Effective Date: 25 March 2026
1. Introduction
Welcome to Northern Beaches AI ("we," "us," or "our"). We are the trading name of Interview Management Solutions Pty Ltd (ABN 65 166 406 015). We provide AI-powered services to Australian organisations, including:
- The Lucent Edge platform ("Platform"), a sovereign AI digital workforce platform that provides secure access to frontier AI models on Australian infrastructure, together with governed digital employees and related capabilities.
- AI automation and voice AI solutions, including voice automation systems, workflow automation, and integrated AI tools designed for small and medium businesses.
Together, these are referred to as our "Services."
Your privacy is important to us. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in compliance with the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs").
Important note regarding customer data: This Privacy Policy primarily describes how we handle the personal information of prospective and existing users and administrative contacts for our Services. Where our Services process data on behalf of customers (for example, documents, files, or client materials uploaded to the Platform by a customer or its users), that processing is governed by our agreements with those customers and the relevant provisions of this Privacy Policy, including Sections 6, 7, and 8. We do not use customer data processed through our Services for any purpose other than delivering the Services, except as described in this Privacy Policy.
2. Scope
This Privacy Policy applies to:
- Our website: northernbeaches.ai
- The Lucent Edge platform and any related portals, tools, or interfaces
- Our AI automation and voice AI solutions, including any third-party platforms or integrations used to deliver those services
- Any other platforms, products, or services offered by Northern Beaches AI that link to or otherwise reference this policy
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.
3. Information We Collect
We may collect various types of information from or about you depending on how you engage with us:
Personal Information
- Contact details, such as your name, email address, phone number, and mailing address.
- Business information, such as company or practice name, job title, professional role, and related details if you are using our Services on behalf of an organisation.
- Communications data, based on our exchanges with you, including when you contact us through our website, email, phone, social media, or otherwise.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
- Account data, such as the username and password you may set to establish an account on the Platform, and any account configuration or preferences.
- Payment data, needed to complete transactions. Payment card information is collected and processed directly by our payment processor, Stripe, in accordance with its privacy policy at https://stripe.com/privacy. We do not store your full payment card details on our systems.
Platform Interaction Data (Lucent Edge)
- Chat and workflow activity conducted through the Lucent Edge platform, including interactions with digital employees.
- Documents, files, or other content you upload to or generate through the Platform.
- Email drafts and communications initiated or supported through the Platform's integrated tools (such as Microsoft 365 Outlook or other connected services).
- Workflow event logs, approval records, and audit trail data generated during your use of the Platform.
Voice and Audio Data (AI Automation Services)
- Any audio recordings or voice data captured during interactions with our AI voice automation systems. This data is used solely to provide and improve our voice-related services.
- Call metadata, including call duration, timestamps, and routing information.
Automation and Integration Data
- Data processed through our workflow automation services, including information passed between integrated third-party tools (such as CRM systems, scheduling tools, payment platforms, or communication services) as part of delivering our automation solutions.
Technical Information
- Device and browsing information, such as IP address, browser type and version, operating system, device type, screen resolution, unique identifiers, and language settings.
- Usage data, such as pages visited, time spent on pages, navigation paths, links clicked, and access times.
Cookies and Similar Technologies
We may use cookies or similar tracking technologies to enhance your experience on our website. For more information, please see Section 11 of this Privacy Policy.
4. How We Collect Information
We collect information in the following ways:
- Directly from you: When you voluntarily provide it, such as when filling out forms on our website (including early access or waitlist applications), subscribing to our updates, contacting us via email or phone, or entering information into the Platform.
- Through the Platform: When you use the Lucent Edge platform, including interactions with digital employees, document uploads, email drafting, and workflow activity.
- Through voice AI systems: When you interact with our AI voice automation systems, including inbound and outbound voice calls and related call handling.
- Through automation workflows: When data is processed through our automation services and integrated third-party tools on your behalf.
- From third parties: We may receive information from third parties that assist us in providing our Services (for example, software providers, voice AI platform providers, integration partners, or marketing partners).
- Automatically: Through the use of cookies, web beacons, and other tracking technologies on our website and in our communications.
Declining to provide information: We need to collect certain personal information to provide our Services. If you choose not to provide information we identify as required, we may not be able to provide you with those Services or certain features of them.
5. Use of Your Information
We use the information we collect for purposes including but not limited to:
- Service delivery: To provide, maintain, and improve the Lucent Edge platform, our AI automation and voice AI solutions, and our related Services, including the operation of governed digital employees, voice automation systems, and integrated workflows.
- Customer support: To respond to your inquiries, requests, or complaints.
- Business operations: For internal record-keeping, business analytics, platform and service performance monitoring, and operational purposes.
- Communication: To send you updates, marketing materials, or other information you have opted to receive. You can opt out at any time by emailing datacontrol@northernbeaches.ai or using the unsubscribe mechanism provided in any communication. Even if you opt out of marketing communications, you may continue to receive necessary service-related and non-marketing communications.
