Global Privacy & Data Processing Policy
Effective Date: October 2025
1. Introduction and Scope
This Global Privacy and Data Processing Policy ("Policy") explains how Comet Suite Pty Ltd (ABN: 45653284872) ("Comet Suite", "we", "us", or "our") collects, uses, stores, discloses, and protects personal information when you use our software, websites, and related services, including the White Label Suite platform.
We are committed to protecting your privacy and complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the European Union General Data Protection Regulation (GDPR), and other applicable international privacy laws.
2. Who We Are
Comet Suite Pty Ltd
ABN: 45653284872
Registered Address: Suite 2/11th floor, 555 Lonsdale Street, Melbourne, VIC 3000, Australia
Comet Suite provides business software solutions globally and processes data on behalf of its customers and for its own business purposes.
3. Our Role in Processing Your Data
Comet Suite acts in different capacities depending on the type of data:
Data Controller: When we collect information directly from you for our own purposes (such as your account details, billing information, and marketing preferences), we determine how and why your data is processed.
Data Processor: When our customers use our software to process their own customers' data, we process that data on their behalf according to their instructions. In this case, our customers are the Data Controllers.
4. Key Definitions
In this Policy, the following terms have the following meanings:
Account: Your personal information, payment information, and credentials used to access our services and systems.
Content: Any text, graphics, images, audio, video, software, data compilations, and any other information that appears on or forms part of our websites or services.
Cookie: A small text file placed on your device when you visit our websites, allowing us to identify returning visitors and analyze browsing patterns.
Data or Personal Information: All information that you submit to us or that we collect about you, including but not limited to account details, contact information, and usage data.
Services: All online facilities, tools, services, software, and information that we make available through our websites and platforms, now or in the future.
System: Any online communications infrastructure we provide, including web-based email, message boards, live chat, ticketing systems, and email links.
User or You: Any person who accesses or uses our websites or services.
Website: The website you are currently using and any sub-domains or related sites we operate.
5. What Data We Collect
We collect personal and business information necessary to provide our services, process transactions, and improve your experience. The information we collect may include:
5.1 Information You Provide to Us
Name and contact details (email address, phone number, postal address)
Date of birth and gender
Job title, profession, and business information
Account login credentials (username and password)
Payment information (credit/debit card numbers, billing address)
Demographic information (post code, preferences, interests)
Communications you send to us (support requests, feedback, emails)
Any other information you choose to provide when using our services
5.2 Information We Collect Automatically
When you use our websites and services, we automatically collect certain technical information:
IP address and device identifiers
Browser type and version
Operating system
Pages visited, time spent on pages, and referring/exit pages
Activity logs and usage patterns within our software
Cookie data (see Section 9 for details)
Location data (based on IP address)
5.3 Information from Third Parties
We may receive data about you from:
Analytics providers (e.g., Google Analytics)
Advertising networks (e.g., Facebook)
Search information providers
Payment and delivery service providers
Data brokers or aggregators
Publicly available sources (e.g., business registries, social media profiles)
5.4 Sensitive Information
We do not intentionally collect sensitive information about you, including details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, genetic or biometric data, or information about criminal convictions and offences. If such information is inadvertently collected, it will be deleted immediately.
6. How We Use Your Data
We use your personal information for the following purposes:
Providing and maintaining our software services and platforms
Managing user accounts, authentication, and access control
Processing payments, transactions, and billing
Responding to support requests and customer inquiries
Sending service updates, security notifications, and administrative messages
Improving our products, services, and user experience
Analyzing usage patterns and conducting research and development
Protecting against fraud, security threats, and technical issues
Complying with legal obligations and enforcing our terms
Internal record keeping and business operations
Marketing our products and services (see Section 7 below)
Delivering relevant website content and advertisements
We do not sell or rent your personal information to third parties.
7. Marketing Communications
You will receive ongoing email communications from us, including product updates, informational emails, and marketing emails about our products and third-party products and recommendations. These emails are sent to support the legitimate interests of growing our business. Any products promoted in these emails may result in commissions to our company or individuals promoting them.
