Privacy Policy

Pontil Pty Ltd (ACN 696 682 489 | ABN 82 696 682 489)

Last updated: April 2026

1. Our Privacy Commitment

Pontil Pty Ltd (ACN 696 682 489 / ABN 82 696 682 489), trading as Pontil, is committed to protecting the personal information we collect from you. We build the API layer that makes SaaS platforms reachable by AI agents — running inside your infrastructure, not ours.

Because of how our product works, we engage with personal information in two capacities:

  • As a data controller (or primary collector). For example, if you are our customer or if you visit our website. We collect your personal information and use it to maintain our relationship with you.
  • As a data processor (or service provider) to other organisations who are the data controller. Your personal information is provided to us by the data controller in order for us to deliver our services to them.

Where we act as the data controller, we refer to you as the 'customer' in this policy. Where we act as the data processor, we refer to you as the 'customer's customer'.

This Privacy Policy explains how we collect and use your personal information in relation to our products, services, events, and website. It also describes how you can exercise your rights in relation to your personal information.

By engaging with us, you consent to us collecting, holding, using, and disclosing your personal information in accordance with this policy.

2. Collection

Personal information we collect

If you are our customer, we may collect and hold the following categories of personal information:

  • Identity data: your name, email address, postal address, phone number, username, and device identifiers such as IP addresses.
  • Commercial data: purchasing history, payments to and from us, and transactional information such as billing and payment details.
  • Marketing data: your preferences in receiving marketing from us and your communication preferences.
  • Technical data: browsing history, device information, and your usage of our website and services.
  • Geolocation data: approximate location based on your IP address or information you provide to us. You may be able to control collection of this data through your device settings.
  • Audio and video data: recordings of your interactions with our sales, product, or support teams, or customer support chat logs.
  • Cookies and similar technologies: used to collect information about your interactions with our website. See Section 4 for details.

We also receive access to information you include in your communications with our customers where this is necessary to perform our services.

Method of collection

If you are our customer, we may collect information from the following sources:

  • Information provided directly when you register, communicate with us, visit our website, or participate in our events and marketing activities.
  • Information collected from your employer to facilitate your use of our services.
  • Information automatically collected about your interactions with our website.
  • Information from public sources and public forums, such as social media.
  • Information from third parties such as partners with whom we promote our products and services.

There may be instances where personal information about you is collected indirectly. We will notify you about these instances in advance, or as soon as reasonably practicable after collection.

Failure to provide information

If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services you are seeking.

If you are our customer's customer, you separately control your privacy settings and arrangement with our corresponding customer through your direct relationship with them.

Purpose of collection

If you are our customer, we will generally collect, use, and hold your personal information for the purposes of:

  • providing services to you or someone else you know;
  • providing you with information about other products and services we offer which may be of interest to you;
  • facilitating our internal business operations, including meeting any legal requirements; or
  • analysing our services and customer needs with a view to developing new or improved products.

The table below sets out how we plan to use your personal information and the legal basis we rely on to do so.

Purpose / Activity

Type of Data

Lawful Basis

To provide our products: registering you as a customer, enabling access, operating and improving our services, and communicating with you.

Identity, Commercial, Technical

Contract

For our own business purposes: internal records, accounting, IT security management, and research and development.

Identity, Commercial, Technical, Geolocation, Audio and Video

Contract, Consent

For legal, safety, or security reasons: complying with legal requirements, defending legal claims, and detecting or preventing fraudulent or illegal activity.

Identity, Commercial, Technical, Geolocation

Contract, Legitimate Interest, Legal Obligation

For marketing our products or those of partners: sending promotional communications and facilitating events.

Identity, Commercial, Geolocation, Marketing

Legitimate Interest for prospecting. Consent with option to opt out.

Opting out of marketing messages does not opt you out of receiving necessary messages about our products, or messages relating to legal and safety matters.

If you are our customer's customer, we process your information solely for the purposes of providing our services to our customer.

3. Use and Disclosure

We use a limited number of third-party service providers to assist us in processing data. These providers support site features, technical operations, and data storage, and may process or store personal information while delivering their services. We maintain contracts with these third parties restricting their access, use, and disclosure of personal information.

We may share your personal information as follows:

  • Affiliates and subsidiaries: We may share your personal information with affiliated companies within our corporate group.
  • Service providers: We use third-party service providers — including cloud hosting (AWS / Google Cloud), marketing automation (HubSpot), authentication, and analytics services — which may require us to share your personal information.
  • Business transfers: We may share your data with entities involved in a corporate transaction such as a sale, acquisition, or merger. If a change happens to our business, new owners may use your personal information in the same way as set out in this Privacy Policy.

We may also disclose your personal information where we are required or authorised by law to do so, or where you have expressly consented to the disclosure.

If you are our customer's customer, we only use your personal information as necessary to perform our services for our customer.

4. Cookies and Tracking Technologies

Our website uses cookies. Cookies help us identify users and prepare customised web pages for them. They do not identify you personally, but they may link back to a database record about you. We use cookies to monitor usage of our website and to understand when you visit and what pages you view.

Cookie

Purpose

Lifetime

Google Analytics

Performance, analytics, and research

13 months

Google Ads

Marketing

3 months

HubSpot

Marketing and CRM tracking

13 months

Cookie Consent Tool

Cookie preferences

6 months

Advertising

Cookies and other ad technologies such as pixels and tags help us market more effectively to users who may be interested in our services. They also support aggregated auditing, research, and reporting.

