Privacy Policy

1. Overview

Clever Iterations is an Australian software company headquartered in New South Wales. We operate a suite of products, including Stickerloom™, Vallopress™ and Threadclip™ (each a Product, together the Products), and make them available to users around the world.

This Privacy Policy (Policy) describes how we collect, use, disclose, store and otherwise handle personal information in connection with the Products, our websites (including cleveriterations.com and each Product-specific domain) (together, the Website), and the operation of our business.

We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles set out in that Act (the Australian Privacy Principles). Where applicable law in another jurisdiction imposes additional requirements, including the EU and UK General Data Protection Regulations (GDPR and UK GDPR) and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA), we will comply with those requirements in relation to personal information we hold about individuals located in those jurisdictions.

This Policy tells you what personal information we collect and how we collect it; how and why we use and share it; how long we keep it, and how we keep it secure; how we use automated tools and AI; the choices and rights you have in relation to your personal information; and how to contact us or make a complaint.

This Policy is intended to be read together with our Master Terms of Service and the Product Schedule for each Product you use. Defined terms used in this Policy have the meanings given to them in the Master Terms of Service unless defined differently here.

If you are located in the European Economic Area or the United Kingdom, our lawful bases for processing your personal information are described in clause 6. If you are located in the United States, the position under US privacy laws is described in clause 15.

2. Who This Policy Covers

This Policy applies to personal information we hold about:

• visitors to the Website;
• users of any Product, including individuals who create accounts and use free or paid tiers;
• customers who engage us under a separate commercial agreement or order form for a Product;
• prospective users and customers who enquire about the Products or sign up for updates;
• suppliers, contractors, and other people we deal with in the course of operating our business; and
• prospective and current personnel, including employees and contractors, of Clever Iterations.

It does not apply to personal information handled by third parties whose websites or services are linked to or integrated with our Products. Those third parties have their own privacy policies. We are not responsible for their privacy practices - see clause 19.

3. Personal Information We Collect

The kinds of personal information we collect depend on how you interact with us. We try to limit collection to what we reasonably need to provide the Products and run our business. The main categories are set out below.

Account and contact information. When you register for an Account or contact us, we collect information such as your name, email address, password (stored in hashed form - we never have access to your plaintext password), and, where relevant, your business name, role, country, and phone number.

Content and files you upload. When you use a Product, you may upload images, documents, email content, print files, layouts, or other materials (your Content). We process your Content to deliver the Product features you use. Content is stored in your private Account workspace and is not accessible to other users.

Your Content may include the personal information of other people (for example, a photograph of a friend uploaded to Stickerloom™, or an email containing a recipient's details sent through Threadclip™). Where this is the case, you are responsible for ensuring you have the rights and consents necessary to upload and process that information through the relevant Product.

Usage and device information. We collect information about how you use the Products and the Website, including log events, IP address, browser type and version, device and operating system information, time zone, pages viewed, features used, referral URL, and timestamps. We use this information to operate and improve the Products, prevent abuse, and support you.

Billing and payment information. We use third-party payment processors to handle payments. We do not store credit card or bank account details on our servers. We retain customer and subscription identifiers (for example, Stripe customer IDs), transaction amounts, invoice history, and billing addresses to the extent necessary to manage your Subscription, meet our tax and accounting obligations, and support you.

Communications. If you contact us by email, in-app message, a contact form, or through our social media accounts, we collect the contents of your communication and any information you choose to provide.

Sensitive information. We do not require you to provide sensitive information (as defined in the Privacy Act) to use the Products, and we do not systematically collect sensitive information.

Your Content may incidentally contain sensitive information - for example, an image you upload to Stickerloom™, a print file you upload to Vallopress™, or an email message you process through Threadclip™ may contain such information. Where that is the case, we handle it in accordance with this Policy and applicable law. We do not use sensitive information for marketing, targeted advertising, or to train or improve our AI or machine learning models.

Cookies and similar technologies. We use cookies, local storage, and similar technologies to operate the Website and Products and (with your consent where required) to help us understand how they are used. See clause 10.

4. How We Collect Personal Information

We collect personal information in the following ways:

• directly from you when you create an Account, sign in, use a Product, or contact us;
• from your use of the Products and the Website, including through cookies and log files;
• from third-party authentication providers, where you choose to sign in using services such as Google or Microsoft;
• from payment and billing providers who process your Subscription payments;
• from publicly available sources and business databases, in the ordinary course of business development and recruitment;
• from your employer or organisation, where you access a Product under their account or agreement with us; and
• from other users of the Products, where they send you a communication through a Product, for example a clipped email sent to you through Threadclip™.