7.1 Legal Basis for Marketing (GDPR)
For EU and UK users, our lawful basis for processing your personal data to send marketing communications is either your consent or our legitimate interests (namely, to grow our business).
Under Privacy and Electronic Communications Regulations, we may send you marketing communications if:
You made a purchase or requested information from us about our goods or services, or
You agreed to receive marketing communications
In each case, you have not opted out since
7.2 Opting Out
You can opt out of receiving marketing messages at any time by:
Following the unsubscribe links in any marketing email we send you
Requesting deletion of your information through our support desk
Submitting a request at
Please note: Opting out of marketing communications does not affect service-related emails (such as account notifications, security alerts, or transactional messages).
7.3 Third-Party Marketing
Before we share your personal data with any third party for their own marketing purposes, we will obtain your express consent.
8. Legal Bases for Processing (GDPR & APPs)
Under the EU General Data Protection Regulation (GDPR) and Australian Privacy Principles (APPs), we process your personal information based on the following legal grounds:
Performance of a Contract: Processing is necessary to provide our services to you under our Terms of Service.
Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security, provided these interests do not override your rights and freedoms.
Legal Compliance: Processing is necessary to comply with legal obligations, such as tax laws, record-keeping requirements, and responding to lawful requests from authorities.
Consent: Processing is based on your explicit consent, which you may withdraw at any time.
Vital Interests: In rare cases, processing may be necessary to protect someone's life or physical safety.
9. Cookies and Tracking Technologies
Our websites use cookies, pixels, web beacons, and similar tracking technologies to enhance user experience, analyze traffic, and measure advertising effectiveness.
9.1 What Are Cookies?
A cookie is a small text file that resides on your device's storage and often contains an anonymous unique identifier. Cookies are accessible only by the website that placed them, not by other sites.
9.2 How We Use Cookies
We use cookies and similar technologies to:
Remember your preferences and settings
Authenticate your account and maintain your session
Analyze website traffic and user behavior
Measure the effectiveness of our marketing campaigns
Deliver relevant advertisements and content
Prevent fraud and enhance security
9.3 Third-Party Cookies and Analytics
We use the following third-party services that may place cookies on your device:
Google Analytics – For website traffic analysis
Facebook Pixel – For advertising measurement and targeting
Other approved third-party pixels for compliant data resolution
9.4 Managing Cookies
You can control and delete cookies through your browser settings. By default, most browsers accept cookies, but you can modify your settings to decline cookies or alert you when cookies are being sent. Please note that disabling cookies may limit your ability to use certain features of our websites and services.
For more information about managing cookies, consult your browser's help menu or visit www.allaboutcookies.org.
10. Data Storage, Retention, and Security
10.1 Where We Store Your Data
All customer data is hosted securely on Google Cloud Platform (Region: us-central1-a, USA). Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.
10.2 How Long We Keep Your Data
We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this Policy:
Account data is retained while your account is active
Customer data processed through our software is retained for 90 days after account cancellation, after which all data is permanently deleted from live systems and backups in accordance with Google Cloud's deletion and overwrite processes
Communications and support data may be retained for up to 6 years for legal, accounting, and business purposes
Transaction and billing records are retained as required by law (typically 7 years)
Marketing data is retained until you opt out or request deletion
10.3 Security Measures
Data security is of paramount importance to us. We have implemented appropriate physical, electronic, and managerial procedures to safeguard your personal information against unauthorized access, loss, misuse, alteration, or destruction:
Encryption of data at rest (AES-256) and in transit (TLS 1.2+)
Secure authentication and access controls
Regular security audits and vulnerability assessments
Employee training on data protection and confidentiality
Restricted access to personal data on a need-to-know basis
Incident response procedures for data breaches
Regular backups with secure storage
10.4 Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any applicable regulatory authority as required by law, typically within 72 hours of becoming aware of the breach.
