Privacy Policy

SUNDRIFT AI API CONSOLE | Last Updated: April 2026

1. Overview

This Privacy Policy explains how SUNDRIFT AI PTY LTD ("Sundrift AI", "we", "us") collects, uses, discloses, and protects information in connection with the Sundrift AI API Console (the "Console") and related services.

This policy applies to developers, businesses, and integrators ("API Users") accessing Sundrift's AI models and infrastructure.

We comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs).

2. Data Roles

2.1 Data Processor

For data submitted via API requests ("Payload Data"), Sundrift AI acts as a data processor, processing such data solely to generate responses in accordance with API User instructions.

2.2 Data Controller

Sundrift AI acts as a data controller for:

• Account registration details
• Authentication data
• Billing and subscription information
• API usage metadata and telemetry logs

3. AI Governance & Data Use

3.1 No Training by Default

Sundrift AI does not use Payload Data (input or output) to train or improve models by default. Any use of data for model improvement will require explicit, informed opt-in.

3.2 Transient Processing

Payload Data is processed in-memory and is not retained after response delivery, except where:

• Logging is enabled by the API User, or
• Required for security, debugging, or legal compliance

3.3 Data Isolation

Each API User's data is logically isolated. Data is not shared across API keys, accounts, or tenants.

4. Data Storage, Security & Sovereignty

4.1 Hosting Location

Primary infrastructure is hosted in Australian regions on Google Cloud Platform (e.g., Sydney/Melbourne), supporting data sovereignty requirements.

4.2 Encryption

• Data in transit: TLS 1.2+
• Data at rest: AES-256

4.3 Security Controls

We implement industry-standard technical and organisational safeguards, including access controls, monitoring, and audit logging.

5. Data Retention

• Account Data: Retained for the duration of the account and as required by law (e.g., tax obligations)
• Payload Data: Not stored unless explicitly enabled
• Logs/Telemetry: Retained for security, performance monitoring, and abuse detection for a limited period

6. Data Breach Notification

Sundrift AI maintains a response plan in accordance with the Notifiable Data Breaches (NDB) scheme.

Where a data breach is likely to result in serious harm:

• Affected users will be notified as soon as reasonably practicable
• Relevant regulators will be notified as required by law

7. API Key & Account Security

API Users are responsible for:

• Securing API keys and credentials
• Preventing unauthorized access

Sundrift AI is not liable for misuse arising from compromised credentials.

8. Google API Data (If Applicable)

If API Users connect Google services:

• Use complies with Google API Services User Data Policy (Limited Use)
• Google data is not used for model training
• Data is not shared beyond necessary service functionality

9. International Users & Data Transfers

If data is transferred outside Australia, Sundrift AI ensures appropriate safeguards consistent with applicable privacy laws, including GDPR where relevant.

10. Changes to this Policy

We may update this policy periodically. Continued use of the Console constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries, contact us at privacy@sundriftai.com.au

Operating Entity: SUNDRIFT AI PTY LTD
ACN: 696 242 896
Jurisdiction: Commonwealth of Australia