1. About this policy

Cyndr is operated by Anomalous Solutions Pty Ltd (ABN: 73 668 341 651). When we mention “Cyndr”, “we”, “us” or “our” in this privacy policy, we are referring to Anomalous Solutions Pty Ltd.

Cyndr is an AI-enabled data intelligence platform. We collect, process, analyse, and derive insights from data using artificial intelligence, machine learning, and advanced analytics. This policy explains how we handle the personal information we collect when you use our website, platform, and services, and tells you about your privacy rights and how the law protects you.

We are bound by the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs). This policy should be read alongside any applicable terms of service and data processing agreements.

Our website and platform may include links to third-party websites, plug-ins, and applications. We do not control these third-party services and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

Where we process personal information on behalf of our clients through the platform, the client’s own privacy policy governs their collection and use of that data. Our processing of client data is governed by our data processing agreements with those clients.

2. What data do we collect?

Personal information means any information about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not.

We may collect, use, store, and transfer the following kinds of personal data:

• Identity Data — name, username or similar identifier, organisation details, job title.
• Contact Data — email address, telephone number, business address, billing address.
• Financial and Transaction Data — payment details processed via PCI-compliant third-party payment processors, details of products and services you have purchased from us.
• Technical Data — IP address, login data, browser type and version, time zone setting, operating system and platform, device identifiers.
• Usage Data — information about how you use our website, platform, products, and services, including feature usage and session metadata.
• Communications Data — support tickets, emails, chat transcripts, and feedback you provide to us.

We may also collect, use, and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal information but is not considered personal information where it cannot directly or indirectly identify you. If we combine Aggregated Data with your personal information so that it can identify you, we treat the combined data as personal information.

We do not generally collect Sensitive Information (such as racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, or biometric data). If sensitive information is provided to us by clients for processing through the platform, we handle it in accordance with APP 3.3 and APP 3.4, and only with consent or as otherwise permitted by law.

3. How do we collect your data?

You directly provide us with most of the data we collect. We collect and process data when you:

• Register for an account or subscribe to our services.
• Use the Cyndr platform or visit our website.
• Contact us via email, web forms, or telephone.
• Complete a survey, provide feedback, or subscribe to our mailing list.
• Attend events, webinars, or meetings with us.

We may also receive your data indirectly from:

• Automated technologies — as you interact with our website and platform, we automatically collect Technical Data using cookies and similar technologies. See our cookie policy for details.
• Third parties and public sources — including registration lists from industry conferences and events, publicly available business directories, third-party analytics providers, and professional networking platforms.
• Our clients — who provide data for processing and analysis through the platform.

Where we receive personal information we did not solicit, we will determine whether it could have been lawfully collected. If not, we will destroy or de-identify it as soon as practicable.

4. How will we use your data?

We will only use your personal information when the law allows us to. Most commonly, we use your data:

To perform our contract with you

• Provide, maintain, and improve our platform and services.
• Process your orders and manage your account.
• Deliver data intelligence services and AI-generated insights as agreed.
• Manage payments, fees, and charges.

For our legitimate interests

• Communicate with you about our products, services, and platform changes.
• Administer and protect our business and platform, including troubleshooting, data analysis, system maintenance, and security.
• Use analytics to improve our website, platform, products, services, and customer experience.
• Develop and improve our AI models and analytical capabilities using aggregated or de-identified data.

To comply with legal obligations

• Meet regulatory, tax, accounting, or reporting requirements.
• Respond to lawful requests from enforcement bodies and regulators.
• Comply with the Notifiable Data Breaches scheme under the Privacy Act.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for a compatible purpose. If we need to use it for an unrelated purpose, we will notify you and explain the legal basis.

5. AI and automated processing

As an AI-enabled data intelligence platform, our services involve automated processing of data, which may include personal information provided by our clients. This processing may include:

• Predictive analytics and scoring (e.g., risk assessments, propensity models).
• Classification and segmentation of records based on data attributes.
• Anomaly detection and pattern recognition.
• Natural language processing of text data.

We follow an “augmented intelligence” approach — AI enhances and supports human decision-making rather than replacing it. Where automated decisions could significantly affect an individual’s rights or interests, we implement human oversight and review mechanisms.

The kinds of personal information used in our automated systems may include: contact details, demographic information, transactional and behavioural data, usage patterns, and any other data provided by clients for the purpose of analysis.

Where clients use our platform to make automated decisions affecting individuals, the client remains the responsible APP entity. We provide tools, model explainability reports, and data lineage documentation to support our clients’ transparency obligations.

We implement model governance frameworks to assess and mitigate bias, inaccuracy, and unfairness. Derived data that constitutes personal information is treated as such under this policy.

6. Marketing

We may use your Identity, Contact, Technical, and Usage Data to inform our view of what products, services, and offers may be relevant to you.

You will receive marketing communications from us if you have requested information from us or purchased services from us and have not opted out. We will obtain your express opt-in consent before sharing your personal data with any third party for marketing purposes.

You can ask us to stop sending marketing messages at any time by following the unsubscribe link in any message, adjusting your preferences, or contacting us directly. We will not use sensitive information for direct marketing without express consent.

We comply with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

7. Disclosures of your personal data

We may share your personal data with:

• Service providers — acting as processors who provide IT, cloud hosting, system administration, and payment processing services.
• Professional advisers — including lawyers, auditors, and insurers who provide consultancy, legal, insurance, and accounting services.
• Regulators and authorities — including the Australian Taxation Office and other authorities where reporting is required by law.
• Business transfers — if we sell, transfer, or merge parts of our business, the new owners may use your personal data as set out in this policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process it for specified purposes in accordance with our instructions.

We do not sell your personal information.

8. International transfers

Some of our service providers and infrastructure partners are located outside Australia. Your personal data may be transferred to recipients in the United States, the United Kingdom, the European Union, Singapore, and Japan.

Before disclosing personal information overseas, we take reasonable steps to ensure the recipient does not breach the APPs, unless an exception under APP 8 applies. We remain accountable for the handling of your personal information by overseas recipients, including where they engage sub-processors.

Where transfers involve data from the UK or EEA, we ensure appropriate safeguards are in place, including standard contractual clauses or transfers to countries with adequate levels of protection.

Please contact us if you want further information on the safeguards we use for international data transfers.

9. How do we store and secure your data?

We store your data on secure, access-controlled servers with encryption at rest and in transit. We limit access to your personal data to employees, agents, contractors, and third parties who have a business need to know, and they are subject to duties of confidentiality.

Our security measures include multi-factor authentication, intrusion detection, regular vulnerability scanning, penetration testing, and incident response planning.

We have procedures in place to deal with any suspected data breach and will notify you and the Office of the Australian Information Commissioner (OAIC) where we are legally required to do so under the Notifiable Data Breaches scheme.

We retain your personal data only for as long as reasonably necessary to fulfil the purposes we collected it for, including legal, regulatory, tax, or accounting requirements. When personal information is no longer needed and not required to be retained by law, we take reasonable steps to destroy or de-identify it.

10. What are your data protection rights?

Under the Privacy Act and the APPs, you have the following rights:

• Access — you have the right to request copies of your personal information that we hold. We will respond within 30 days.
• Correction — you have the right to request that we correct any information you believe is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
• Anonymity — where lawful and practicable, you may interact with us without identifying yourself or by using a pseudonym.
• Complaint — you have the right to complain about how we handle your personal information (see Section 14).

If you are located in the UK or EEA, you may also have rights to erasure, restriction of processing, objection, and data portability under applicable data protection laws.

We may need to verify your identity before processing your request. We will not charge a fee for a standard access request, but may charge a reasonable fee for clearly unfounded or excessive requests.

To exercise any of these rights, please email privacy@cyndr.ai.

11. Cookies

Our website uses cookies and similar technologies to enhance your experience and analyse usage patterns. We use:

• Strictly necessary cookies — required for the operation of our website (session management, security).
• Analytical cookies — to understand how visitors interact with our website and improve our services.
• Functional cookies — to remember your preferences and settings.

You can set your browser to refuse all or some cookies, or to alert you when cookies are being set. Disabling certain cookies may affect website functionality.

12. Changes to this policy

We keep this privacy policy under regular review and will place any updates on this page. Where changes are significant, we will take reasonable steps to notify you (for example, by email or a notice on our platform). We encourage you to review this policy periodically.

13. How to contact us

If you have any questions about this privacy policy, the data we hold about you, or you would like to exercise any of your rights, please contact our Privacy Officer.

We will acknowledge your enquiry or complaint within 5 business days and provide a substantive response within 30 days.

14. How to contact the appropriate authorities

We would appreciate the chance to address your concerns before you approach a regulator. However, you have the right to make a complaint at any time to the appropriate authority: