pty Ltd
Email: privacy@kaivori.com.au
Perth, Western Australia

If you are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).