Managing your cookie preferences

You can disable and delete cookies that are not necessary for basic website functionality. You may manage your preferences via the Cookie Manager at the bottom of any page on our website. Please note that blocking certain categories may affect your experience on our site.

Do Not Track signals

We do not collect personal information about your online activities over time and across third-party websites. 'Do not track' signals transmitted from web browsers therefore do not apply, and we do not alter our data collection practices upon receipt of such a signal.

5. Security

We store your personal information in electronic form. The security of your personal information is important to us.

We take reasonable measures to ensure your personal information is stored safely and protected from interference, misuse, loss, unauthorised access, modification, or disclosure — including electronic and physical security measures. Access to your personal information is limited to employees, agents, contractors, and third parties who have a business need to know. They will only process your personal information on our instructions and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. Data Retention

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including to satisfy any legal, regulatory, tax, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorised use or disclosure; the purposes for which we process it; and applicable legal or regulatory requirements. For more information on data retention, please contact us.

Where we anonymise your personal information for research or statistical purposes, we may use this information indefinitely without further notice to you.

7. External Links

When interacting with us, you may encounter links to external sites or online services. We do not control and are not responsible for the privacy and data collection practices of such third-party sites. You should consult those third parties and their respective privacy notices for more information.

8. Data Protection Rights

Australian residents

You may access the personal information we hold about you by making a written request to us. We will respond within a reasonable period. We may charge a reasonable fee for processing your request (but not for making the request itself).

We may decline a request for access in circumstances prescribed by the Privacy Act 1988 (Cth). If we do, we will provide written notice setting out our reasons.

If you believe the personal information we hold about you is inaccurate, incomplete, or out of date, please notify us immediately. We will take reasonable steps to correct it.

Marketing opt-out for Australian residents

We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to.

Where you receive electronic marketing communications from us, you may opt out by following the opt-out instructions in the communication or by emailing us at contactus@pontil.com to have your contact information removed.

Opt-out requests are usually processed within 5 business days. Even after opting out of promotional messages, you will continue to receive transactional messages regarding our services.

EEA, Switzerland, UK, and US residents

Subject to applicable law, you have the following rights with respect to your personal information:

  • Right to access: request disclosure of the personal information we collect, use, and share about you.
  • Right to correct: request that errors in your personal information be corrected.
  • Right to delete: request that we delete personal information we have collected about you.
  • Right to update: request that inaccurate personal information be corrected.
  • Right to opt out: opt out of targeted advertising, automated profiling, and sales of personal information.
  • Right to restrict use of sensitive information: request that we limit our use and disclosure of your sensitive personal information.
  • Right to withdraw consent: withdraw your consent at any time where processing is based on your prior consent.
  • Right to non-discrimination: you have the right not to receive discriminatory treatment for exercising your rights under applicable law, including the CCPA.

You may exercise these rights by contacting us using the details in Section 11.

9. International Transfers

Transfers out of Australia

We may disclose your personal information to recipients located outside Australia. Our third-party service providers, including AWS, Google, and HubSpot, may store or process your data in countries outside Australia.

Transfers out of the EEA, Switzerland, and UK

Due to the global nature of our operations, some recipients may be located in countries that do not provide an adequate level of data protection as defined by applicable data protection laws.

Transfers to such third countries take place using valid data transfer mechanisms, such as EU Standard Contractual Clauses and/or the UK Addendum to such clauses, approved codes of conduct, or other mechanisms approved by the relevant authorities. Please contact us if you wish to receive further information about how we transfer personal data.

10. Special Category Data

For customers, we do not collect or process sensitive personal information to infer characteristics about you.

For customers' customers, we do not collect or process sensitive information unless provided by the customer acting as the data controller.

11. Complaints

Australian residents

If you have a complaint about how we have handled any privacy matter, please contact us using the details in Section 12 below. We will consider your complaint and notify you of the outcome.

If you are dissatisfied with our handling of a complaint, you may contact the Office of the Australian Information Commissioner (OAIC).

EEA, UK, or Switzerland

You may lodge a complaint with a data protection authority for your country or region. A list of EEA data protection authorities is available here. The UK Information Commissioner's Office can be contacted here.

US residents

If you disagree with our decision regarding a data rights request, you may have the right to appeal under applicable law. To do so, please reply to our response.

12. No Sale of Personal Information

We do not sell your personal information, as that term is defined under the California Consumer Privacy Act (CCPA).

13. Changes to This Policy

From time to time, we may change how we handle personal information or the types of personal information we hold. Any changes will be published on our website. You may obtain a copy of our current policy from our website or by contacting us at the details below.

14. Contact Information

If you have questions or complaints regarding this Privacy Policy or Pontil's privacy practices, please contact us:

Email: contactus@pontil.com

For GDPR-related queries: contactus@pontil.com (mark your email 'GDPR — Privacy Enquiry')

Post:

Pontil Pty Ltd

Attn: Privacy Team

Suite 1, Level 9, 6-10 O'Connell Street

Sydney NSW 2000

Australia

GET STARTED

Your platform, agent-ready.
Without rebuilding a thing.

Start with a 30-minute discovery call

Book a call
Book a demo
Book a call
PontilPontil

contactus@pontil.com

site navigation

Product

Resources

About

Security

Contact

© 2026 Pontil. All rights reserved.

Privacy Policy