11. How We Share Your Data
We do not sell or rent your personal information. We may share your data with third parties only in the following circumstances:
11.1 Service Providers and Sub-Processors
We engage trusted third-party service providers to support our business operations. These providers process data on our behalf and are contractually obligated to protect your information and use it only for the purposes we specify:
Google Cloud Platform – Hosting, data storage, and infrastructure
Intercom – Customer communication, chat, and ticketing
HighLevel – Client support and communication management
Stripe – Payment processing
PayPal – Payment processing
IT and system administration service providers
Analytics and advertising platforms (Google Analytics, Facebook)
11.2 Professional Advisers
We may share data with lawyers, accountants, auditors, insurers, and other professional advisers who assist us in running our business.
11.3 Legal Requirements and Business Transfers
We may disclose your personal information when required to:
Comply with legal obligations, court orders, or regulatory requirements
Enforce our Terms of Service or other agreements
Protect our rights, property, or safety, or those of our users or the public
Investigate and prevent fraud, security threats, or illegal activity
Respond to lawful requests from government bodies and law enforcement
11.4 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the successor entity. The new entity will be bound by the terms of this Policy. You will not be notified in advance of such transfers.
11.5 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
11.6 Data Transferred to Third Parties
When your data is sent to third-party platforms such as email marketing services, CRM systems, or payment processors, those platforms become responsible for protecting your data under their own privacy policies. We are no longer responsible for data once it has been transferred to these third parties, though we ensure all third parties maintain adequate data protection standards.
12. International Data Transfers
As a global business, we may transfer your personal information to countries outside Australia, the European Economic Area (EEA), or the United Kingdom. When we do so, we ensure appropriate safeguards are in place to protect your data:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission recognizing certain countries as providing adequate data protection
EU-US Data Privacy Framework participation (for US-based providers)
Binding Corporate Rules or other approved certification mechanisms
Your explicit consent for specific transfers
All sub-processors and service providers we use are contractually required to implement equivalent data protection measures and comply with GDPR, APPs, and other applicable privacy laws.
13. Your Rights and Choices
You have important rights regarding your personal information. The specific rights available to you depend on your location and applicable privacy laws.
13.1 Access to Your Data
You have the right to request access to your personal information and receive a copy of the data we hold about you. You can access and update much of your account information directly through your account settings. For additional information, submit a request to [email protected] or aixup.ai/support.
We will provide the requested information within 48 business hours of receiving your request. We may require identity verification before fulfilling your request and may charge a reasonable administrative fee if permitted by law.
13.2 Right to Correction
You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly through your account settings or by contacting us.
13.3 Right to Deletion (Right to Be Forgotten)
You have the right to request deletion of your personal information in certain circumstances. Upon receiving a written request through aixup.ai/support, we will permanently erase your data from our systems within 48 business hours of the request, subject to legal retention requirements.
Please note: We may be required to retain certain information for legal, tax, or regulatory purposes, even after you request deletion.
13.4 Right to Restrict Processing
You have the right to request that we restrict how we process your personal information in certain situations, such as while we verify the accuracy of your data or assess your objection to processing.
13.5 Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another service provider where technically feasible.
13.6 Right to Object
You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes. If you object to marketing, we will stop processing your data for that purpose immediately.
13.7 Right to Withdraw Consent
Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.
13.8 Right to Lodge a Complaint
If you believe we have not handled your personal information properly, you have the right to lodge a complaint with the relevant supervisory authority:
Australia: Office of the Australian Information Commissioner (OAIC) – www.oaic.gov.au
EU/EEA: Your local data protection authority
UK: Information Commissioner's Office (ICO) – www.ico.org.uk
13.9 Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. If this changes, we will update this Policy and provide appropriate information about the logic involved and the significance of such processing.
14. Children and Age Restrictions
Our services are not directed at children under the age of 16 (or under 18 in some jurisdictions). We do not knowingly collect personal information from minors. By accessing or using our services, you confirm that you are at least 18 years of age (or the age of majority in your jurisdiction).
