Privacy Policy

Areebi Pty Ltd (“Areebi,” “we,” “us,” or “our”) is committed to protecting the privacy of our users and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at areebi.com, use our platform, or engage with us through any other channel. Please read this policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

We collect information you provide directly, as well as information collected automatically when you interact with our website and services.

1.1 Information You Provide

• Contact and account information: Name, email address, company name, job title, phone number, and any other details you provide when requesting a demo, signing up for a trial, or creating an account.
• Form submissions: Information submitted through contact forms, demo request forms, AI risk assessment forms, newsletter sign-ups, and event registrations.
• Communications: Content of emails, support tickets, chat messages, and any other correspondence you send to us.
• Payment information: If you purchase our services, we collect billing details such as billing address and payment method. Payment card data is processed by our third-party payment processor and is never stored on our servers.
• Feedback and survey data: Responses to surveys, questionnaires, and product feedback requests.

1.2 Information Collected Automatically

• Log data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of access, time spent on pages, and click-stream data.
• Device information: Device type, screen resolution, unique device identifiers, and hardware model.
• Analytics data: Page views, session duration, bounce rates, scroll depth, and user interaction events collected via our analytics tools.
• Cookies and similar technologies: We use cookies, web beacons, pixel tags, and similar tracking technologies to collect usage data. See Section 10 (Cookie Usage) below for more detail.
• Location data: Approximate geographic location inferred from your IP address. We do not collect precise geolocation data.

1.3 Information From Third Parties

We may receive information about you from third-party sources, including business data providers, marketing partners, social media platforms (when you engage with our social media content), and publicly available sources, to supplement the information we collect directly.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To provide, maintain, and improve our platform and services, including processing your requests, managing your account, and delivering product features.
• Communications: To respond to your inquiries, send demo follow-ups, provide customer support, and send transactional messages such as order confirmations and service updates.
• Marketing: To send you relevant product information, newsletters, event invitations, and promotional content. You can opt out of marketing communications at any time using the unsubscribe link in any email or by contacting us.
• Analytics and improvement: To understand how our website and services are used, analyze trends, measure campaign effectiveness, and improve user experience.
• Security: To detect, prevent, and address fraud, unauthorized access, and other security issues.
• Personalization: To tailor content, features, and recommendations to your interests and usage patterns.
• Legal compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
• Business operations: To manage our internal business processes, including financial reporting, auditing, and operational planning.

3. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

3.1 Sub-Processors and Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf, including cloud hosting (AWS), analytics (Plausible Analytics), email delivery (Resend), payment processing (Stripe), and customer support tools. These service providers have access to your personal information only to perform tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose.

3.2 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, protect the personal safety of users or the public, or protect against legal liability.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

3.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you opt in to a co-marketing promotion or partner offering.

4. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, regular security assessments, and employee training. As an AI governance and cybersecurity company, data protection is at the core of everything we do. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account data: Retained for the duration of your account and for 12 months after account closure, unless deletion is requested earlier.
• Marketing contact data: Retained until you unsubscribe or request deletion, plus a 30-day suppression period.
• Analytics and log data: Retained for up to 24 months in an identifiable form, then aggregated or anonymized.
• Support correspondence: Retained for 36 months after the last interaction.
• Financial and billing records: Retained for 7 years as required by applicable tax and accounting regulations.
• Cookie data: Varies by cookie type; see our Cookie Policy for specific durations.

When personal information is no longer required, we securely delete or anonymize it in accordance with our data retention schedule and applicable law.

6. International Data Transfers

Areebi operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence, including Australia, the United States, and the European Union. These countries may have data protection laws that are different from your jurisdiction.

When we transfer personal data outside of the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with our service providers and partners to ensure an adequate level of data protection.
• Adequacy decisions: Where available, we rely on adequacy decisions issued by the European Commission recognizing that the recipient country provides an adequate level of data protection.
• Additional safeguards: We conduct transfer impact assessments and implement supplementary technical and organizational measures where necessary.

7. Your Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights regardless of where you reside, to the extent feasible.

7.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data (“right to be forgotten”) in certain circumstances.
• Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to restrict processing: Request limitation of processing of your personal data in certain circumstances.
• Right to object: Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint: Lodge a complaint with your local data protection supervisory authority.

7.2 Rights Under CCPA/CPRA (California, USA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: Request deletion of your personal information, subject to certain exceptions.
• Right to correct: Request correction of inaccurate personal information.
• Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to non-discrimination: You will not be discriminated against for exercising any of your CCPA/CPRA rights.

7.3 Rights Under the Australian Privacy Act

If you are an Australian resident, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including:

• Right to access: Request access to the personal information we hold about you.
• Right to correction: Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
• Right to complain: Lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.
• Right to anonymity: You have the option to interact with us anonymously or using a pseudonym where practicable.

To exercise any of these rights, please contact us at privacy@areebi.com. We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

8. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to promptly delete that information. If you believe that we may have collected information from a child under 16, please contact us at privacy@areebi.com.

9. Legal Basis for Processing (GDPR)

If you are located in the EEA, UK, or Switzerland, we process your personal data on the following legal bases:

• Consent: Where you have given us explicit consent, such as for marketing communications or non-essential cookies.
• Contractual necessity: Where processing is necessary to perform a contract with you or take pre-contractual steps at your request, such as providing our services.
• Legitimate interests: Where processing is necessary for our legitimate business interests (such as security, fraud prevention, analytics, and product improvement), provided these interests are not overridden by your rights.
• Legal obligation: Where processing is necessary to comply with a legal obligation.

10. Cookie Usage

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small data files placed on your device that help us remember your preferences, understand how you interact with our site, and improve our services.

• Strictly necessary cookies: Required for the website to function properly. These cannot be disabled.
• Analytics cookies: Help us understand visitor behavior and improve the website. We use privacy-focused analytics tools.
• Functional cookies: Remember your preferences and settings to provide enhanced functionality.
• Marketing cookies: Used to deliver relevant advertising and measure campaign effectiveness. These are only set with your consent.

You can manage your cookie preferences at any time through the cookie settings banner on our website or through your browser settings. For more detailed information, please refer to our Cookie Policy.

11. Third-Party Links

Our website may contain links to third-party websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date at the top. For significant changes, we may also provide additional notice, such as an email notification or a prominent announcement on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@areebi.com
• Data Protection Officer: dpo@areebi.com
• Mailing address: Areebi Pty Ltd, Sydney, Australia

We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.