Where practical, we collect personal information directly from you. If we collect it from another source, we take reasonable steps to notify you at or around the time of collection, unless you would reasonably expect us to have collected it that way.

5. How We Use Your Personal Information

We use your personal information for the purposes we collected it, and for related purposes that you would reasonably expect. These include:

• Providing the Products - delivering the features you request, managing your Account, processing Content you upload, generating export files, and supporting integrations.
• Billing and payments - processing Subscription payments, managing renewals and cancellations, issuing invoices, and maintaining billing records.
• Authentication and security - verifying your identity, maintaining account security, preventing and investigating abuse, enforcing usage limits, and protecting the integrity of the Products and our infrastructure.
• Support and communication - responding to your questions, sending service messages such as password resets, billing notices, and security alerts, and notifying you of changes to the Products or to this Policy.
• Improving the Products - analysing usage patterns, in aggregated or de-identified form where practicable, to improve reliability, performance, and user experience.
• Legal and compliance - meeting our legal, regulatory, tax, and accounting obligations, responding to lawful requests from authorities, and establishing, exercising, or defending legal claims.
• Marketing - sending you communications about the Products or related services where you have consented or where permitted by law. See clause 11.

We will not use your personal information for a purpose materially different from the purposes described above without telling you first and, where required by law, obtaining your consent.

6. Our Lawful Bases For Processing

Where the GDPR or UK GDPR applies to our processing of your personal information, we rely on the following lawful bases:

• Performance of a contract - to provide the Products and related services, manage your Account, and fulfil our obligations to you under the Master Terms of Service and applicable Product Schedule.
• Legitimate interests - to operate, secure, and improve our business, including preventing fraud and abuse, maintaining Product quality, managing relationships with suppliers and contractors, and pursuing business development. We balance our interests against your privacy rights and do not rely on legitimate interests where those rights override our interests.
• Legal obligation - where we are required by law to process personal information, for example for tax, accounting, or regulatory reporting.
• Consent - where we rely on your consent, for example for certain marketing communications or non-essential cookies. You may withdraw your consent at any time - see clause 15.
• Vital interests or public interest - in rare circumstances, where processing is necessary to protect someone's life or in the public interest.

For Australian users, we handle personal information in accordance with the Privacy Act and the Australian Privacy Principles. The concept of a lawful basis is not used in the same way under the Privacy Act, but equivalent principles apply - we collect and use personal information only for purposes that are reasonably necessary for our functions and activities, and we obtain consent where required.

7. Who We Share Your Personal Information With

We do not sell or trade personal information. We are not a data broker.

We share personal information with the following categories of recipients:

• Payment processing - Stripe.
• Cloud hosting, storage, and infrastructure - Akamai Connected Cloud / Linode, with primary application hosting and database storage in Sydney, New South Wales.
• Email delivery - SMTP2GO-compatible SMTP for Stickerloom™ and Vallopress™ product email; Nodemailer with SMTP2GO-compatible defaults for Threadclip™ in-app transactional email.
• AI and machine learning infrastructure - our Vectrari™ models run on our own and contracted infrastructure; we do not send user Content to public AI training platforms.
• Analytics - Google Analytics on an opt-in basis for Stickerloom™.
• Product platforms - Google Workspace / Gmail APIs and Microsoft Graph / Outlook add-in ecosystem for Threadclip™ only - see clause 17.
• Template and content partners - Avery for Avery-branded templates available within Stickerloom™. Where you use a partner's template or content, additional terms supplied by that partner may apply.
• Customer support tools, accounting, and business administration software - used to manage our relationship with you.

Service providers and sub-processors process personal information on our behalf and under contractual obligations to handle it securely and use it only for the purposes we authorise.

We share personal information with our accountants, lawyers, and insurers where necessary, on a need-to-know basis and under professional confidentiality obligations.

We may disclose personal information where we are required or permitted by law to do so - for example, in response to a valid court order, subpoena, or regulatory request, or where we reasonably believe disclosure is necessary to prevent harm, investigate suspected fraud, or protect the rights, property, or safety of others.

If we are involved in a merger, acquisition, sale of assets, reorganisation, or insolvency, personal information may be disclosed or transferred to the counterparty, subject to confidentiality protections. If that occurs, we will notify you in accordance with applicable law.

