← Back to site

MKTAI Privacy Policy

Last updated: 24 March 2026 | In compliance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)

1. Data Controller

MKTAI (“we”, “our”, “us”), accessible at mktai.io, is the entity responsible for the handling of personal information collected through this Platform, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Privacy Officer: [email protected]

2. Personal Information Collected

2.1. Registration Information:

  • Full name
  • Email address
  • Password (stored exclusively as a bcrypt cryptographic hash — never in plain text)
  • Referral (invite) code

2.2. Usage Information:

  • Conversation history and interactions with AI models
  • Prompts submitted (inputs) and responses generated (outputs)
  • AI model used and tokens consumed
  • Date, time and duration of sessions
  • IP address and browser User-Agent
  • Files uploaded for processing (PDFs, CSVs, audio)

2.3. Technical Information:

  • Server logs (for security and diagnostics)
  • Device and operating system information

3. Purposes of Collection (APP 3 & APP 6)

We collect and use your personal information only for purposes that are reasonably necessary for, or directly related to, one or more of our functions or activities:

  • Primary purpose: To provide, operate and maintain the Platform and its AI models, including authenticating your access, processing your requests via chat, and managing your account;
  • Related purposes: To improve and enhance AI models in an aggregated and anonymised manner; to prevent fraud, abuse and misuse of the Platform; to send operational communications about the service (updates, maintenance);
  • Consent-based purposes: For AI model training using identifiable data, only with your additional express consent;
  • Legal obligation: To comply with applicable laws, court orders or regulatory requirements.

We will not use or disclose your personal information for a purpose other than the primary purpose of collection unless one of the exceptions in APP 6 applies (e.g. you have consented, or the secondary purpose is directly related and reasonably expected).

4. Disclosure of Personal Information

Your personal information may be disclosed to:

  • Service providers: Infrastructure providers (hosting, cloud storage), AI model providers (for request processing), and security services — all bound by contractual obligations to protect your information;
  • Legal authorities: When required by law, court order or legal process;
  • In case of corporate reorganisation: In the event of merger, acquisition or asset sale, your information may be transferred to the successor, with appropriate protection guarantees.

MKTAI never sells your personal information to third parties.

5. Cross-Border Disclosure (APP 8)

To provide the service, your personal information may be disclosed to overseas recipients located in:

  • Brazil — where MKTAI’s primary infrastructure and database servers are located;
  • United States — where certain AI model providers (used for processing your requests) operate their services.

In accordance with APP 8, before disclosing your personal information to an overseas recipient, we take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles. We do this through contractual arrangements that require the recipient to handle your personal information in a manner consistent with the APPs.

By using the Platform, you acknowledge and consent to the cross-border disclosure of your personal information for the purposes described above.

6. Data Retention

We retain your personal information only for as long as it is needed to fulfil the purposes for which it was collected, or as required by law:

  • Registration data: While the account remains active, and for up to 6 months after closure;
  • Conversation history: While the account remains active. Deleted conversations are permanently removed;
  • Security logs: For up to 12 months;
  • Data for legal obligations: For the period required by applicable legislation.

When personal information is no longer needed, we take reasonable steps to destroy or de-identify it in accordance with APP 11.

7. Access and Correction (APP 12 & APP 13)

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you (APP 12);
  • Request correction of personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading (APP 13);
  • Request deletion of your personal information (where we are not required by law to retain it);
  • Withdraw consent for any consent-based processing at any time;
  • Request information about how your data is handled and to whom it has been disclosed.

To exercise any of these rights, send an email to: [email protected]

We will respond within 30 days, as required by the Privacy Act 1988.

8. Data Security (APP 11)

We take reasonable steps to protect your personal information from misuse, interference, loss, and from unauthorised access, modification or disclosure. Our security measures include:

  • Password encryption with bcrypt (hash + salt);
  • JWT authentication with httpOnly cookies (XSS protection);
  • Encrypted communication via HTTPS/TLS;
  • Rate limiting and brute-force attack protection;
  • Docker container isolation with internal network;
  • Regular database backups.

9. Cookies & Similar Technologies

The Platform uses cookies exclusively for:

  • Authentication cookie (JWT): Essential to maintain your active session. Type: httpOnly, Secure. Expiry: 72 hours.

We do not use tracking, advertising or third-party analytics cookies.

10. Children

The Platform is not intended for persons under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, it will be deleted immediately.

11. Changes to this Policy

MKTAI may update this Privacy Policy periodically. Significant changes will be communicated by email or notice on the Platform. The “last updated” date at the top of this page will always be revised.

12. Complaints

If you believe MKTAI has breached the Australian Privacy Principles or handled your personal information inappropriately, you may lodge a complaint with us at [email protected]. We will investigate and respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

13. Contact

For questions, requests or exercise of data privacy rights:

📧 Privacy Officer: [email protected]

📧 General enquiries: [email protected]

© 2026 MKTAI — All rights reserved.

Terms of Use · Back to site