Privacy Policy

Last updated · June 2026

This Privacy Policy explains how LlamaPath Pty Ltd (ACN 692 917 767) (us, we, our) collects, holds, uses and discloses Personal Information. We provide our services through our cloud platform.

Our Services are provided remotely through our cloud platform.

We may collect Personal Information in order to conduct our business, to provide and market our services and to meet our legal obligations. By using the website or our services, or by otherwise providing any Personal Information to us, you acknowledge this Privacy Policy. When visiting our website, using our Platform or engaging our Services, we handle Personal Information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

From time to time, we may revise or update this Privacy Policy or our information handling practices. If we do so, the revised Privacy Policy will be published on our website.

Definitions – Personal Information

Personal Information has the meaning given to it under the Privacy Act.

Sensitive Information has the meaning given to it under the Privacy Act.

The types of Personal Information we collect and hold

The types of Personal Information we may collect and hold include (but are not limited to) Personal Information from your organisation, such as:

  • Visitors:

    • Usage data: device identifiers, log data, IP address, and cookie/analytics data as described below.

  • Enquirers:

    • Business name and contact details, including contact name, address, telephone number and other contact details such as your email address.

  • Users:

    • Account information, including usernames, emails, contact details, payment details and other related information;

    • Usage analytics and logs, including device type, browser information, IP address, features used, session durations, error logs, diagnostics, and performance metrics;

    • Communications and support interactions, including messages, attachments, screenshots, explanations of issues, email communications, chat logs and metadata related to your request; and

    • Other Personal Information required to provide our services in specific cases.

You are not obliged to provide Personal Information to us. However, in many cases, if you do not provide Personal Information to us, we may not be able to supply our Services to you.

In some circumstances, you may provide to us, and we may collect from you, Personal Information about a third party. Where you provide the Personal Information of a third party, you must ensure that the third party is aware of this Privacy Policy, understands it and agrees to accept it. If you are providing us with Personal Information on behalf of a person who is under the age of 18 that you are the parent or guardian of, you understand that you are consenting to this Privacy Policy on their behalf as their legal guardian.

We generally do not seek to collect Sensitive Information. If we need to collect Sensitive Information for a particular service or legal requirement, we will do so only with your consent or as otherwise permitted by law. We will not use or disclose Sensitive Information for a purpose other than the purpose for which it was collected unless required or authorised by law.

If we receive Personal Information that we did not request, we will decide whether we could have collected it under this Privacy Policy and applicable law. If not, we will take reasonable steps to destroy or de-identify it as soon as practicable, unless we are required or authorised by law to keep it.

Anonymity and Pseudonymity

Where lawful and practicable, you may choose to remain anonymous or use a pseudonym when dealing with us. For example, you may browse our website without identifying yourself. However, if you do not provide certain Personal Information, we may not be able to provide you with our Services, respond to your enquiries, or otherwise engage with you in a meaningful way.

How Personal Information is collected and held by us

We collect Personal Information in the following ways:

  • when you submit Personal Information through our website or its associated tools, account set up processes, configuration settings, or provide it in correspondence by email or telephone;

  • in person, for example, when you engage with our employees, agents, or customer service representatives;

  • integration with your internal systems;

  • automatically via cookies, pixels, automated syncing and similar technologies;

  • from third parties such as, but not limited to, referees, service providers and public sources; and

  • in the course of providing our services to you.

We store Personal Information in computer storage facilities. We take steps to protect your Personal Information against loss, unauthorised access, use, modification or disclosure. Some examples of the steps we take to protect your Personal Information include:

  • ensuring strong computer and network security protocols, including firewalls, encrypted connections, identification codes, access privileges, and password protection measures to control access to our IT systems;

  • implementing continuous maintenance and monitoring of security systems to ensure Personal Information remains secure during transmission and storage;

  • requiring any third parties engaged by us to provide appropriate assurances to handle your Personal Information in a manner consistent with Australian law; and

  • taking reasonable steps to destroy or de-identify Personal Information after we no longer need it for our business or to comply with the law.

Data Breaches

We are required to comply with the Notifiable Data Breaches scheme under the Privacy Act. If we experience an eligible data breach involving your Personal Information, we will take reasonable steps to investigate the breach, and where required, notify you and the Office of the Australian Information Commissioner (OAIC) of the circumstances and the steps you can take to protect your information.

