Privacy Policy

Valstra.ai Pty Ltd is an Australian AI consulting firm. When we say "Valstra," "we," or "us," we are referring to Valstra.ai Pty Ltd and our associated software entities. We are the "APP Entity" responsible for your personal data.

We collect personal information only where it is reasonably necessary for our business operations.

A. Contact Form ("Request Access")

What's Collected: Name and email (required); company, phone, role, and notes (optional).

Technical Flow: Data is submitted via our website and handled by our data processor, Netlify. We do not use external CRMs or third-party email marketing services for this data.

B. AI Readiness Assessment

Privacy by Design: This tool is strictly client-side.

Processing: All calculations for maturity scores and business priorities are performed locally in your browser.

Non-Transmission: Your responses (including the optional name/email in Step 5) are held in volatile browser memory only. They are not transmitted to our servers or any third parties and are permanently cleared when you refresh the page.

C. Compliance & Verification (AML/CTF)

To meet anti-money laundering and counter-terrorism laws (such as Australia's AML/CTF Act 2006 and Singapore's CDSA), we verify IDs and background checks for consulting engagements. While we may verify government-issued IDs, we do not adopt them as internal Valstra account numbers.

Because we utilize global cloud infrastructure to host our services, your data will be transferred outside of Australia.

A. Jurisdiction & Storage

Our website and contact forms are powered by Netlify. According to Netlify's privacy policy:

• Storage Location: Your personal data is collected, transferred to, and stored by Netlify and its affiliates outside of your country of residence, primarily in the United States.
• Global Processing: Data may be processed in jurisdictions that do not have the same level of data protection as your home country (such as the GDPR or the Australian Privacy Act).

B. Safeguards for Cross-Border Transfers

When we or our processors (like Netlify) engage in cross-border transfers, we rely on established legal mechanisms to ensure your protections "travel with your data":

• Standard Contractual Clauses (SCCs): We ensure our providers use approved contractual terms to protect data rights.
• Data Privacy Framework: For transfers to the United States, our providers adhere to the Data Privacy Framework principles.
• Regional Compliance: For specific regulatory activities (like AML/CTF checks), some data may be processed in Singapore.

C. AI Training Protection

Our primary data sub-processor, Netlify, is contractually prohibited from using your submitted "Customer Content" (the info in your contact forms) to train their own AI or machine learning models.

Zero Tracking Policy: We do not use Google Analytics, tracking pixels, cookies, or any third-party analytics SDKs.

Security: We use encryption and strict access controls to keep our systems fortified.

Retention: We keep your data only as long as required by law or for valid business reasons. Netlify holds contact form data until we manually delete it or as required by their retention policies.

You have the right to request access to your personal information or ask for corrections to inaccuracies.

Contact Us

To exercise your rights or lodge a complaint regarding a potential breach of the Australian Privacy Principles:

• Email: Raise your request at privacy@valstra.ai.
• Response: We will acknowledge your request within 48 hours and provide a full written response within 30 days.
• Escalation: If you remain unsatisfied, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.