- Platform governance and auditability: To maintain audit trails, support human oversight of AI-assisted outputs, and enable governance, review, and compliance activities.
- Voice AI service improvement: To monitor and improve the quality, accuracy, and performance of our voice AI systems, including for quality assurance purposes where applicable.
- Research and development: To analyse and improve our Services and our business. As part of these activities, we may create aggregated, de-identified, or otherwise anonymised data from personal information we collect. We convert personal information into anonymised data by removing information that makes the data personally identifiable to you. We may use this anonymised data for our lawful business purposes, including to analyse and improve our Services. We will not use or disclose anonymised data in any manner that could reasonably be used to re-identify you.
- Compliance and protection: To comply with applicable laws, regulations, court orders, or other legal obligations; to protect our or your rights, privacy, or safety (including by making and defending legal claims); to enforce the terms and conditions that govern our Services; and to prevent, identify, investigate, and deter fraudulent, harmful, unauthorised, or illegal activity.
6. Automated Decision-Making
Our Services use AI models and computer programs to assist with a range of tasks. These tools are designed to support and augment human decision-making, not to replace it.
In accordance with the Privacy and Other Legislation Amendment Act 2024 (Cth), and in anticipation of the automated decision-making transparency obligations under APPs 1.7, 1.8, and 1.9 (commencing 10 December 2026), we disclose the following:
Kinds of personal information used: Our Services may process personal information including names, contact details, business information, voice and audio data, and the content of documents, communications, and workflow interactions that you provide or generate through our Services.
Kinds of decisions substantially assisted by computer programs:
- Lucent Edge platform: The Platform's digital employees may assist with tasks such as drafting correspondence, summarising documents, conducting research, analysing data, and supporting workflow execution. These outputs are designed to be reviewed, approved, or overridden by authorised human users before any decision with significant effect is made.
- AI automation and voice AI solutions: Our voice AI systems may handle inbound and outbound calls, route enquiries, capture caller information, and trigger automated workflows. These systems operate within defined parameters and are designed to escalate to a human operator where a matter falls outside their configured scope or where a decision with significant effect on an individual may be required.
Human oversight: Our Services incorporate human-in-the-loop review, authority limits, and escalation pathways. No decision that could reasonably be expected to significantly affect the rights or interests of an individual is intended to be made solely by the operation of a computer program without meaningful human review.
We will continue to update this section as the OAIC publishes detailed guidance on the APP 1.7-1.9 obligations and as our Services evolve.
7. Disclosure of Your Information
We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:
- Service providers: With trusted third-party companies that perform services on our behalf (for example, cloud hosting, analytics, email delivery, voice AI platform providers, telephony services, or integration partners) and who are contractually obligated to keep your information confidential and use it only for the services we request.
- AI model and voice AI providers: The Lucent Edge platform accesses frontier AI models via sovereign Australian infrastructure. We maintain agreements with our third-party AI model providers that prohibit them from using your data to train, improve, or develop their AI models, and that require zero data retention beyond what is necessary to generate and return the requested output. Our AI automation and voice AI solutions may use third-party platforms (such as voice AI engines, telephony providers, and workflow automation tools) to deliver services. Where these providers are located overseas, we take steps to ensure compliance with APP 8 (see Section 8).
- Payment processors: Any payment card information you provide is collected and processed directly by our payment processor, Stripe, in accordance with its privacy policy at https://stripe.com/privacy.
- Professional advisers: With lawyers, auditors, or insurers, where necessary in the course of the professional services they provide to us.
- Business transfers: If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will notify you of such changes.
- Legal requirements: If required to do so by law, court order, or when necessary to protect our rights or the rights of others. In such cases, we will give you prompt notice of the demand or order (to the extent permitted by law) and reasonably cooperate with you in any effort to seek a protective order or otherwise contest such disclosure.
8. Data Sovereignty and Infrastructure
Lucent Edge platform: The Platform is designed for Australian-hosted AI operations. AI inference is conducted on sovereign Australian infrastructure (AWS Sydney region, ap-southeast-2) using Australian inference profiles. Application data is stored in Australian-hosted services (Firebase australia-southeast1). This architecture is designed to provide stronger local control over sensitive data during processing, not just storage, reducing the risk of offshore data exposure during AI operations.
This is a deliberate architectural decision and a core differentiator of the Lucent Edge platform. Unlike many AI services that route data through international infrastructure with limited visibility over where processing occurs, the Lucent Edge platform is built so that sensitive firm and client data remains within Australian-hosted environments at rest, in transit, and during AI inference. All data is encrypted both at rest and in transit. We believe this approach better serves the needs of Australian legal, investigations, and compliance professionals who handle privileged or sensitive material.
AI automation and voice AI solutions: Our automation and voice AI services may use a combination of Australian and international third-party platforms to deliver functionality, including voice AI engines, telephony providers, workflow automation tools, and payment or CRM integrations. Where these services involve the processing or storage of personal information outside Australia, we take steps to ensure compliance with APP 8.
