Security & Privacy

How we think about your data.

Plain English. No compliance theatre, no fine-print hedging. This is how ProjxAI actually approaches privacy and security when building AI systems for Australian businesses.

What this page is not: This is not a legal compliance statement, a formal data processing agreement, or a privacy policy. It's a transparent description of how we approach these issues. Our formal Privacy Policy is available separately.

Our working principles

These aren't aspirational values hanging on a wall. They are the decisions we make on every project.

Your data stays yours

We never store, mine, or monetise your business data. When we build AI workflows for your business, the data flowing through those systems belongs to you — and the design reflects that. We work with you to understand what data your workflows touch, where it goes, and who can see it before we build anything.

Humans stay in the loop

We don't build fully autonomous AI systems that make consequential decisions without a person checking the output. Every workflow we design has defined approval points, escalation paths, and clear handoff to a human where it matters. AI handles the repetitive work — your team keeps control of what counts.

We choose tools that match your risk profile

Not every AI tool is right for every business. Before recommending any platform or API, we consider what data it will process, whether that data is sensitive, what the provider's data handling policy is, and whether a private or local deployment makes more sense. We'll tell you clearly when a tool is not appropriate for your situation.

We design for least-privilege access

AI systems only get access to the data they actually need to do the job. We don't connect tools to full databases when a subset of records will do. We scope API permissions tightly, use read-only access where write access isn't required, and document what each integration can and cannot touch.

Sensitive industries get extra care

If your business operates in health, legal, financial services, or another regulated sector, we apply a higher level of scrutiny to every tool and workflow we recommend. We'll be upfront about what we can and can't help with, and we'll point you to appropriate specialists when your situation requires it.

Private deployment when it matters

For businesses where data sovereignty is a hard requirement — government suppliers, healthcare providers, legal firms — we can design and host AI infrastructure that runs entirely within your own environment. No third-party API calls, no data leaving your network. This is a core part of our AI Infrastructure service.

Questions we get asked

Straight answers to the things risk-conscious buyers want to know before they engage.

Do you share our data with AI companies?

We use AI tools that require sending data to APIs (such as OpenAI, Anthropic, or Google) only when your data is suitable for that. When it isn't — for example, if your data includes personally identifiable information or commercially sensitive material — we use tools that don't require third-party API calls, or we design workflows that anonymise or summarise data before it leaves your environment.

Are you ISO 27001 or SOC 2 certified?

ProjxAI is a specialist consultancy, not a large enterprise. We don't hold these certifications ourselves. What we do is help you make informed decisions about the tools and platforms you use, many of which do carry these certifications. If your procurement process requires certified vendors, we'll help you structure your engagement to work within that requirement.

What happens to our data after a project ends?

We don't retain copies of your business data after a project concludes. Working files are deleted. Any test data used during development is your property and destroyed at handoff. We'll document this process as part of project close-out.

Can AI workflows comply with the Australian Privacy Act?

Yes — with the right design. The Privacy Act applies to how you collect, store, and use personal information. AI workflows need to be built with those obligations in mind: appropriate consent, data minimisation, access controls, and audit trails. We design with these requirements in mind and can walk you through how they apply to your specific use case. We are not lawyers and this is not legal advice — for complex privacy questions, we recommend engaging a privacy lawyer.

What if we're in a regulated industry?

Regulated industries (health, financial services, legal, education) have specific obligations that affect how AI can be deployed. We work in these sectors but apply significantly more scrutiny to tool selection and workflow design. We'll be direct about what we can confidently support and where you need additional specialist advice.

Have a question we haven't answered?

If you have specific security or compliance requirements, bring them to the Clarity Call and we'll give you a direct answer.

Book a Free Clarity Call →Private AI & Hosting →