We may share personal information with other parties where you ask us to, or with your prior consent.

8. Sending Personal Information Overseas

We are based in Australia, but the Products are used globally. As a result, personal information we hold is likely to be accessed, processed, and stored outside Australia. The main destinations are:

• Australia, where our primary cloud infrastructure is hosted in Sydney, New South Wales;
• the United States, where some of our service providers, including Stripe, Google, and Microsoft, are headquartered and operate infrastructure; and
• other jurisdictions, where our service providers operate global infrastructure.

Before disclosing personal information overseas, we take reasonable steps to ensure that the recipient handles it in a manner consistent with the Australian Privacy Principles and, where applicable, the GDPR and UK GDPR. These steps include contractual data protection terms and, for transfers from the EU or UK, appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent.

Where the service providers we use operate globally, we may not always be able to specify in advance every country from which your personal information is accessed. We will update this Policy if our primary data handling locations change materially.

9. How We Use Automated Tools And AI

AI and machine learning tools are used in several of the Products to deliver features. The applicable AI functionality for each Product is described in the relevant Product Schedule and, for Threadclip™, in clause 17 of this Policy.

Our Vectrari™ technology suite includes four models:

• Vectrari™ Vision - content-region analysis and layout automation.
• Vectrari™ Face - face detection (bounding-box location and confidence-score output) to assist with layout, framing, and preflight workflows. Vectrari™ Face does not generate biometric identifiers, face templates, face embeddings, face vectors, face-recognition outputs, or identifiers capable of uniquely identifying a natural person. It is used for detection only.
• Vectrari™ Text - text detection and analysis to assist with preflight and file-processing workflows.
• Vectrari™ Vector - vectorisation and vector-conversion workflow support.

Vectrari™ models are embedded in particular Product features. They are not offered as standalone commercial products.

The Vectrari™ tools may analyse uploaded artwork, images, documents, or email-related metadata to identify content regions, faces, text regions, resolution, colour profile, print-safety signals, attachment-recovery candidates, and similar product-relevant signals. These signals are used to provide user-facing or operator-facing recommendations, such as layout and framing suggestions, preflight warnings, DPI, bleed, and safe-margin checks, colour conversion, vectorisation, file review, attachment-recovery suggestions, and workflow prompts.

We do not use your Content to train, fine-tune, or improve our Vectrari™ models or any other internal AI or machine learning models, except as expressly stated in the applicable Product Schedule or as separately agreed with you in writing. Any such use requires separate written disclosure and either your consent or an appropriate customer agreement.

We do not share your Content with third-party AI providers, including OpenAI, Anthropic, Google Gemini, Microsoft Azure AI, or AWS AI services, for the purpose of training or improving their models. Where a Product uses a third-party model to deliver a feature, we will tell you in the Product Schedule or in the Product-specific clause of this Policy.

AI-generated and AI-assisted outputs are tools to assist you. They are not guaranteed to be accurate, complete, or fit for any particular purpose. You are responsible for reviewing and verifying outputs before relying on them. Where we use AI in our own business operations, for example to assist with customer support, we apply human review before using AI-generated content in communications with you.

We do not use personal information to make automated decisions that produce legal effects concerning you or similarly significantly affect you. The Products' AI, ranking, and preflight features are assistive workflow tools that require human review or action. Stickerloom™ generates framing and layout suggestions you can manually adjust or override. Vallopress™ preflight produces warnings, errors, and recommendations that the operator must review, apply, adjust, or acknowledge before a job proceeds; it is a production quality-control workflow, not an automated legal, eligibility, or account decision. Threadclip™ ranks attachment suggestions, but you choose recipients, attachments, and whether to send or export.

10. Cookies And Analytics

We use cookies, local storage, and similar technologies to operate the Website and the Products. These technologies fall into the following categories:

• Essential cookies - required for the Website and Products to function, including for authentication, session management, security, and billing. You cannot opt out of these cookies; if you block them, parts of the Products may not work.
• Analytics cookies - help us understand how you use the Products so we can improve them. These are used only where you opt in or, in some jurisdictions, where we have another lawful basis. We currently use Google Analytics on Stickerloom™.
• Marketing and targeted-advertising cookies - we do not currently deploy advertising pixels, retargeting tags, or third-party tracking technologies for marketing purposes on the Website or within the Products. If we add such technologies in future, we will update this Policy and, where required by law, obtain your consent.

