Legal
Privacy Policy
Effective Date: 25 March 2026 · Last Updated: 11 May 2026
This Privacy Policy is issued by Serenite Group Pty Ltd (ACN 693 836 056 / ABN 78 693 836 056). It describes how we collect, use, store, disclose, and protect personal information in connection with the AI Wealth Hub platform, including Provider-owned or allocated Devices used to access the Platform. We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
1. Information We Collect
1.1 Information We Collect and Hold
The personal information and device administration information we collect and hold are limited to what is necessary for contract administration, client relationship management, payment processing, support, licensing, device allocation, and offboarding. We collect:
(a) Identity and contact information: name, email address, phone number, business name, ABN, and postal address — collected for the purposes of entering into and administering your service agreement;
(b) Billing information: invoicing and payment details necessary to process your subscription and Platform access, setup, support, and maintenance fees;
(c) Communications: correspondence between you and us, including support requests and feedback.
(d) Device administration information: device model, serial number, asset tag, allocated client or client slug, device location, remote management status, licensing status, health monitoring status, and return or offboarding logistics.
This information is stored and processed using the following third-party business tools:
- GoHighLevel (GHL) — customer relationship management, communications, and onboarding
- Xero — accounting and invoicing
- Stripe — payment processing (we do not directly store credit card numbers or bank account details)
- Google Workspace — business correspondence, lead management, and document storage
- Discord — internal notifications and client communication where applicable
This is the personal information and device administration information we hold centrally. Client business content, AI-generated outputs, configuration, credentials, knowledge base, and operational data are stored locally on the Device allocated for your use, except where you choose to send that data to third-party services connected to the Platform.
1.2 Information Stored on Your Device (Not Centrally Stored by Us)
For transparency, the Platform generates and stores the following data locally on the Device allocated for your use. Except for limited remote access, health monitoring, licensing, and offboarding activities described in this Privacy Policy, we do not routinely access or centrally store this data:
- AI-generated content (video scripts, videos, images, voiceover audio, social media captions)
- Knowledge base data (business research, indexed documents, cached information)
- Operational data (task logs, agent activity, cost monitoring, system metrics)
- Configuration and credentials (API keys, OAuth tokens, preferences) stored in encrypted form
- Financial tracking data where wealth management features are enabled
This data is yours. It resides on Provider-owned hardware allocated to you during the term, which may be in your possession or otherwise allocated for your use. We do not routinely browse Client Content. Remote access is limited to setup, configuration, maintenance, troubleshooting, software updates, security, support, and offboarding.
1.3 Information Collected via Our Website
When you visit aiwealthhub.app or submit an enquiry form, we may collect:
(a) Your name, email address, and phone number (submitted via the lead capture form);
(b) Standard web analytics data including IP address, browser type, device information, and pages visited.
1.4 Sensitive Information
We do not intentionally collect sensitive information (as defined in the Privacy Act) such as health information, racial or ethnic origin, political opinions, or biometric data.
2. How We Use Your Information
The limited personal information we hold is used solely for:
- Contract administration — entering into and managing your service agreement
- Payment processing — issuing invoices and processing payments
- Support and maintenance — providing remote support at your request and delivering software updates
- Device administration and offboarding — allocating Devices, validating licences, monitoring health status, arranging returns, and preparing Devices for redeployment
- Communication — service updates, technical notices, and responding to your enquiries
- Website enquiries — responding to contact form submissions
- Legal compliance — meeting regulatory requirements, court orders, or law enforcement requests
3. How Your Data Is Stored — Local Processing Model
The AI Wealth Hub Platform operates primarily on a local data model. This is a core design principle:
- Business data, AI-generated content, knowledge base, configuration, credentials, and operational data are stored locally on the Device allocated for your use
- We do not maintain a central server or cloud database containing Client Content
- We do not have routine access to Client Content stored on your Device
- Local databases on the Device are not replicated to any system controlled by us. Separately, the Device may transmit limited health and licensing signals described in this Privacy Policy
3.1 Provider-Owned Device and Offboarding
The Device may be owned by Serenite Group Pty Ltd and allocated to you for Platform access during the term of your agreement. Device ownership is separate from ownership of your Client Content. On termination, expiry, or return of a Device, we may assist with reasonable export or retrieval of Client Content where requested and technically practicable, then remove, disable, wipe, or redeploy Provider IP and Platform software.
3.2 Catalogue Model — Your Choices, Your Responsibility
The Platform provides a catalogue of automations and integrations that you may choose to enable. You decide which automations to activate, which third-party services to connect, and how to use the Platform's capabilities. Because ordinary use of the Platform occurs locally on your Device and we do not routinely review Client Content or ordinary usage, you are solely responsible for which integrations you enable and what data is transmitted.
4. Third-Party Service Integrations
4.1 Client-Controlled Integrations
The Platform supports integration with a range of third-party services. You choose which services to connect. The Platform does not automatically connect to any third-party service without your action. Each integration you enable is governed by your own agreement with that third-party provider.
