Legal

Privacy Policy

Last updated: March 2026

1. Who we are

CoreStack Systems (CSS) is an AI infrastructure and automation company based in Melbourne, Australia. We deploy AIOS, a complete AI Operating System, inside businesses. This includes local hardware installation, private AI models, structured automation, and governance frameworks.

This policy explains how we collect, use, store, and protect personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

ABN: 19 675 134 117
Contact: [email protected]
Website: corestacksystems.com.au

2. What information we collect

We collect only what we need to provide our services. This falls into two categories:

Information you provide directly

  • Name, email address, and company name submitted through forms on our website
  • Industry, role, and workflow details you share via the Requirements Snapshot or AI Audit forms
  • Contact details if you email us directly
  • Booking details if you schedule a discovery call through our website
  • Project requirements, technical specifications, and business information shared during consultations
  • Invoicing and payment details required to process transactions

Information collected automatically

  • Basic server logs (IP address, browser type, pages visited) collected by our hosting provider, Vercel
  • We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts on this website

3. How we use your information

We use the information you provide to:

  • Respond to your enquiry or booking request
  • Assess whether AIOS is a good fit for your business
  • Prepare a scoped proposal or project roadmap
  • Deliver the services you have engaged us for
  • Send project updates and relevant communications during an active engagement
  • Issue invoices and manage payments
  • Comply with legal and regulatory obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.

4. How client data is stored

This is central to what we do. Our entire business model is built on keeping your data local and private.

For AIOS deployments

When we deploy an AI Operating System inside your business, your operational data stays on your hardware. It does not leave your network. The AI models, automations, and workflows we install run locally on infrastructure you own or control. This is by design, not an afterthought.

For website enquiries and project management

Information submitted through our website forms is received via email and stored in our internal project management systems. We do not use a third-party CRM or marketing database to store your enquiry data.

No external AI processing without consent

CoreStack Systems does not send your business data, documents, or operational information to external AI APIs or cloud-based AI services without your explicit written consent. If a project requires any external processing, we will discuss this with you first and obtain written approval before proceeding.

5. Third-party services

Our website and business operations use a small number of third-party services:

  • Vercel — Website hosting. Subject to Vercel's privacy policy.
  • Google Fonts — Typography. Google may log font requests per their standard policy.
  • Gmail / Google Workspace — Email communication. Subject to Google's privacy policy.
  • Stripe or direct bank transfer — For payment processing, if applicable.

We choose our tools carefully and avoid services that harvest or resell user data.

6. Cookies

Our website does not set any first-party cookies for tracking or analytics purposes.

Third-party services embedded on the site (such as Google Fonts) may set their own cookies. These are governed by the respective service's cookie policy. We have no control over those cookies and do not use them to track you.

If this changes in the future, we will update this policy and notify you where required.

7. Data retention

We retain your personal information only for as long as it is needed:

  • Enquiries that do not proceed: Retained for up to 12 months after last contact, then deleted.
  • Active client data: Retained for the duration of the engagement plus any period required by Australian tax and business record-keeping laws (generally 5 years for financial records).
  • Server logs: Managed by Vercel per their retention policies.

You can request early deletion at any time (see Your Rights below).

8. Data security

We take reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, and disclosure. This includes:

  • Encrypted email communication where supported
  • Strong authentication on all accounts and systems
  • Limited access to personal information (sole founder operation)
  • Regular review of security practices

For AIOS deployments, security is built into the architecture. Your data runs on your hardware, behind your network security. We configure systems with security best practices as part of every deployment.

9. Your rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access any personal information we hold about you
  • Correct information that is inaccurate, incomplete, or out of date
  • Request deletion of your personal information (subject to any legal obligations we may have to retain it)
  • Withdraw consent for any processing that relies on your consent
  • Lodge a complaint if you believe your privacy has been breached

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Overseas disclosure

CoreStack Systems is based in Australia and processes data in Australia. We do not routinely transfer personal information overseas.

If an engagement requires the use of any service that processes data outside Australia, we will inform you in advance and ensure appropriate safeguards are in place, consistent with APP 8.

11. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the "Last updated" date at the top of this page.

For significant changes, we will make reasonable efforts to notify affected individuals directly.

12. Contact

For any privacy-related questions, concerns, or requests, contact:

Adam Kadro
Founder, CoreStack Systems
Email: [email protected]
Location: Melbourne, Australia