Privacy Policy
Last updated: 19 March 2026
1. Introduction
LAIT AI is operated by Anthony Marquez, trading as Lotus AI Tech (ABN pending) (“we”, “us”, “our”). We are committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, hold, use, and disclose your personal information when you visit our website at lait-app.com.au (“Website”) and when you use the LAIT AI platform (“Platform”).
By using our Website or Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use our services.
2. What Personal Information We Collect
We collect and hold the following types of personal information:
2.1 Information you provide directly
When you use our contact form, we collect your name, email address, organisation name (optional), and your message. When you subscribe to receive our NDIS AI Privacy Guide or other resources, we collect your email address. When you book a demonstration through our scheduling service, we collect your name, email address, and any information you provide in the booking form.
2.2 Information collected through the LAIT AI Platform
If you are a Platform user, we may collect your name, email address, organisation details, role, login credentials (hashed and encrypted), and content you create or upload within the Platform. This may include information relating to NDIS participants if you use the Platform for NDIS documentation purposes. We treat all Platform data with the highest level of care, as described in Section 6 below.
2.3 Information collected automatically
We use Plausible Analytics, a privacy-focused analytics service, to collect anonymised usage data about how visitors interact with our Website. Plausible does not use cookies and does not collect personally identifiable information. The data collected includes page views, referrer information, browser type, and approximate geographic location (country level). Plausible is operated by Plausible Insights OÜ (based in the European Union), and analytics scripts are loaded from their content delivery network.
3. How We Collect Personal Information
We collect personal information in the following ways:
Directly from you, when you submit our contact form, subscribe to receive a resource, book a demonstration, create a Platform account, or communicate with us via email. Through third-party services, specifically Calendly (a US-based scheduling service) when you book a demonstration, and Plausible Analytics when you visit our Website. We do not collect personal information from any other third-party sources.
4. Why We Collect Your Personal Information
We collect, hold, use, and disclose your personal information for the following purposes:
To respond to your enquiries submitted through our contact form. To send you the resource you requested (such as the NDIS AI Privacy Guide). To schedule and conduct product demonstrations. To provide and maintain the LAIT AI Platform, including user account management, technical support, and service improvements. To communicate with you about your account, service updates, and changes to our terms or policies. To comply with our legal obligations under Australian law. To analyse anonymised Website usage data to improve our Website and services.
We will not use your personal information for direct marketing without your express consent. If you provide your email address to receive a resource, we will send you that resource and may send you related information about LAIT AI, but you may unsubscribe from any such communications at any time.
5. How We Store and Protect Your Information
5.1 Website data
Information submitted through our contact form is transmitted via Amazon Web Services Simple Email Service (AWS SES) in the Asia Pacific (Sydney) region (ap-southeast-2) to our internal email address. Contact form submissions are not stored in a database on our servers; they are delivered as email.
5.2 Platform data
Data processed within the LAIT AI Platform is stored and processed entirely within Australia, using Amazon Web Services infrastructure in the Sydney region (ap-southeast-2). Platform data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2+. Each customer organisation operates within a dedicated instance, meaning your data is logically separated from other customers’ data.
AI processing within the Platform uses Amazon Bedrock, which operates within the same Sydney region. Your Platform data is not used to train AI models and is not sent outside Australia for processing.
5.3 Security measures
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include encryption at rest and in transit, role-based access controls, audit logging, and hosting on AWS infrastructure that holds SOC 2 and ISO 27001 certifications.
No method of electronic storage or transmission is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
6. NDIS Participant Data
We recognise that LAIT AI may be used by NDIS providers to create documentation that contains sensitive information about NDIS participants. This data is afforded the highest level of protection.
NDIS participant data entered into the Platform is processed and stored exclusively within Australia (AWS Sydney region). It is not used to train any AI models. It is not accessible to other customers or any third party. It is encrypted at rest and in transit. It is subject to audit logging. It can be exported or deleted at the customer organisation’s request.