Collection of Personal Information through activity

Information that may identify you as a user may be gathered during your access of our website and use of our Services.

The website may include pages that use ‘cookies’. A cookie is a unique identification number that allows the server to identify and interact more effectively with your computer or device. The cookie assists us in identifying what our visitors find interesting on our website.

A cookie may be allocated each time you use our website. Cookies do not generally identify you personally on their own, but they may identify your device and may become associated with you when linked with other information we hold. Cookies allow us to understand how visitors interact with our website and to improve functionality and performance.

You can configure your access to our website to refuse cookies. If you do so, you may not be able to use all or part of our website.

Analytics and Anonymisation

We may use analytics services provided by third-party service providers to help us analyse how visitors and enquirers use our website. Although the service providers record data such as your geographical location, device, internet browser and operating system, this information does not generally identify you to us directly, but it may be treated as personal information where it can reasonably identify an individual.

The information generated about your use of our website may be transmitted to and stored on servers operated by our analytics service providers, which may be located in Australia or overseas (including the United States or the European Union), depending on the provider. The service providers will use the information on behalf of us for the purpose of evaluating your use of our website and Services, compiling reports on activity for us and providing us with other services relating to activity and internet usage. The IP address collected will not be associated with any other data held by the service provider.

The purposes for which we collect, hold, use and disclose Personal Information

We collect, hold, use and disclose Personal Information for a variety of business purposes, including:

  • Providing and supporting our services: to operate and improve the functionality of the Platform, process and respond to enquiries, communicate and provide support to users, and perform any ancillary function reasonably necessary to provide our services;

  • Quality and safety: fraud prevention, abuse monitoring, troubleshooting, performance and security;

  • Improving our business, products and services: including analytics, research, testing, diagnostics, product development and updates;

  • Marketing by us: to promote our business, products and services;

  • Enquiries and complaints: to handle and respond to enquiries, complaints and feedback;

  • Disclosures to:

    • Service providers: including hosting, storage, communications, payment and analytics providers who assist us and are bound by appropriate confidentiality, privacy and security obligations;

  • Legal, safety and corporate transactions: to comply with laws, detect/prevent fraud or security incidents, enforce our terms, and in connection with mergers, acquisitions or reorganisations.

We use your information for the purpose we collected, outlined above, or a related purpose you’d reasonably expect, or as permitted or required by law. Otherwise, we will ask for consent or rely on another APPs exception.

Direct marketing

We also collect, hold, use and disclose your Personal Information to:

  • notify you about the details of new services and products offered by us;

  • send you our newsletters and other marketing publications;

  • administer our databases for client service, marketing and financial accounting purposes;

  • otherwise promote our business; and

  • to comply with our legal requirements regarding the collection and retention of information concerning the products and services that we provide.

We will only send you direct marketing communications where you have consented or where you would reasonably expect to receive such communications from us. We will not disclose your Personal Information to third parties for their own marketing purposes unless you expressly opt in.

You may opt out of receiving direct marketing communications from us at any time and at no cost by using the unsubscribe facility in our communications or by contacting us using the details set out below. We will action your opt-out request as soon as reasonably practicable.

Disclosures to Third Party Service Providers

We may disclose your Personal Information to third parties who work with us in our business to promote, market or improve the services that we provide, including:

  • cloud hosting providers;

  • cybersecurity and monitoring partners;

  • software vendors;

  • consultants, payment processors;

  • data storage providers;

  • analytics providers; and

  • professional advisers who assist us in operating our business and delivering our Services.

We use third-party payment service providers to process transactions securely. Where you pay an invoice, secure payment link or hosted billing page, those providers may collect and process payment information, including card or bank details, in accordance with their own privacy policies. The public website does not collect full card details and we do not store full card details on our servers. We may retain related business records, such as invoice details, payment status, payment references and correspondence about payment.

We use PostHog to help us understand how our website and platform are used. On our public website (llamapath.ai), PostHog collects analytics data including page views, device and browser information, referral sources, and general usage patterns. On our authenticated client platform, PostHog may also record session replays to help us improve the user experience and provide support. Where session replay is used, we seek to configure it to avoid capturing unnecessary Personal Information, including by masking text and input fields where practicable. PostHog may use cookies or similar technologies to collect this data. You can learn more about how PostHog handles Personal Information by reviewing PostHog’s privacy policy at https://posthog.com/privacy.

