Privacy Policy
Controller: TTMLabs Pty Ltd ABN 66 662 501 055, Perth, Western Australia
Contact: sophie@ttmlabs.ai · ttmlabs.ai
Applicable law: Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
1. Introduction
TTMLabs Pty Ltd is committed to protecting the privacy of individuals in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how TTMLabs collects, uses, discloses, and protects personal information in connection with its AI agent platform and the Ironframe proprietary runtime.
This Policy applies to all individuals who interact with TTMLabs . website visitors, prospective clients, signed clients, and end users of deployed AI agents. It should be read alongside the TTMLabs Client Services Agreement, which contains additional data handling obligations specific to commercial client engagements.
By using our platform or services, you consent to the practices described in this Policy. To request deletion of any data we hold, contact sophie@ttmlabs.ai.
2. Information We Collect
2.1 Information You Provide Directly
- Account information: Name, email, business name, ABN or ACN, and information provided during signup
- Payment information: Billing name and address. Card details are processed exclusively by Stripe . never stored on TTMLabs systems
- Agent configuration: Task descriptions, business context, communication preferences, and instructions to configure your AI agent
- Support communications: Emails and messages you send to TTMLabs
- Agreement data: Name, title, and signature information provided when executing a Client Services Agreement or Order Form
2.2 Information Collected Automatically
- Agent interaction logs: A timestamped record of all actions taken by your AI agent . messages, tasks, tools used, and content generated
- Supervisor layer logs: TTMLabs maintains operator-level oversight of deployed agents for quality assurance. All supervisor actions are logged with a full audit trail. See Section 6
- Usage and billing data: Token consumption, credit balance changes, top-up events, login times, and feature usage
- Technical data: IP address, browser type, operating system, and session data
- Third-party integration data: Where you connect third-party accounts to your agent, data from those accounts is processed to fulfil agent tasks
2.3 Sensitive Information
TTMLabs does not intentionally collect sensitive information as defined by the Privacy Act 1988 (Cth). Where an agent's tasks require handling such information, the client is responsible for ensuring appropriate safeguards and individual notifications are in place.
3. How We Use Your Information
- Providing the service: Operating, maintaining, and delivering AI agent capabilities via the Ironframe platform
- Account and billing management: Authenticating identity, processing payments, managing credits, and issuing tax invoices
- Service quality and oversight: Monitoring agent sessions via the TTMLabs supervisor layer to ensure quality, accuracy, and safety
- Security monitoring: Operating the automated security monitoring system, including protective suspension of agent communications during a security event
- Platform improvement: Analysing aggregated, de-identified usage data. We do not use client data to train general-purpose AI models accessible to other clients without your explicit consent
- Communications: Service notices, security alerts, billing notifications, and product updates
- Legal compliance: ATO record-keeping and other Australian legal obligations
- Dispute resolution: Resolving disputes and enforcing our Terms of Service and CSA
4. Disclosure to Third Parties
TTMLabs does not sell, rent, or trade personal information to any third party for marketing purposes.
4.1 Sub-Processors
| Provider | Purpose | Country |
|---|---|---|
| Google LLC | AI model services (Google Gemini); Google Workspace integrations where connected | USA |
| Anthropic, PBC | AI model services (Anthropic Claude) | USA |
| Stripe, Inc. | Payment processing | USA |
| Supabase, Inc. | Database and authentication infrastructure | USA |
| Cloudflare, Inc. | Infrastructure, DDoS protection, content delivery | USA |
| Resend, Inc. | Transactional email delivery | USA |
4.2 Legal Requirements
We may disclose personal information where required by law, court order, or regulatory authority including the ATO, OAIC, or law enforcement agencies.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of TTMLabs assets, personal information may be transferred to the successor entity subject to equivalent privacy protections.
4.4 Overseas Disclosure
Several sub-processors are based in the United States. By using our services, you consent to your information being processed in those jurisdictions. TTMLabs takes reasonable steps to ensure overseas recipients comply with the Australian Privacy Principles.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Agent interaction logs | 90 days, then permanently deleted or de-identified | Operational transparency and audit |
| Client data (post-termination) | 30 days post-termination, then deleted with written certification | CSA Section 6.7 |
| Account information | Account duration + 12 months post-closure | Dispute resolution |
| Billing and tax records | 7 years from transaction date | ATO compliance |
| Supervisor and audit logs | 12 months from creation | Quality assurance and disputes |
| Support communications | 2 years from last communication | Service quality and disputes |
| Agreement and signature records | Duration of relationship + 7 years | Legal compliance |
6. Service Quality Oversight . The Supervisor Layer
TTMLabs maintains operator-level oversight of all deployed AI agents via the Ironframe supervisor layer. Authorised TTMLabs personnel may:
- Read session logs and recent interaction history for any deployed agent
- Inject messages into an agent's outbound channel for quality correction
- Respond to agent escalation events where an agent has flagged it is outside its competence
- Apply outbound message quality checks before messages reach clients
All supervisor actions are logged to a secure audit trail. Supervisor access uses a dedicated token fully isolated from client gateway tokens. Clients cannot access supervisor logs, injection records, or TTMLabs operational data. Clients accept this oversight as part of the managed service, as disclosed in Section 7.4 of the Client Services Agreement.
7. Security
TTMLabs implements encrypted communications (TLS in transit, encryption at rest), access controls, server-level firewalls, and continuous automated security monitoring.
Where a confirmed or suspected security event poses a risk to clients, TTMLabs may proactively restrict agent communications as a protective measure. Clients are notified promptly following any such suspension.
In the event of a confirmed data breach materially affecting personal information, TTMLabs will notify affected clients within 48 hours and comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth).
8. Your Rights Under the APPs
- Access: Request a copy of the personal information TTMLabs holds about you
- Correction: Request correction of inaccurate or outdated personal information
- Deletion: Request deletion of personal information, subject to legal retention obligations
- Opt out: Withdraw consent to marketing communications at any time
- Complain: Lodge a complaint with the OAIC at oaic.gov.au if you believe we have breached the APPs
To exercise any of these rights, contact sophie@ttmlabs.ai. We will respond within 30 days.
9. Cookies and Tracking
The TTMLabs website uses Cloudflare Web Analytics for performance monitoring. This tool does not use cookies and does not collect personal identifiers . it operates on aggregated, privacy-preserving metrics only. We do not use advertising cookies, tracking pixels, or third-party behavioural analytics.
10. Children's Privacy
The TTMLabs platform is not directed at individuals under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently done so, contact sophie@ttmlabs.ai immediately.
11. Changes to This Policy
Material changes will be notified to active clients via email at least 30 days before they take effect. The current version is always available at ttmlabs.ai/privacy. Continued use after the effective date constitutes acceptance.
12. Contact and Complaints
TTMLabs Pty Ltd · ABN 66 662 501 055
Email: sophie@ttmlabs.ai · Website: ttmlabs.ai
Perth, Western Australia, Australia
If not satisfied with our response, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.