4.2 Cross-Border Data Transfers
Third-party services you connect to may be operated by companies based outside Australia, including in the United States. When you choose to connect a third-party service, you acknowledge that data transmitted to that service may be processed in overseas jurisdictions.
4.3 Social Media Publishing
Where you enable automated social media publishing, the Platform will transmit content to your connected social media accounts via third-party scheduling services you have configured. You are solely responsible for the content published to your accounts.
5. Remote Access to Your Device
Remote access to your Device is a support service provided for your benefit and for Platform administration. We may access your Device remotely through secure remote access tooling, including SSH over Tailscale VPN, for setup, configuration, maintenance, troubleshooting, software updates, security, Client-requested support, and offboarding. Remote access occurs only:
- At your request — when you contact us for support, troubleshooting, or configuration assistance
- Scheduled maintenance — for software updates or maintenance, with reasonable prior notice
- Offboarding — to assist with export, retrieval, removal, disabling, wiping, or redeployment of Platform software and Provider IP
- Urgent circumstances — where immediate access is necessary to prevent data loss, security incidents, critical system failure, or legal or technical risk
We do not routinely browse Client Content. Any access to Client Content is limited to what is reasonably necessary to provide support, maintain the Platform, troubleshoot issues, complete offboarding, or comply with legal obligations.
5.2 Device Health Monitoring
Your Device transmits a periodic health status signal (“health ping”) to our licensing and administration platform. This contains Device online/offline status, system health indicators, licence validation data, and technical identifiers reasonably needed to administer the allocated Device. The health ping does not intentionally transmit Client Content, files, credentials, or personal information.
6. Artificial Intelligence and Automated Processing
6.1 How AI Is Used
The Platform uses artificial intelligence systems to:
- Generate written content including video scripts, social media captions, and business research summaries
- Generate visual and audio content including images, videos, and voiceover narration
- Analyse and index business knowledge and documents
- Automate content scheduling and publishing workflows
- Provide business insights and summaries based on data you provide
6.2 AI Outputs Are Not Decisions
The Platform's AI systems generate content and suggestions, not automated decisions that have legal or significant effects on individuals. All AI-generated content is subject to your review and approval before use or publication.
6.3 Transparency
For transparency, we disclose that the Platform uses automated systems (including large language models, image generation models, video generation models, and voice synthesis models) to process inputs and generate outputs. These systems are probabilistic in nature and outputs may contain inaccuracies.
7. Disclosure of Personal Information
We may disclose your personal information to:
- Third-party business tools — the platforms listed in section 1.1 for the purposes described
- Professional advisers — including lawyers and accountants, where necessary
- Law enforcement or regulatory bodies — where required by law, regulation, or court order
- Related entities — if our business is transferred, merged, or restructured
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
8. Data Security
8.1 Personal Information We Hold
The limited personal information we hold is protected through third-party platform security, secure communications, and access controls. Only authorised personnel within Serenite Group can access client contract and billing records.
8.2 Platform Security (On Your Device)
The Platform software includes encrypted credential storage, input sanitisation, secure session management, and protections against common attack vectors. Remote support access is conducted via encrypted SSH over Tailscale VPN, with no public internet exposure of your dashboard.
However, no system is completely secure. Where the Device is in your possession or control, you are responsible for the physical security of the Device, maintaining a secure network environment, and safeguarding your API keys and credentials.
9. Data Breach Notification
In accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth), if we become aware of a data breach involving personal information that is likely to result in serious harm, we will take immediate steps to contain and remediate the breach, notify you as soon as practicable, and where required, notify the Office of the Australian Information Commissioner (OAIC).
10. Your Rights
10.1 Access (APP 12)
Request access to the personal information we hold about you. Most Platform data is stored locally on the Device allocated for your use and is directly accessible through that Device.
10.2 Correction (APP 13)
Request correction of any personal information we hold that is inaccurate, incomplete, out of date, irrelevant, or misleading. We will respond within 30 days.
10.3 Complaints
If you believe we have breached the APPs, you may lodge a complaint with us using the contact details below. We will investigate and respond within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
11. Data Retention
- Data on your Device: Client Content stored on the Device remains yours. On termination, expiry, or Device return, we may assist with reasonable export or retrieval where requested and technically practicable, then remove, disable, wipe, or redeploy Provider IP and Platform software
- Device administration records: Retained for as long as necessary to manage Device allocation, support, warranty, insurance, return, audit, and legal obligations
- Contract and billing records: Retained for the duration of our business relationship plus 7 years, as required for tax and accounting compliance under Australian law
- Website enquiry data: Retained for as long as necessary to respond to your enquiry, after which it is deleted or de-identified
- Third-party services: Data retention by third-party services you have connected is governed by those providers' own policies
12. Children's Privacy
The Platform is designed for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or via the Platform dashboard at least 14 days before the changes take effect.
14. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights under the APPs, or want to make a complaint, please contact us:
Serenite Group Pty Ltd
ABN 78 693 836 056
Email: branson@aiwealthhub.app