1. General
1.1 Dexterous AI Pty Limited (ACN 680 070 455) trading as DexIQ (DexIQ, we, us or our) provides AI‑enabled accounts payable automation and financial workflow solutions, including invoice capture and processing, supplier and tax‑compliance verification, inbox and workflow management, financial insights and related tools (together, the Services) via the DexIQ platform, associated websites, web portals, applications and interfaces (the Platform). This Privacy Policy explains how we collect, hold, use and disclose Personal Information in connection with the Platform and Services, and how we comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).
1.2 By accessing or using the Platform or Services, you acknowledge that you have read and understood this Privacy Policy. Capitalised terms used but not defined have the meaning given in our Enterprise Terms and Conditions or End User Terms and Conditions (End User TCs).
2. Scope and who this policy applies to
2.1 This Privacy Policy applies to all individuals whose Personal Information we collect in connection with the Platform and Services, including Customers, Users, prospective customers, suppliers and other visitors to our online properties. It also applies to Personal Information collected through our website, communications, support interactions and other online and offline channels related to the Platform and Services.
2.2 We are committed to respecting your privacy, handling Personal Information in a lawful, fair and transparent manner, and complying with the APPs. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, and any other privacy laws to the extent they apply to our handling of Personal Information
3. The information we collect
3.1 We collect information that is reasonably necessary for our functions and activities, including to operate, secure and improve the Platform and Services.
(a) Personal Information. This may include your name, role or job title, organisation, business contact details (email, phone number, address), user account identifiers, and authentication information.
(b) Account and usage information. This includes account registration data, user preferences, licence tier and entitlements, audit logs, access times, activity on the Platform, configuration settings, feature use, and support interactions.
(c) Transaction and billing information. This includes subscription details, payment method tokens or references, billing contact details, invoices, receipts and payment records. Payment processing is ordinarily handled by third‑party payment providers; we do not store full bank or card numbers.
(d) Customer Data and Your Data. In the ordinary course, Customers and Users may upload or provide data for processing by the Platform (e.g., invoices, purchase orders, supplier information, tax numbers, approval workflows, internal references, messages or notes). Customer Data and Your Data may contain Personal Information relating to you or to third parties relevant to your business workflows.
(e) Technical and device information. This includes IP address, device and browser type, operating system, language settings, referrer URLs, session identifiers, diagnostic data, error logs and similar technical telemetry.
(f) Communications. This includes emails, in‑product messages, support tickets, call notes and feedback you provide, as well as records of your marketing preferences and responses.
(g) Sensitive Information. We do not seek to collect Sensitive Information (as defined in the Privacy Act). If you choose to include Sensitive Information in Customer Data or Your Data, you must ensure you have the necessary consents and lawful basis to do so. We will only handle Sensitive Information where reasonably necessary for our functions or activities and as permitted by law.
3.2 We collect Personal Information directly from you (e.g., when you register, configure or use the Platform, communicate with us or participate in demos) and indirectly from your use of the Platform and Services (e.g., telemetry, logs, cookies). We may also receive Personal Information from your organisation (as a Customer), service providers, or other third parties where permitted by law.
4. Purposes for which we collect and use Personal Information
4.1 We collect, use and disclose Personal Information for purposes reasonably necessary for, or directly related to, our functions and activities, including to:
(a) provide, operate, host, secure and support the Platform and Services;
(b) create and manage accounts, authenticate Users and administer licences;
(c) process transactions, issue invoices and receipts, and manage billing and account queries;
(d) process and analyse Customer Data and Your Data to deliver the Services and functionality you request (for example, document capture, classification, extraction and workflow automation);
(e) personalise your experience, including to provide in‑product tips, configurations, automations and suggestions based on your prior or historical use of the Platform;
(f) develop, maintain and improve the Platform, Software and Services, including through diagnostics, analytics, testing, quality assurance, troubleshooting and security monitoring;
(g) communicate with you regarding the Services, Platform updates, changes to terms and policies, and respond to enquiries and support requests;
(h) comply with legal and regulatory obligations, enforce our agreements, prevent, detect and investigate fraud, misuse or security incidents, and protect our rights, Users and Customers;
(i) conduct de‑identified and aggregated analytics and reporting to understand usage, performance and trends across our services;
(j) send direct marketing communications, where permitted, which you may opt out of at any time.
4.2 We do not use or disclose Personal Information for purposes other than those described in this Privacy Policy, your agreement with us, or as otherwise permitted or required by law.
5. How we use AI, third‑party services and your data
5.1 AI and third‑party APIs. The Platform may rely on or integrate third‑party services, software or APIs, including large language models (e.g., OpenAI or other LLMs), OCR and data extraction tools. We only disclose the minimum data reasonably necessary to enable the requested functionality and take steps to contractually restrict third‑party use and disclosure.
5.2 Model training and learning. DexIQ does not use your data to train foundation or cross‑customer machine learning models. We will not learn from users’ data except to improve your experience, including automating suggestions and configurations for your organisation based on your prior or historical use of the Platform – and any data that may be learned for these specific purposes will be deidentified. Any per‑customer context retained is scoped to your organisation and used to provide you a service.
5.3 LLM configuration. Where we use LLM services, we configure requests so that inputs and outputs are not used by the LLM to train or improve the LLM’s models. We also implement data minimisation, access controls and logging in relation to such integrations.
