Skip to main content

Privacy Policy

Last Updated: 2 March 2026

This Privacy Policy is prepared in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and takes into account applicable international privacy frameworks including the EU General Data Protection Regulation (GDPR) 2016/679.

1. About SCAI Technologies

SCAI Technologies Pty Ltd (ABN 27692802645) ('SCAI', 'we', 'our', 'us') is an Australian technology consultancy specialising in Fractional CTO and Chief AI Officer (CAIO) services, cloud infrastructure, AI integration, and digital transformation advisory. Our registered principal place of business is Sydney, New South Wales, Australia.

We operate globally — having delivered projects across 56 countries — and our Privacy Policy reflects obligations across multiple jurisdictions including Australia, the European Union, the United Kingdom, India, and other applicable regions.

2. Our Commitment to Privacy

SCAI is committed to protecting the privacy of individuals whose personal information we collect, hold, use, or disclose. We treat privacy not as a compliance checkbox, but as a foundational element of our security-native architecture and client trust relationships.

This Policy explains what personal information we collect, why we collect it, how we use it, and the choices and rights available to you.

3. What Information We Collect

3.1 Information You Provide Directly

When you engage with SCAI — whether through our website, service engagements, or direct communications — we may collect:

  • Full name, business name, and professional title
  • Email address, telephone number, and business address
  • Information provided in enquiry or contact forms
  • Project briefs, technical requirements, and business context shared during consultations
  • Payment and billing details (processed via third-party payment processors)
  • Credentials and account information for platforms we manage on your behalf (under explicit instruction only)

3.2 Technical and Usage Data

When you visit our website (scaitechnologies.com), we may automatically collect:

  • IP address and general geolocation data
  • Browser type, operating system, and device identifiers
  • Pages visited, time spent on site, and referring URLs
  • Clickstream data and interaction logs via Google Analytics 4 and similar tools

3.3 Technical Data from Service Delivery

In the course of delivering cloud infrastructure, AI integration, and managed services, SCAI and our authorised partners may process:

  • AWS and cloud infrastructure telemetry and logs
  • System performance metrics, uptime data, and error reports
  • Network topology and configuration data
  • AI model inputs, outputs, and audit logs where applicable
  • Code repositories, CI/CD pipeline data, and deployment records

This technical data is processed solely for the purpose of service delivery, performance optimisation, and security monitoring.

3.4 Sensitive Information

We do not intentionally collect sensitive personal information (as defined under the Privacy Act 1988, including health, racial, political, religious, or biometric information). If sensitive information is incidentally disclosed, we will handle it with the highest level of care and will seek your explicit consent for any use beyond the immediate purpose.

4. How We Use Your Information

We use personal information only for purposes that are directly related to why it was collected, or for purposes you have consented to. This includes:

  • Delivering contracted services including Fractional CTO, cloud architecture, AI integration, and advisory engagements
  • Communicating with you about projects, proposals, invoices, and service updates
  • Processing payments and managing accounts
  • Improving our website, service offerings, and internal processes
  • Complying with applicable legal, regulatory, and contractual obligations
  • Responding to enquiries, support requests, and complaints
  • Sending service-related communications and, where consent is given, marketing updates

We do not sell, rent, or trade your personal information to third parties. We do not permit third-party advertisers to collect or use personal data from interactions with SCAI Technologies.

5. Lawful Basis for Processing

Under GDPR and equivalent frameworks, our lawful bases for processing personal data include:

  • Contract: Processing necessary to perform our service agreements with you
  • Legitimate Interests: Processing for security monitoring, fraud prevention, and business operations, balanced against your rights
  • Legal Obligation: Processing required by applicable law
  • Consent: Where you have explicitly consented, including for marketing communications

You may withdraw consent at any time by contacting us using the details in Section 13.

6. Disclosure to Third Parties

6.1 Authorised Partners

SCAI operates through a strategic partner network. Personal and technical data may be shared with the following categories of authorised sub-processors solely to deliver services:

  • Offshore development partners (including Enablero, India) under binding confidentiality and data processing agreements
  • Cloud infrastructure providers (including Amazon Web Services via Westcon-Comstor) under AWS Data Processing Agreements
  • Hardware and AV suppliers (HT Computers, Somerville Electric, Prolinx) where relevant to hardware procurement
  • Technical marketing freelancers engaged for client lead generation activities

All third-party partners are required to maintain appropriate technical and organisational security measures and are prohibited from using your data for any purpose other than service delivery.

6.2 Legal Disclosure

We may disclose personal information where required by law, court order, or regulatory authority, or where we reasonably believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.

7. International Data Transfers

SCAI operates globally. Personal data may be transferred to and processed in countries outside Australia, including India and jurisdictions where our cloud infrastructure is hosted (including AWS regions in Australia, Singapore, and the United States).

Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for GDPR-regulated transfers
  • Data Processing Agreements with all sub-processors
  • AWS Data Processing Addendums governing cloud data

Australian Privacy Principle 8 requires us to take reasonable steps to ensure overseas recipients handle personal information in compliance with the APPs. By engaging our services, you acknowledge that your data may be processed in these jurisdictions.

8. Data Security

We apply a security-native, Zero Trust architecture philosophy to all systems we operate and advise on. Our technical and organisational security measures include:

  • End-to-end encryption for data in transit (TLS 1.2+) and at rest
  • Multi-factor authentication and privileged access management
  • Role-based access controls and least-privilege principles
  • Regular security assessments and vulnerability management
  • Incident detection, response, and breach notification protocols
  • Secure development practices and code review processes

In the event of a data breach that is likely to result in serious harm, we will notify the Australian Information Commissioner and affected individuals in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

9. Data Retention

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our standard retention periods are:

  • Client engagement records: 7 years following project completion (Australian tax and regulatory requirements)
  • Website analytics data: 26 months (Google Analytics default retention)
  • Enquiry and contact form data: 24 months from last interaction
  • Technical infrastructure logs: 90 days unless longer retention is required for security investigation

Upon expiry of the applicable retention period, or upon your request, personal data is securely deleted or anonymised.

10. Your Privacy Rights

Depending on your jurisdiction, you have the following rights regarding your personal information:

10.1 Australian Privacy Act Rights

  • Access: Request access to personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Complaint: Lodge a complaint with the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

10.2 GDPR and UK GDPR Rights (where applicable)

  • Right to erasure ('right to be forgotten')
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time

To exercise any of these rights, please contact us as set out in Section 13. We will respond within 30 days (or within any timeframe required by applicable law).

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience, analyse traffic, and improve our services. Cookie categories include:

  • Essential Cookies: Required for website functionality (no consent required)
  • Analytics Cookies: Google Analytics 4 to understand usage patterns (opt-out available via browser settings or Google's opt-out tool)
  • Preference Cookies: To remember your settings and preferences

You may control or disable cookies through your browser settings. Note that disabling certain cookies may affect website functionality. We do not use cookies for advertising or cross-site tracking.

12. Links to Third-Party Sites

Our website may contain links to third-party websites, partner pages, or external resources. SCAI is not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Contact Us

For privacy enquiries, access requests, corrections, or complaints, please contact our Privacy Officer:

SCAI Technologies Pty Ltd

Attention: Privacy Officer

Email: privacy@scaitechnologies.com

Website: www.scaitechnologies.com

Sydney, New South Wales, Australia

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, or your relevant supervisory authority if you are located in the EU or UK.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. The 'Effective Date' at the top of this Policy will be updated accordingly. We encourage you to review this Policy periodically. Where material changes are made, we will notify affected individuals by email or a prominent notice on our website.

SCAI Technologies Pty Ltd — Sydney, Australia

www.scaitechnologies.com | privacy@scaitechnologies.com