If we discover that we have inadvertently collected personal information from a minor, we will delete that information immediately. If you believe we have collected information from a minor, please contact us at [email protected].
15. Data Processing Terms for Business Clients
When you use our software to process data about your customers, employees, or other individuals, you act as the Data Controller and we act as your Data Processor. The following terms apply:
15.1 Processing Instructions
We process customer data only to deliver the contracted services and only in accordance with your documented instructions. We will not process customer data for any other purpose without your prior written consent.
15.2 Security and Confidentiality
We implement technical and organizational measures consistent with industry standards to protect customer data. All personnel with access to customer data are bound by confidentiality obligations.
15.3 Sub-Processors
We may engage the sub-processors listed in Section 11.1 to assist in providing services. All sub-processors are bound by data protection obligations equivalent to those in this Policy. We will notify you of any changes to our list of sub-processors and provide you with an opportunity to object.
15.4 Data Subject Requests
We will assist you in responding to requests from individuals exercising their rights under GDPR, APPs, or other privacy laws, to the extent required and reasonably possible.
15.5 Data Retention and Deletion
Upon termination of services, customer data will be deleted within 90 days unless required by law or unless you request earlier deletion. You are responsible for exporting any data you wish to retain before termination.
15.6 Audit Rights
You may request documentation or security details to verify our compliance with data protection obligations. We will cooperate with reasonable audit requests, subject to confidentiality and business constraints.
15.7 Data Breach Notification
We will notify you without undue delay upon becoming aware of any data breach affecting customer data you control, providing sufficient information to enable you to meet your own breach notification obligations.
16. Third-Party Websites and Links
Our websites and services may contain links to third-party websites, plugins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy practices or content. When you leave our website, we encourage you to read the privacy notice of every website you visit.
17. Additional Rights for California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to know what personal information we collect, use, disclose, and sell
Right to request deletion of your personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your CCPA rights
To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request.
18. Refund Policy
We offer a 30-day no-questions-asked refund policy. If you are not satisfied with our services for any reason, you may request a full refund within 30 days of your purchase. To request a refund, contact our support team at or aixup.com/support.
Refunds will be processed using the original payment method within 5-10 business days of approval.
19. Support Response Times
We are committed to providing timely support to our customers. Our standard support response time is within one business day. For urgent technical issues, we strive to respond as quickly as possible.
20. Consent to Processing
By accessing our websites and using our services, you acknowledge that you have read and understood this Policy and consent to the collection, use, and disclosure of your personal information as described herein.
Where required by law, we will obtain your explicit consent before processing certain types of personal information or using your data for specific purposes. You may withdraw your consent at any time by contacting us.
21. Legal Compliance and Disclosures
We may process your personal data without your knowledge or consent where required or permitted by law, including to comply with legal obligations, court orders, and lawful requests from government authorities.
22. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will notify you by:
Posting the updated Policy on our websites with a new effective date
Sending an email notification to your registered email address
Displaying a prominent notice on our platform
The updated Policy will take effect immediately upon posting unless otherwise specified. Your continued use of our services after the effective date constitutes acceptance of the revised Policy.
We encourage you to review this Policy periodically to stay informed about how we protect your information. The most current version will always be available at https://aixup.com/privacy.
23. Contact Information and Data Protection Officer
If you have any questions, concerns, or requests regarding this Policy or our data practices, please contact us:
Comet Suite Pty Ltd
ABN: 45653284872
Postal Address: Suite 2/11th floor, 555 Lonsdale Street, Melbourne, VIC 3000, Australia
We will respond to all legitimate requests within one month (or as required by applicable law). In complex cases, we may extend this period by an additional two months and will inform you of the extension and reasons.
24. Related Documents
This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of our software and services. By using our services, you agree to both this Privacy Policy and our Terms of Service.
________________________________________________________________________________
Last Updated: October 2025
© 2025 Comet Suite Pty Ltd. All rights reserved