Legal

Privacy Policy

Last updated: 3 February 2025

1. Introduction

Startoken Pty Ltd ("Startoken", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services, including:

  • Wag-Tail.io — AI agent platform
  • Wag-Tail AI Gateway — LLM routing and API gateway
  • www.startoken.com — Corporate website
  • Professional Services — Consulting and implementation engagements

By using our Services, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Services.

2. Information We Collect

Information You Provide

  • Account information: Name, email address, company name, and password when you register
  • Contact form submissions: Name, email, company, and message content when you contact us
  • Payment information: Billing details processed through our third-party payment provider (we do not store full card numbers)
  • Content and data: Documents, files, and text you upload to knowledge bases or process through our AI agents
  • Communications: Messages you send through chat interfaces, support requests, and feedback

Information Collected Automatically

  • Usage data: Pages visited, features used, session duration, and interaction patterns
  • Device information: Browser type, operating system, device type, and screen resolution
  • Log data: IP address, access times, referring URLs, and error logs
  • Performance data: API response times, token usage, and system metrics

AI Processing Data

  • Conversation data: Messages exchanged with AI agents for the purpose of generating responses
  • Embedding data: Vector representations generated from your uploaded content for search and retrieval
  • Model interactions: Prompts and responses when using LLM features (subject to the data handling policies of third-party LLM providers where applicable)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing, maintaining, and improving our Services
  • Processing AI queries and generating responses through our platform
  • Managing your account and providing customer support
  • Sending transactional communications (account notifications, security alerts, service updates)
  • Sending marketing communications (only with your consent; you may opt out at any time)
  • Monitoring usage patterns to improve performance and prevent abuse
  • Enforcing our Terms of Service and complying with legal obligations

4. Information Sharing

We do not sell your personal information. We may share your information with the following categories of third parties:

  • LLM providers: When you use AI features, your prompts may be sent to third-party model providers (e.g., OpenAI, Anthropic, Google, Mistral) according to your configuration. For on-premise deployments, data stays within your infrastructure.
  • Cloud infrastructure: We use cloud hosting providers to operate our Services. Data is stored in secure, access-controlled environments.
  • Payment processors: Payment information is handled by PCI-compliant third-party processors.
  • Analytics providers: We use analytics tools to understand usage patterns and improve our Services. Data is aggregated and anonymized where possible.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or government request.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls: Role-based access with multi-factor authentication for internal systems
  • Infrastructure: Isolated tenant environments with network-level security controls
  • Monitoring: Continuous security monitoring, vulnerability scanning, and incident response procedures
  • PII redaction: Optional automatic redaction of personally identifiable information in AI conversations

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Account data: Retained for the duration of your account plus 30 days after termination
  • Conversation data: Retained according to your configured retention policies (default: 90 days for hosted services)
  • Knowledge base content: Retained until you delete it or your account is terminated
  • Usage logs: Retained for up to 12 months for operational and security purposes
  • Contact form submissions: Retained for up to 24 months

For on-premise deployments, data retention is managed entirely within your infrastructure according to your own policies.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw previously given consent at any time

To exercise these rights, contact us at contact@startoken.com. We will respond within 30 days.

Australian Privacy Act

As an Australian company, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy rights.

GDPR (European Users)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing includes consent, contract performance, and legitimate interests.

CCPA (California Users)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

8. Cookies & Tracking

We use cookies and similar technologies on our websites:

  • Essential cookies: Required for the website to function properly (authentication, session management, security)
  • Analytics cookies: Help us understand how visitors interact with our website (can be declined)
  • Preference cookies: Remember your settings and preferences for a better experience

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Australia where Startoken is headquartered. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with all third-party providers
  • Encryption of data in transit and at rest

10. Children's Privacy

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

11. Third-Party Links

Our Services may contain links to third-party websites, plugins, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email notification. Your continued use of the Services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: