Privacy Policy

Last updated: 21 May 2026

1. About this policy

This Privacy Policy explains how CrazyLing AI Agency Pty Ltd (ABN 20 667 840 860, “CrazyLing”, “we”, “us”, or “our”) collects, holds, uses, and discloses personal information in connection with the CrazyLing Continuum platform, our websites, APIs, agent runtimes, and related services (together, the “Service”).

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we process personal information of individuals in other jurisdictions, we also seek to comply with applicable local laws, including the EU and UK General Data Protection Regulations where they apply.

2. Who this policy applies to

• Customers and authorised users who hold an account with us and use the Service through an organisation workspace.
• Visitors to our marketing pages and public documentation.
• Third parties whose personal information is provided to us by a customer (for example, contact records imported through a connector).

For information that a customer organisation submits to the Service about its own end users, the customer is the data controller (or equivalent) and we act as a data processor on their behalf. Those individuals should contact the relevant customer organisation in the first instance.

3. Information we collect

3.1 Information you give us

• Account information — name, email address, password (hashed), organisation name, role, and profile preferences.
• Billing information — billing contact, address, tax identifiers, and payment metadata. Card details are handled by our payment processor and are not stored on our servers.
• Customer content — skills, workflows, deliverables, policies, agent memories, connector configurations, prompts, and any other content you or your users submit to the Service.
• Support and correspondence — messages, attachments, and metadata you share when you contact us.

3.2 Information we collect automatically

• Usage data — pages viewed, actions performed, feature usage, timestamps, and performance metrics.
• Device and log data — IP address, browser type, operating system, device identifiers, referrer URLs, and crash logs.
• Cookies and similar technologies— used for authentication, session continuity, security, and analytics. See “Cookies” below.

3.3 Information from third parties

When you connect a third-party service (for example, an MCP connector, identity provider, or webhook source), we receive information from that service in accordance with the permissions you grant. We also receive information from payment processors and fraud-prevention providers.

4. How we use personal information

We use personal information to:

• provide, operate, maintain, and improve the Service;
• authenticate users and secure accounts;
• process transactions and manage subscriptions;
• respond to support requests and communicate about the Service;
• monitor performance, diagnose faults, and prevent abuse;
• comply with legal obligations and enforce our Terms of Service; and
• with your consent or where otherwise permitted by law, send you product news and marketing communications. You may opt out at any time.

5. Disclosure of personal information

We disclose personal information to:

• Our service providers and sub-processors who help us deliver the Service, including hosting, database, container runtime, email delivery, analytics, payment processing, and AI model providers. These providers are bound by contractual obligations to handle personal information consistently with this policy.
• Authorised users within your organisation based on the role and permissions configured by your organisation administrators.
• Third-party services you choose to integrate with the Service via connectors, webhooks, or APIs.
• Acquirers in connection with a merger, acquisition, financing, or sale of business assets.
• Authorities where required by law, regulation, legal process, or to protect the rights, property, or safety of CrazyLing, our customers, or others.

We do not sell personal information, and we do not disclose personal information for third-party advertising purposes.

6. AI processing

The Service uses third-party large language model providers to execute agent workflows. Customer content submitted to a workflow may be transmitted to those providers solely for the purpose of generating a response and is processed under enterprise-grade terms that prohibit use of customer content to train the provider’s base models.

7. Cross-border disclosure

We are based in Australia. Some of our service providers store or process personal information overseas, including in the United States and the European Union. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs, except where an exception under APP 8.2 applies.

8. Data security

We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, and destruction. These include encryption in transit, encryption at rest for sensitive data, access controls, audit logging, and regular security reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If we become aware of an eligible data breach affecting your personal information, we will notify you and the Office of the Australian Information Commissioner (OAIC) where required by the Notifiable Data Breaches scheme.

9. Data retention

We retain personal information for as long as we need it to provide the Service, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.

Customer content is retained for the duration of your subscription and is deleted in accordance with the deletion timelines set out in our customer agreement or Data Processing Addendum.

10. Your rights

Subject to applicable law, you may request to:

• access the personal information we hold about you;
• correct information that is inaccurate, out of date, or incomplete;
• request deletion of personal information;
• object to or restrict certain processing; and
• withdraw consent where processing is based on consent.

To exercise these rights, contact us using the details below. We may need to verify your identity before acting on a request. If you are an end user of a customer organisation, we will generally direct your request to the relevant customer.

11. Cookies

We use strictly necessary cookies to keep you signed in and to protect the Service. We also use a small number of analytics cookies to understand how the Service is used and to improve it. You can control cookies through your browser settings, but disabling strictly necessary cookies may prevent the Service from functioning correctly.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page shows when it was most recently revised. Where the changes are material, we will provide additional notice, such as through the Service or by email.

14. Enterprise customers and Data Processing Addendum

Customers who require a signed Data Processing Addendum (DPA), Standard Contractual Clauses, sub-processor list, or other contractual privacy documentation may request these from privacy@crazyling.ai.

15. How to contact us and make a complaint

If you have a question, request, or complaint about this policy or our handling of personal information, please contact:

Privacy Officer
CrazyLing AI Agency Pty Ltd
Unit 2, 43 Township Drive, Burleigh Heads QLD 4220, Australia
Email: privacy@crazyling.ai

We will acknowledge your complaint within a reasonable time and respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.