You can control cookies through your browser settings. You can also opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

11. Direct Marketing

We may send you marketing communications about the Products and related services where you have consented or where we are permitted to do so by law. Marketing communications will identify us as the sender and include a simple, free-of-charge way to opt out, for example an unsubscribe link. You may also opt out at any time by contacting us using the details in clause 22.

If you opt out of marketing communications, we may still send you service messages, such as account notices, billing messages, or changes to this Policy, that are necessary to provide the Products to you.

12. How Long We Keep Your Personal Information

We keep personal information for as long as we reasonably need it to provide the Products, support you, resolve disputes, prevent abuse and fraud, maintain security, comply with our accounting and legal obligations, and meet our contractual requirements. Where we are required by law to retain personal information for longer than this, for example in connection with a legal claim or regulatory investigation, we will do so only for as long as necessary to comply with that requirement.

The main suite-wide retention periods we apply are:

• Billing and payment records - retained for 7 years from the end of the financial year to which they relate, reflecting Australian tax and accounting record-keeping requirements.
• Fraud, abuse, and security logs - retained for up to 12 months after the relevant event.
• Marketing and product-update records - retained for up to 24 months from your last interaction with us, unless you opt out earlier.
• De-identified or aggregated data - retained indefinitely, as it no longer contains personal information.

Account data, Content, and Product-specific operational records are retained while your Account is active. Specific deactivation, deletion, and recovery practices for Threadclip™, including the records retained on Account deletion, are set out in clause 17. Temporary processing files and short-lived artefacts may be deleted on shorter operational schedules.

Where Vallopress™ or another Product is provided to you under a separate enterprise, on-premises, or custom commercial agreement, the retention and deletion terms of that agreement apply to the extent of any inconsistency with this clause.

13. How We Keep Your Personal Information Secure

We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include:

• encryption of personal information in transit and, where reasonably practicable, at rest;
• access controls that limit access to personal information to people who need it to perform their role;
• password hashing - we store user passwords in hashed form and do not have access to your plaintext password;
• multi-factor authentication for administrative access to our systems;
• regular security reviews and monitoring for unusual activity; and
• staff training on privacy and security responsibilities.

No system is completely secure. Despite our best efforts, we cannot guarantee that personal information will never be accessed, disclosed, altered, or destroyed in breach of our safeguards. If you suspect any misuse, loss, or unauthorised access to your personal information, please contact us immediately.

14. Data Breach Response

We have processes in place to identify, assess, and respond to suspected and actual data breaches. If a breach occurs that is likely to result in serious harm to individuals whose personal information is affected, we will:

• contain the breach and assess its scope and impact;
• notify affected individuals, the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme, and, where applicable, the relevant EU or UK supervisory authority, as soon as practicable after we become aware of the breach and, in the case of supervisory authority notification under the GDPR or UK GDPR, within 72 hours where feasible; and
• take reasonable steps to prevent similar breaches in future.

15. Your Privacy Rights

The rights you have in relation to your personal information depend on where you are located. The main rights are summarised below. To exercise any of these rights, contact us using the details in clause 22. We will respond within the time limits required by applicable law - generally within 30 days, and within shorter or longer periods where applicable law specifies, for example 45 days under the CCPA with one available 45-day extension, or one month under the GDPR and UK GDPR, extendable by up to two further months for complex requests.

We may ask you to verify your identity before acting on a request. We will not discriminate against you for exercising your rights. We do not charge a fee for reasonable requests.

If you are in Australia. Under the Privacy Act and Australian Privacy Principles, you have the right to request access to the personal information we hold about you; request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading; opt out of direct marketing communications at any time; and complain to us or to the OAIC about the way we have handled your personal information.

If you are in the European Economic Area or the United Kingdom. Under the GDPR or UK GDPR, you have rights to request access, correction, erasure, restriction of processing, objection, data portability, withdrawal of consent, and to lodge a complaint with a supervisory authority.

If you are in California. The CCPA applies to businesses that meet specific revenue and processing thresholds. We are currently below those thresholds, and the CCPA does not apply to us. The earlier clauses of this Policy describe the categories of personal information we collect, the sources we collect it from, the purposes for which we use it, and the categories of third parties with whom we share it. We have not sold personal information, and we have not shared it for cross-context behavioural advertising. If our circumstances change such that the CCPA becomes applicable to us, we will update this Policy and provide the rights and procedures required by the CCPA at that time.

