Back to Home
LEGAL

Privacy Notice

For Business Customers

Effective Date: 22 July 2025Download PDF

Contents

  1. Introduction
  2. Scope of this Privacy Notice
  3. Contact Us
  4. What Service Data We Collect
  5. How We Collect Service Data
  6. Why We Process Service Data
  7. Consequences of Failure to Provide Data
  8. Service Data We Share and Disclose
  9. Special Category Personal Data
  10. Children
  11. Where Service Data is Stored
  12. Security and Integrity
  13. Accuracy, Access and Portability
  14. Retention and Deletion
  15. Exercising Your Data Protection Rights
  16. Links to Third Party Services
  17. Changes to this Notice

1. Introduction

This Privacy Notice explains how Aultech Proprietary Limited (“Aultech”, “we”, “us”, or “our”) collects and processes personal data as a data controller in relation to its enterprise SaaS platforms, including its products and offerings described on our website (“the Services”). The Services are exclusively provided to business customers and not to consumers or individuals in their personal capacity.

This notice complies with applicable laws such as South Africa's Protection of Personal Information Act 4 of 2013 (“POPIA”), the United Kingdom's Data Protection Act 2018, and/or the EU's General Data Protection Regulation (“GDPR”).

2. Scope of this Privacy Notice

This Privacy Notice applies exclusively to Service Data.

“Service Data” refers to personal information processed by Aultech when establishing, operating, supporting, and maintaining the Services for business clients, including onboarding, account administration, billing, security monitoring, technical support, service analytics, platform updates, and customer communications.

“Customer Data” (i.e., data uploaded or processed by Customers and End Users via the Services such as documents, project data, emails, site instructions, or AI task queries) is governed by the Aultech Services Agreement and Data Processing Addendum (“DPA”), where Aultech acts as a data processor/operator.

Where Aultech processes Customer Data, Aultech acts as a data processor (or operator under POPIA), and processes such data strictly in accordance with Customer instructions. If you are a user authorised under a Customer's Account and have questions about your data, please contact your Account Admin, as they are responsible for managing your data under applicable data protection laws.

3. Contact Us

Aultech is the controller for the Service Data we process, unless otherwise stated.

Full name of legal entity: Aultech Proprietary Limited (Company Reg No.: 2025/226086/07)

Designated Person: Mr Ushir Maharaj (Information Officer)

Email: privacy@aultech.ai
Postal address: 13 Hillclimb Road, Westmead, Durban, KwaZulu-Natal, South Africa, 3610

4. What Service Data We Collect

We collect and process the following categories of personal data as part of the Service Data:

  • Business Account Data: Company name, registration number, VAT number, billing and subscription details.
  • User Identity & Authentication: Names, business email addresses, telephone numbers, job titles, user roles, admin assignments, login credentials (hashed).
  • Billing & Payment Data: Invoicing records, payment confirmations, refunds, and debit orders.
  • Technical & Device Data: Device IDs, IP addresses, browser types, operating system, session logs, access logs, error reports. Server-side application logs collected through Elastic stack and Azure telemetry. Hosting provider metadata (e.g., from Azure and Teraco) for internal diagnostics.
  • Communication & Support Logs: Customer service tickets, onboarding calls, training session records, troubleshooting interactions. Email agent interaction metadata for those using the integrated agent features.
  • Integration Metadata: Limited data from third-party integrations (e.g., Microsoft Outlook, Gmail and Workspace).

5. How We Collect Service Data

We collect Service Data through:

5.1. Direct Interactions

Registration forms, contract execution, subscription onboarding, user provisioning, customer support communications.

5.2. Automated Technologies

  • Application telemetry, API usage logs, agent activity, system diagnostics, and platform analytics.
  • Our email agent, where enabled, may collect metadata and perform rules-based tagging, routing, or auto-responses based on criteria set by the user.
  • When you interact with our website, we may collect technical and usage information automatically from your browser or device using cookies and similar technologies.
  • Cookies and similar technologies are set on your device by us and our trusted partners, such as Google Analytics. To opt out of being tracked by Google Analytics across all websites, visit: tools.google.com/dlpage/gaoptout.
  • Users can manage cookie preferences through our cookie consent tool.

5.3. Third-Party Sources

We will only receive your personal data from third parties when (i) you have provided your consent to share such data with us, (ii) when required by law, (iii) when it is strictly necessary for us to fulfil our contractual obligations to you, (iv) when it is strictly necessary to protect our or our Customer's legitimate interests, or (v) to protect the vital interests of the data subject.

6. Why We Process Service Data

When we process Service Data for the purposes described below, we rely on the following legal grounds:

CategoryPurpose of ProcessingLegal Basis
Business Account InformationAccount setup, invoicing, contract managementContractual Necessity
Authorised User InformationCreate authorised accounts, assign user roles, user authenticationContractual Necessity
Billing & Payment DataPayment processing, managing billing recordsContractual Necessity
Technical & Device MetadataSecurity monitoring, fraud prevention, platform stabilityLegitimate Interest
Platform Access & Usage LogsAudit trail, system monitoring, access control auditsLegitimate Interest
AI & Task Automation LogsAutomating task management, claims, and contract analysisLegitimate Interest; Contractual Necessity
Feature Interaction LogsImprove agent reliability, troubleshoot issues, optimise performanceLegitimate Interest
Security Event DataThreat detection, incident response, protecting system integrityLegitimate Interest; Legal Obligations
Support CommunicationsProviding customer support and resolving issuesContractual Necessity
Integration MetadataEnable user identity management and service integrationsContractual Necessity
Marketing & Communication PreferencesCustomer communications, service updates, legal noticesLegitimate Interest (opt-out rights apply)

To achieve the above processing purposes, we may use algorithms to recognise patterns in Service Data, manual review of Service Data, and aggregation or anonymisation of Service Data to eliminate personal data. We also use Service Data for internal reporting and analysis of our platform and business operations.

7. Consequences of Failure to Provide Personal Data

If we are required by law or contract to process certain personal data and you do not provide it, we may be unable to:

  • Deliver our services, including configuring, supporting, or facilitating any training;
  • Fulfil our contractual obligations, such as onboarding, billing, or security-related requirements;
  • Comply with certain legal or regulatory requirements to verify your identity.

In such cases, we may need to suspend or terminate our contract and/or business relationship with you, providing due notice and acting under the terms of the contract and applicable legislation.

8. Service Data We Share and Disclose

We do not sell Service Data.

We may share your Personal Data with Aultech Affiliates who perform technical services for us or on our behalf as Processors. We do not share Service Data with companies, organisations, or individuals outside of Aultech except in the following cases:

  • (a)When you or our customer choose(s) to procure a Third-Party Service through our platforms.
  • (b)With your administrator who you authorise to manage your organisation's account.
  • (c)For external processing: We share Service Data with trusted third-party providers to process it for us, in compliance with this Privacy Notice and appropriate confidentiality and security measures.
  • (d)For legal reasons: We share Service Data when we have a good-faith belief that access to or disclosure of Service Data is reasonably necessary to comply with applicable law, enforce agreements, or protect rights, property, or safety.
  • (e)In the event of beta services or feature access, we may share anonymised Service Data internally or with designated support teams.
  • (f)For potential business transfers: If Aultech is involved in a reorganisation, merger, acquisition, or sale of assets, we will continue to ensure Service Data is kept confidential and give affected users notice.
  • (g)In other ways as you direct us, from time to time.

9. Special Category Personal Data

We generally do not collect special category personal data (such as race, religious beliefs, or health information) as part of the Service Data unless it is required for specific legal purposes. When we do process such data, it will be with your explicit consent, or as otherwise permitted by applicable laws. Any processing of such data by the Customer remains the sole responsibility of the Customer under the Customer Agreement and DPA.

10. Children

Our Services are designed for business use only. We do not knowingly collect data relating to children under 18 years of age.

11. Where Service Data is Stored and Transferred

Storage Locations: Your Service Data will be primarily stored and processed in data centres in South Africa and the European Union.

Cross-Border Transfers: Personal Data may be transferred to and processed in the Republic of South Africa, where our personnel are located. We apply the same protections described in this Privacy Notice in all cases.

When transferring Personal Data outside the EEA or RSA, we comply with the following legal frameworks:

  • (a)Adequacy decisions by the European Commission, UK Adequacy Regulations, or the Swiss Federal Council.
  • (b)Transfer Impact Assessments (TIAs) to assess risks and implement necessary mitigation measures.
  • (c)Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office.
  • (d)Data Encryption where appropriate, to prevent unauthorised access or interception.