Cross-border transfers generally: While our primary Lucent Edge infrastructure is Australian-hosted, certain ancillary services across both service lines (such as website hosting, analytics, or email delivery tools) may involve processing in other jurisdictions. In all cases where personal information is transferred overseas, we take reasonable steps to ensure the overseas recipient handles it in accordance with the APPs, whether through contractual commitments, the recipient being subject to a substantially similar privacy regime, or your informed consent (APP 8).
9. Data Storage and Security
We have implemented technical, administrative, and physical safeguards to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These safeguards include:
- Encryption of data at rest and in transit.
- Role-based access controls limiting access to personal information to authorised personnel on an as-needed basis.
- Regular review and updating of security practices to protect against reasonably foreseeable internal and external risks.
- Incident response procedures for the detection, investigation, and remediation of data security incidents.
However, no security system is impenetrable, and we cannot guarantee the absolute security of your data.
10. Data Breach Notification
In the event of an eligible data breach involving your personal information that is likely to result in serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. This means we will:
- Take reasonable steps to contain the breach and assess the risk of serious harm.
- Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable after becoming aware of the breach.
- Include in any notification a description of the breach, the kinds of information involved, and recommendations about the steps you should take in response.
We maintain a data breach response plan and will take all reasonable steps to minimise the impact of any breach on affected individuals.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and use data about you, including to improve our Services and your online experience. These technologies may include:
- Cookies: Small text files stored on your device that allow us to recognise your browser and remember your preferences.
- Web beacons: Small graphic images (also known as pixel tags or clear GIFs) used to determine whether a webpage or email has been accessed or opened, or whether certain content has been viewed or clicked.
- Local storage: Technologies that provide cookie-equivalent functionality but may store larger amounts of data on your device.
You may adjust your browser settings to refuse cookies or to alert you when cookies are being sent. However, certain website features may not function properly without cookies.
12. Retention of Your Information
We only retain your personal information for as long as it is necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When personal information is no longer needed, we take reasonable steps to de-identify or securely destroy it.
Platform interaction data, including audit trail records, may be retained for a longer period where necessary to support governance, compliance, or legal obligations.
Voice and audio data captured through our AI automation services is retained only for as long as necessary to provide and improve those services, and is securely deleted when no longer required.
13. Third-Party Links and Integrations
Our Services may contain links to, or integrations with, websites, applications, and other online services operated by third parties. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third-party websites, applications, or services, and we are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party services you access or use through our Services.
Where our Services integrate with third-party tools at your direction (such as Microsoft 365 Outlook, CRM systems, or other connected services), we will only access and process data from those integrations as necessary to deliver the Services you have requested.
14. Your Rights and Choices
Under Australian privacy laws, you have the right to:
- Access and correction: Request access to, or correction of, the personal information we hold about you. We will respond to access and correction requests within a reasonable period and in accordance with the APPs.
- Withdraw consent: Where you have provided consent to our processing of your personal information, you may withdraw that consent at any time by emailing datacontrol@northernbeaches.ai. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
- Opt out of marketing: You may opt out of marketing-related communications by following the unsubscribe instructions in any marketing email, or by contacting us at datacontrol@northernbeaches.ai. Even if you opt out of marketing communications, you may continue to receive necessary service-related and non-marketing communications.
- Request deletion: You may request that we delete personal information we hold about you, subject to any legal or contractual obligations that require us to retain it.
- Lodge a complaint: If you believe we have breached your privacy rights, you may lodge a complaint with us (see Section 16) or with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
How we handle complaints: If you lodge a privacy complaint with us, we will acknowledge your complaint within 7 days and investigate it promptly. We will provide you with a written response within 30 days, outlining the outcome of our investigation and any steps we have taken or propose to take. If you are not satisfied with our response, you may escalate your complaint to the OAIC.
15. Children's Privacy
Our Services are not directed at individuals under the age of 16. We do not knowingly collect or solicit personal information from anyone under 16. If you believe we have inadvertently collected personal information from a minor, please contact us so we can promptly delete it.
16. Contact Us
If you have any questions, comments, or concerns about this Privacy Policy or our practices, or if you wish to make a complaint or exercise any of your rights, please contact us at:
- Company Name: Northern Beaches AI (a trading name of Interview Management Solutions Pty Ltd)
- Email: enquiries@northernbeaches.ai
- Privacy Contact: datacontrol@northernbeaches.ai
- Mailing Address: PO Box 364, Balgowlah, NSW 2093, Australia
- Phone: +61 488 076 313
If you are not satisfied with our response to a complaint, you may contact the Office of the Australian Information Commissioner:
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will revise the "Effective Date" at the top of this page. If we make material changes that reduce your rights or protections, we will take reasonable steps to notify you (for example, by posting a notice on our website or emailing you directly). Any changes will become effective when we post the revised Privacy Policy.
Disclaimer: This Privacy Policy is provided as a general guide and does not constitute legal advice. For specific legal advice tailored to your situation, you should consult with a legal professional familiar with the Australian Privacy Principles and relevant privacy regulations.