If you are in another US state with a comprehensive privacy law. A number of US states have enacted comprehensive privacy laws. These laws generally apply only above particular processing or revenue thresholds. We are currently below those thresholds, and these laws do not apply to us. If a particular state law becomes applicable to us, we will update this Policy and provide the rights and procedures required by that law at that time.

Other jurisdictions. If you are located outside Australia, the EU, the UK, or the US, you may have additional rights under local privacy laws. Contact us and we will assist with any reasonable request consistent with applicable law.

16. Children And Minors

The Products are intended for users who are at least 13 years old. If you are under 18, you must have your parent's or legal guardian's consent to use the Products. Where applicable law in your jurisdiction sets a higher minimum age for children's digital services, you must meet that age or have verifiable parental consent.

We do not knowingly collect personal information from children under 13 in jurisdictions where 13 is the applicable floor, or under the age set by applicable law, including under the EU or UK GDPR, or the US Children's Online Privacy Protection Act. If we become aware that we have collected personal information from a child without the required parental consent, we will delete it. If you believe a child has provided personal information to us without consent, please contact us at privacy@cleveriterations.com.

Australia's Children's Online Privacy Code is being developed under the Privacy Act and is expected to be registered by 10 December 2026. Once the Code is registered, we will update this Policy and our practices to the extent required.

17. Product-Specific Information

This clause supplements the earlier clauses of this Policy with information specific to Threadclip™.

Threadclip™. Threadclip™ is an email workflow product that allows you to clip a single message out of an email thread, preserve relevant attachments and context, and send or export a clean standalone forward. Threadclip™ is offered as a web account portal together with Gmail and Outlook add-in flows. Marketplace distribution through the Google Workspace Marketplace and Microsoft AppSource is subject to the applicable platform approval processes.

Google Limited Use compliance. Threadclip™'s use of information received from Google Workspace APIs, including Gmail, will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Threadclip™ does not use Google Workspace API data to train generalised AI or machine learning models, does not transfer it to third parties for model training, and does not use it for advertising.

The main privacy-relevant aspects of Threadclip™ are:

• Mailbox access via OAuth - to use Threadclip™, you connect your email account using OAuth or an equivalent authorisation mechanism provided by Google or Microsoft. You can revoke that authorisation at any time through your Google or Microsoft account settings, or in the Threadclip™ settings.
• Processing vs storage - Threadclip™ is designed to process message content and attachments only to the extent needed to complete the clip, send, or export operation you request. Threadclip™ is not a general archive or long-term store of raw message bodies or attachment binaries. The records we retain on a persistent basis are primarily account data, provider-authentication records, clip metadata and history, recipient history, workspace and organisation records, billing and customer identifiers, operational logs, and attachment-recovery telemetry.
• AI-assisted attachment recovery - Threadclip™ uses narrow ranking and scoring logic to suggest attachments and related message material when you clip an email. Raw message bodies and attachment binaries are not used to train, fine-tune, or improve any proprietary, generalised, or third-party AI or machine learning model. We do, however, use attachment-recovery telemetry and feedback labels, including candidate metadata, scoring features, and selected and not-selected outcomes, to evaluate and improve the Threadclip™ attachment-recovery ranking feature. This use is subject to applicable platform requirements, including the Limited Use requirements of the Google API Services User Data Policy for Gmail API data.
• Human access to mailbox content - Clever Iterations personnel are not permitted to read the content of your messages or attachments, except: (a) with your specific consent, for example where you ask us for support; (b) for security investigations; (c) to comply with applicable law; or (d) where the data has been aggregated and anonymised and is used for internal operations in accordance with applicable platform policies.
• Recipient data - when you use Threadclip™ to send a clipped email, recipient email addresses are recorded as service-delivery data to enable delivery, support, recent-recipient suggestions, and your clip history. Recipient data is not marketing data and is not shared with third parties for marketing.
• Disconnection and deletion - you can disconnect Gmail or Microsoft access at any time. On account deletion, Threadclip™ disconnects provider access immediately, invalidates active sessions, deactivates the account, and schedules permanent deletion of user-linked Threadclip™ records after the deletion window, which currently defaults to 30 days. Deletion remains subject to the limited retention we need for legal, billing, tax and accounting, security, abuse prevention, dispute, backup, and contractual purposes. Shared workspace or organisation records may need ownership transfer or organisation-admin handling before deletion can complete.
• Organisation-wide attachment continuity - where Threadclip™ offers organisation-wide attachment continuity (an enterprise feature), that feature has its own access and retention controls and may be governed by a separate enterprise agreement.
• Platform dependencies - Threadclip™ depends on the continued availability of the Gmail APIs, the Google Workspace Marketplace, Microsoft Graph, the Outlook add-in ecosystem, and related third-party platforms. Your use of the Gmail add-on is subject to Google's terms and the Google API Services User Data Policy. Your use of the Outlook add-in is subject to Microsoft's AppSource terms and the Microsoft API Terms of Use.
• Not a substitute for your email system - Threadclip™ is not designed as a long-term archive, records-retention solution, or backup of your mailbox. You remain responsible for retaining original messages and attachments in your connected mailbox or your own systems of record.