5.4 No sale of Personal Information. We do not sell Personal Information. We may disclose or transfer Personal Information to a third party in connection with any merger, acquisition, sale of all or a portion of our business or assets, corporate reorganisation, or other similar transaction. In such circumstances, we will take reasonable steps to ensure that any recipient of Personal Information will handle it in a manner consistent with this Privacy Policy and the requirements of the Privacy Act. Where required by law, we will notify affected individuals of such a disclosure or transfer.
6. Data hosting, location and cross‑border disclosure
6.1 Hosting and storage. All production data for the Platform, including Customer Data and Personal Information, is stored in Australia.
6.2 Third‑party processing. Some third‑party service providers engaged by DexIQ to support the Platform and Services may operate outside Australia. Where we disclose Personal Information to an overseas recipient, we will take reasonable steps to ensure the recipient will handle the information in a manner consistent with the APPs (for example, by entering into appropriate contractual arrangements) or otherwise as permitted by the Privacy Act.
6.3 Disclosures required by law. We may disclose Personal Information to law enforcement, regulators or courts where required or authorised by law.
7. De‑identified and aggregated information
We may de‑identify Personal Information and create aggregated datasets and statistics for purposes including service improvement, benchmarking, capacity planning and security. De‑identified information does not identify an individual. We may use and disclose de‑identified information, including to third parties, provided it is not re‑identified.
8. Direct marketing
We may send you marketing communications about the Services or related features and offerings, consistent with applicable law. You may opt out at any time by using the unsubscribe link in our emails or contacting us via the details below. We will respect your preferences.
9. Cookies and similar technologies
We use cookies, SDKs and similar technologies to operate the Platform, remember your settings, authenticate sessions, improve performance, and perform analytics. You may adjust your browser settings to refuse some cookies; however, this may affect Platform functionality.
10. Security
10.1 We implement reasonable technical and organisational measures designed to protect Personal Information, taking into account the nature of the information and the risks associated with processing. These measures are taken against unauthorised access, modification or disclosure, and against misuse, interference and loss. Measures include access controls, encryption in transit, role‑based permissions, logging and monitoring, and secure development and change practices. We also require personnel and contractors with access to Personal Information to be subject to confidentiality and data protection obligations.
10.2 No method of transmission or storage is completely secure. You remain responsible for maintaining the secrecy and security of your account credentials and any encryption keys under your control, and for implementing appropriate safeguards within your own systems and networks.
11. Data retention, deletion and export
11.1 We retain Personal Information for as long as reasonably necessary to provide the Services, fulfil the purposes described in this Privacy Policy, comply with our legal obligations, resolve disputes and enforce our agreements. We apply retention schedules to Customer Data and logs consistent with these purposes.
11.2 Upon request by a Customer or as provided in the End User TCs, we may assist with data extraction in a format we make available. We retain Personal Information in accordance with our contractual obligations and legal requirements.
Following termination of the relevant agreement, we will delete or de-identify Personal Information in line with those obligations and within a reasonable period, unless we are required by law to retain it for longer. Where we retain backups, deletion from backups occurs in the ordinary course of backup rotation. Additional extraction or deletion services may be available on request and may incur fees.
12. Access and correction
You may request access to, or correction of, your Personal Information that we hold by contacting us using the details below. We may need to verify your identity before responding. Where we refuse access or correction as permitted by law, we will provide reasons. We will respond within a reasonable period.
13. Notifiable Data Breaches
If we become aware of a Data Breach that is likely to result in serious harm, we will assess the incident promptly and, where required under the Notifiable Data Breaches scheme in the Privacy Act, notify affected individuals and the Office of the Australian Information Commissioner (OAIC). We will also take reasonable steps to contain, remediate and mitigate the effects of the incident.
14. Children
The Platform and Services are intended for use by business Users. We do not knowingly collect Personal Information from individuals under 18. If you believe a minor has provided Personal Information to us, please contact us so we can take appropriate steps.
15. Third‑party links and services
The Platform may contain links to third‑party websites or services. We are not responsible for the privacy or security practices of those third parties. You should review their privacy policies before providing Personal Information to them.
16. Legal bases for handling Personal Information
16.1 We handle Personal Information where reasonably necessary for our functions and activities, including:
(a) with your consent (including implied consent through your configuration and use of the Services);
(b) to perform a contract with you or your organisation, or to take steps at your request prior to entering a contract;
(c) to comply with legal obligations; and
(d) for our legitimate interests in operating, securing and improving the Platform and Services, provided such interests are not overridden by your rights and interests.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version on our website and, where appropriate, notify you via the Platform or by email. The updated policy will take effect on the date indicated. Your continued use of the Platform or Services after an update constitutes acceptance of the updated policy.
18. How to contact us
If you have questions, requests or complaints about this Privacy Policy or our handling of Personal Information, please contact:
Privacy Officer
Dexterous AI Pty Limited (trading as DexIQ)
Suite 2113, Level 32, 101 Miller Street North Sydney NSW 2060
Email: [insert privacy@dexiq.com.au or similar]
We take privacy complaints seriously. We will investigate your complaint and respond within a reasonable period. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (www.oaic.gov.au).
19. Definitions
19.1 For the purposes of this Privacy Policy:
Customer means the party identified in the relevant commercial terms that receives the benefit of the Services.
Customer Data means information and materials provided by a Customer or Users for processing in connection with the Services, which may include Personal Information.
Personal Information has the meaning given in the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.
Sensitive Information has the meaning given in the Privacy Act and includes, among other categories, information about health, biometric templates, membership of a professional or trade association, religious beliefs, sexual orientation and criminal record.
User or You means an end user of the Services as described in the End User TCs.
Your Data means any content or data that you upload, input or otherwise make available via the Platform, which may be or may include Personal Information.