LAIT AI is designed to align with the NDIS Practice Standards and the NDIS Quality and Safeguards Framework. However, LAIT AI is a software tool, not a registered NDIS provider. Responsibility for the accuracy, appropriateness, and use of any content generated using the Platform remains with the practitioner and their organisation.
7. Third-Party Services
We use the following third-party services that may process limited personal information:
7.1 Plausible Analytics
Plausible is a privacy-focused, cookieless analytics service operated by Plausible Insights OÜ (Estonia, EU). It collects anonymised website usage data only. Plausible does not track individual users, does not use cookies, and does not collect personally identifiable information. Analytics scripts are loaded from Plausible’s content delivery network, which may involve a request to servers outside Australia.
7.2 Calendly
When you book a demonstration through our Website, you interact with Calendly, a scheduling service operated by Calendly LLC (United States). Information you enter into the Calendly booking form (such as your name and email address) is processed under Calendly’s own privacy policy. This data may be processed and stored in the United States. We recommend reviewing Calendly’s Privacy Policy before booking a demonstration.
7.3 Amazon Web Services (AWS)
Our Website and Platform are hosted on AWS in the Sydney region (ap-southeast-2). Contact form submissions are sent via AWS Simple Email Service (SES), also in the Sydney region. AWS is our infrastructure provider and processes data on our behalf in accordance with the AWS Privacy Policy.
7.4 Important note on data sovereignty
Our data sovereignty commitments (data processed and stored within Australia) apply specifically to data processed within the LAIT AI Platform. This marketing website uses third-party services (Plausible Analytics and Calendly) that may process limited data outside Australia, as described above.
8. Overseas Disclosure of Personal Information
In accordance with APP 8, we disclose that your personal information may be disclosed to overseas recipients in the following circumstances:
Calendly (United States) — if you book a demonstration through our Website. Plausible Analytics (European Union) — anonymised website analytics data only (no personally identifiable information).
Data processed within the LAIT AI Platform is not disclosed to overseas recipients and is not transferred outside Australia.
9. Cookies and Tracking Technologies
Our Website does not set first-party cookies for tracking purposes. Plausible Analytics, our analytics provider, does not use cookies.
If you book a demonstration, the Calendly scheduling widget (loaded on our demo page) may set its own cookies. These cookies are governed by Calendly’s cookie policy.
10. Data Retention and Deletion
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
Contact form enquiries are retained in our email system for as long as needed to respond to and resolve your enquiry, and for a reasonable period thereafter for record-keeping. Email addresses collected for resource delivery are retained until you unsubscribe or request deletion. Platform account data is retained for the duration of the customer’s subscription and for a reasonable period after termination to allow for data export, after which it is permanently deleted. Platform content data (including any NDIS participant data) can be exported or deleted at any time at the customer organisation’s request.
You may request deletion of your personal information at any time by contacting us (see Section 14).
11. Your Rights Under the Privacy Act
Under the Australian Privacy Principles, you have the right to:
Access your personal information. You may request access to the personal information we hold about you. We will respond to your request within 30 days. In some circumstances, we may refuse access if permitted or required by law, and we will provide reasons for any refusal.
Correct your personal information. If you believe the personal information we hold about you is inaccurate, incomplete, or out-of-date, you may request that we correct it. We will take reasonable steps to correct the information and respond within 30 days.
Complain about a breach of your privacy. If you believe we have breached the APPs, you may lodge a complaint with us (see Section 14). We will acknowledge your complaint within 7 days and investigate and respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.
12. Marketing Communications
We will only send you marketing communications with your express consent, in accordance with the Spam Act 2003 (Cth). Every marketing communication will include an unsubscribe mechanism. You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us directly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically. For material changes, we will make reasonable efforts to notify affected individuals directly (for example, via email to Platform users).
14. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights under the APPs, or wish to make a privacy complaint, please contact us:
Privacy Officer
Anthony Marquez
Lotus AI Tech
Email: hello@lait-app.com.au
Location: Queensland, Australia
If you are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
This Privacy Policy was last reviewed on 19 March 2026. This document should be reviewed by a qualified Australian solicitor before publication.