As part of our business operations, inbound electronic communications received through our business tools (including email, messaging, and collaboration platforms) may be processed by automated systems, including AI-powered agents, for service delivery, workflow automation, and quality assurance. We handle Personal Information collected through those systems in accordance with this Privacy Policy and our applicable security controls. Where required by law, we will provide additional information about automated decision-making in this Privacy Policy or at the point of interaction.

We may also combine your Personal Information with information available from other sources, including the entities mentioned above, to help us provide better services to you.

Where we do share information with third parties, we require that there are contracts in place that only allow use and disclosure of Personal Information to provide the service and that protect your Personal Information in accordance with Australian law. Otherwise, we will disclose Personal Information to others if you’ve given us permission, or if the disclosure relates to the main purpose for which we collected the information and you would reasonably expect us to do so.

Overseas Disclosure of Personal Information

We may disclose your Personal Information to overseas recipients, including cloud infrastructure providers, secrets management services, analytics providers, payment processors, AI inference services, browser automation tools, and other technology service partners who assist us in providing our Services. These recipients are located in Australia, Singapore, and the United States. Where appropriate, further information about subprocessors may be provided to customers under their service agreement or a separate data processing addendum.

Where we disclose Personal Information to an overseas recipient, we take reasonable steps to ensure that the recipient complies with the APPs or is otherwise bound by privacy protections that are substantially similar. This may include contractual arrangements, technical safeguards, and due diligence on the recipient’s privacy and security practices.

Overseas recipients may be subject to privacy laws that differ from those in Australia.

Data Retention

We store, process, and retain Personal Information for as long as necessary to provide our Services and to comply with our legal obligations, including obligations under taxation, corporate and record-keeping laws. After the applicable retention period has expired, we will take reasonable steps to destroy or de-identify the information unless we are required or authorised by law to retain your information for a longer period.

How we handle requests to access your Personal Information

You have a right to request access to your Personal Information which we hold about you and to request its correction. You can make such a request by contacting us using the contact details set out in this policy.

We will respond to any such request for access as soon as reasonably practicable. Where access is to be given, we will provide you with a copy or details of your Personal Information in the manner requested by you where it is reasonable and practicable to do so.

We will not charge you a fee for making a request to access your Personal Information. However, we may charge you a reasonable fee for giving you access to your Personal Information.

In some cases, we may refuse to give you access to the information you have requested or only give you access to certain information. If we do this, we will provide you with a written statement setting out our reasons for refusal, except where it would be unreasonable to do so.

Before providing access to Personal Information or making any corrections, we may need to verify your identity to ensure the security of your information. We aim to respond to all access and correction requests within 30 days, or otherwise within a reasonable period.

How we handle requests to correct your Personal Information

We will take such steps (if any) as are reasonable in the circumstances to make sure that the Personal Information we collect, use or disclose is accurate, complete, up to date and relevant.

If you believe the Personal Information we hold about you is inaccurate, irrelevant, out of date or incomplete, you can ask us to update or correct it. To do so, please contact us using the contact details listed below.

Where we correct Personal Information that we previously disclosed to another entity, we will take reasonable steps to notify that entity of the correction, unless it is impracticable or unlawful to do so.

How to contact us or make a complaint

If you have any questions about this Privacy Policy, if you wish to correct or update information we hold about you or if you wish to request access or correction of your Personal Information or make a complaint about a breach by us of our privacy obligations (including the way we have collected, disclosed or used your Personal Information), please contact:

LlamaPath Pty Ltd (ACN 692 917 767) Attention: The Company Secretary Level 36, 1 Macquarie Place, Sydney NSW 2000 ops@llamapath.ai

We will acknowledge your complaint promptly and will respond to you in writing within 30 days, or such longer period as may be agreed with you, outlining the outcome of our investigation and any steps we will take to address your concerns. We will take reasonable steps to remedy any failure to comply with our privacy obligations. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au/privacy/privacy-complaints or by calling 1300 363 992.