Privacy Policy
Last updated: June 2026
1. Who we are
The Australian Enterprise AI Index (AEAI) is operated by CorporateAI.com.au. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. What we collect
We collect only what is necessary to deliver the quarterly report by email:
- Email address — required. Used to send the quarterly AEAI report and transactional notices about the service.
- First name — optional. Used to personalise the email greeting.
- Subscription source — which page or tool you used to subscribe. Used for internal analytics only.
- Usage data — standard web server logs (IP address, browser type, pages visited, timestamps). Collected automatically; not linked to your identity.
We do not collect payment information, government identifiers, health information, or sensitive information as defined by the APPs.
3. How we use your information
- Send you the quarterly AEAI report and related research updates.
- Send transactional emails (e.g. subscription confirmation, this privacy notice).
- Improve the website and research through aggregated, de-identified analytics.
We do not use your information for targeted advertising, nor do we sell or rent your personal information to any third party.
4. Who we share data with
We engage the following service providers who process data on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Subscriber database storage | AWS ap-southeast-2 (Sydney) |
| Resend | Transactional email delivery | USA |
| Vercel | Web hosting and CDN | Global edge (data processed in USA) |
| PostHog | Anonymous usage analytics | EU / USA |
When personal data is transferred overseas, we take reasonable steps to ensure the recipient applies privacy protections comparable to the APPs (APP 8.1).
5. Email marketing
We send marketing communications only to subscribers who have opted in at corporateai.com.au. Each email contains an unsubscribe link. You may also unsubscribe at any time by replying to any AEAI email with the word "unsubscribe." We will honour your request within 5 business days in compliance with the Spam Act 2003 (Cth).
6. Data retention
Subscriber records are retained while you remain subscribed. Upon unsubscribing, your email address is marked inactive. You may request deletion at any time (see section 8). Web server logs are retained for up to 90 days.
7. Security
We store subscriber data in an encrypted database on Australian servers. Access is restricted to authorised personnel via role-based access controls. We use HTTPS for all data transmission. No system is impenetrable; if a data breach occurs that is likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.
8. Your rights
Under the Privacy Act 1988, you have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate information.
- Request deletion of your personal information.
- Complain about a breach of the APPs.
To exercise any of these rights, use the contact form on our About page, selecting “Other” as the enquiry type. We will respond within 30 days.
9. Complaints
If you believe we have not handled your personal information in accordance with the Privacy Act, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
10. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email to active subscribers. The "Last updated" date at the top of this page will always reflect the current version.
11. Contact
For privacy or general enquiries, use the contact form on our About page.