18. Changes To Our Products

We may launch new Products or materially change existing Products from time to time. Where a new Product or feature involves a meaningful change to how personal information is collected, used, or shared, we will update this Policy and, where required by law, notify you and obtain your consent.

19. Third-Party Websites And Integrations

The Website and the Products may contain links to or integrations with third-party websites and services, for example Google Workspace and Microsoft 365 for Threadclip™, Stripe's checkout pages for Subscriptions, and social media sites where we maintain a presence. This Policy does not apply to those third parties. They have their own privacy policies and terms. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party service before you use it.

20. Business Transfers

If Clever Iterations is involved in a merger, acquisition, sale of all or a portion of its assets, reorganisation, or insolvency, personal information we hold may be transferred to the counterparty as part of that transaction, subject to confidentiality protections and applicable law. We will notify you if a transfer materially changes the way your personal information is handled.

21. Changes To This Policy

We may update this Policy from time to time. If we make a material change, we will notify you by email, through the Products, or by another reasonable means, at least 30 days before the change takes effect, unless a shorter notice period is required or permitted by law.

If you do not accept a material change, you may close your Account or stop using the Products before the change takes effect. Continued use of the Products after the change takes effect means you accept the updated Policy.

The Last updated date at the top of this Policy tells you when it was last revised. We encourage you to review it periodically.

22. How To Contact Us

If you have any questions or concerns about this Policy, want to exercise any of your rights, or wish to make a complaint, please contact us at:

• Email: privacy@cleveriterations.com (Attention: The Privacy Officer); or
• Post: Suite 74, Ground Floor, 135-153 New South Head Road, Edgecliff NSW 2027 (Attention: The Privacy Officer).

We aim to acknowledge requests and complaints within 5 business days and to provide a substantive response within 30 days, subject to any longer or shorter timeframe required by applicable law.

If you are not satisfied with our response, you may contact:

• the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au;
• the supervisory authority in your EU Member State - a list is available at https://edpb.europa.eu/about-edpb/board/members_en;
• the UK Information Commissioner's Office (ICO) at https://ico.org.uk; or
• the privacy regulator in your jurisdiction, for US residents, typically your State Attorney General.

The OAIC, ICO, and EU supervisory authorities generally prefer that you raise your concern with us first to give us an opportunity to resolve it.

23. Definitions

In this Policy, capitalised terms have the meanings given to them on first use. The following additional definitions apply:

• AI means a machine-based system that, for explicit or implicit objectives, infers from the input it receives how to generate outputs (such as text, images, content, recommendations, or decisions) that can influence physical or virtual environments.
• AI Systems means software, platforms, or tools using artificial intelligence, including generative AI, image generators, transcription tools, and data-analysis assistants, whether operated by us or by a third party.
• AI Generated Outputs means material, content, or information created wholly or partly by us using an AI System.
• Australian Privacy Principles means the Australian Privacy Principles set out in Schedule 1 of the Privacy Act.
• Data Training means the process of using data, including text, images, or other content, to train, refine, or improve an AI System's performance.
• GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation).
• Human Review means review, editing, and approval by a qualified person of AI Generated Outputs before they are used, published, or provided to any person.
• Personal information has the meaning given in the Privacy Act, and includes equivalent concepts such as personal data under the GDPR and UK GDPR and personal information under the CCPA.
• Product Schedule means a Product Schedule to our Master Terms of Service that sets out terms specific to a particular Product.
• UK GDPR means the United Kingdom General Data Protection Regulation as incorporated into UK law by the Data Protection Act 2018 (UK).
• Vectrari™, Vectrari™ Vision, Vectrari™ Face, Vectrari™ Text, and Vectrari™ Vector refer to the AI model suite operated by Clever Iterations and described in clause 9.