12. Security and Integrity

We take the security and protection of your Service Data seriously. Our security measures include:

  • (a)Access control: Restricting access to employees, contractors and agents who strictly need it, all subject to strict confidentiality obligations.
  • (b)Encryption: Encrypting Service Data at rest and while in transit.
  • (c)Review and Testing: Regularly reviewing our processing practices and systems for vulnerabilities and implementing updates and patches.
  • (d)Incident management: Implementing a response plan to address and mitigate any data breaches or security incidents.

While we take all reasonable steps to protect your Service Data, you acknowledge that no system is entirely secure, and unauthorised access remains a potential risk in the digital world.

If we become aware of a data breach that compromises your Service Data, we will notify you and the relevant regulatory authorities in accordance with legal requirements.

13. Accuracy, Access and Portability of Service Data

We strive to ensure your personal data is accurate, complete, and up to date. It is your responsibility to inform your administrator of any changes to your personal data so they can update your records with us.

Your administrators can access user-specific data, such as account configurations and billing information, but access to sensitive data may be restricted based on role permissions.

Your employer may allow you to access and export your data to back it up or transfer it to a service outside of Aultech. To access and download the data you have stored in the services, please submit your request to our Information Officer by emailing privacy@aultech.ai.

14. Retention and Deletion of Service Data

Retention Periods: We will retain your Service Data as a Controller only for as long as it is necessary to fulfil the purposes for which it was collected, or as required by law.

Determining Retention: The retention period is determined by various factors, including:

  • (a)The type of data and its sensitivity.
  • (b)The purposes for which the data was collected and whether those purposes can still be achieved.
  • (c)How you configure your settings.
  • (d)Legal obligations that may require us to retain certain data for a specific period.

Deletion: You may request deletion of your Service Data following account termination or non-payment. We will permanently delete or de-identify such data within 30 days of termination, unless retention is required by law.

Customer Instructions: Certain data uploaded to and generated by our platform is retained or deleted based on the instructions provided by the customer. Where the email agent or Scout generates logs, these are retained for up to 180 days unless the customer instructs earlier deletion.

Backup copies: After deletion, copies of Personal Data may remain for a limited period in our encrypted backup systems for disaster recovery purposes, before being overwritten by new backup copies.

Service Downgrades or User Reductions: Where a customer reduces the number of users on their subscription, data associated with the removed users may be archived or anonymised, but certain metadata may be retained for audit, billing, or legal compliance purposes.

15. Exercising Your Data Protection Rights

If South African, European Union, UK, or Swiss data protection law applies to our processing of your personal data, you may have certain rights, including:

  • (a)Access: Request copies of your personal data.
  • (b)Rectification: Ask us to correct inaccurate or incomplete information.
  • (c)Erasure: Request the deletion of your personal data in certain circumstances.
  • (d)Restriction: Ask us to limit the processing of your data in certain circumstances.
  • (e)Objection: Object to processing based on our public tasks or legitimate interests.
  • (f)Portability: Request the transfer of your data to another organisation or you.

Where applicable, self-service tools may be available to access, rectify, or delete your data directly from the platform. If these tools are not available, contact us at privacy@aultech.ai.

There is no charge for exercising your rights, and we will respond within 30 calendar days. We may ask for additional information to verify your identity.

Regulatory Authorities

You also have a right to complain to the regulator in the country where you reside or operate:

Country/RegionRegulatory Authority
AustraliaOffice of the Australian Information Commissioner (oaic.gov.au)
BotswanaInformation and Data Protection Commission (bocra.org.bw)
EU member stateEquivalent authority in any EU member state (edpb.europa.eu)
MauritiusData Protection Office (dataprotection.govmu.org)
MozambiqueNot yet established
South AfricaInformation Regulator (inforegulator.org.za)
United KingdomUK Information Commissioner's Office (ico.org.uk)
ZimbabwePostal and Telecommunications Regulatory Authority (potraz.gov.zw)

16. Links to Third Party Services

Our services may include links to third-party platforms or websites that we do not operate or control. Your interactions with these third-party services are governed by their respective privacy policies. We are not responsible for the privacy practices or security of external platforms.

17. Changes to this Notice

We may update this Privacy Notice to reflect new technologies, industry practices, regulatory requirements, or other purposes. If these changes are material, we will notify you as required by applicable law. Notice may be provided by email to your last known email address, by posting on our sites and platforms, or by other means consistent with applicable law.

If you are participating in a beta service or pilot phase, we may provide separate or supplementary privacy disclosures applicable to those features.