Effective May 27, 2026 · Last updated May 27, 2026
NxtLayr AI is a registered business name of CEG Collective Pty Ltd (ABN 52 690 795 647), a company registered in New South Wales, Australia. This Privacy Policy explains how we handle personal information when you visit nxtlayrai.com, engage us for services, or otherwise interact with us.
We voluntarily apply the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) to all personal information we hold, regardless of whether the small business exemption applies to us at any given time.
This policy covers anyone who visits the Site, contacts us, or engages us directly. It does not apply to personal information we process on behalf of a client under a Data Processing Agreement. That information is governed by the client's own privacy policy.
Identity and contact: name, business title, company name, email, phone, business address.
Commercial context: industry, business size, role, AI use case, and the inputs and estimate you generate with our on-site calculators (e.g. team size, tools used, estimated annual leak). These estimates are indicative only.
Marketing consent record: where you opt in to our emails, we record that you consented, when, the source form, and the exact wording you agreed to, so we can evidence your consent and honour withdrawal. You can unsubscribe via the one-click link in every marketing email or by replying "unsubscribe".
Financial: invoice records. Payments are processed by Stripe, we do not store card details.
Engagement: call notes, audit findings, project documentation.
Technical and analytics: IP address, browser, OS, device type, pages visited, referrer, conversion events. We use Google Tag Manager / GA4, Meta Pixel, Apollo website tracker, and Contentsquare for analytics and retargeting.
Third-party enrichment: publicly available business information from lead-enrichment sources such as Apollo and ZoomInfo. If you would prefer we remove you from our prospect records, email us and we will.
We do not collect sensitive information (health, biometric, political, etc.) unless you provide it for a specific stated purpose.
To respond to enquiries and deliver services, to send service communications, to send marketing where you have opted in, to improve and secure the Site, and to meet legal obligations. We do not use your personal information for automated decisions that significantly affect you.
Because we consult on AI, we want to be explicit: we do not use your personal information to train AI models, and our AI sub-processors are contractually prohibited from using our API data to train their models. Full details are in our Trust Center.
Only with service providers who need it to deliver our services: Stripe (payments), Google Workspace (email), Attio (CRM), Cal.com (booking), Vercel and AWS (hosting), and the AI providers listed in our Trust Center. Also with our professional advisors (lawyers, accountants, insurers) or where legally compelled. We do not sell personal information.
Some of our service providers operate outside Australia, primarily the US and EU. Under APP 8 we take reasonable steps to ensure they handle personal information consistent with the APPs.
The Site uses strictly necessary cookies (no consent needed) and analytics, marketing, and session-replay cookies (which require consent in some jurisdictions, a banner will display where applicable). You can manage cookies in your browser at any time.
Audit and engagement records: 7 years. Invoices and payment records: 7 years. Marketing subscriptions: until you unsubscribe plus 30 days. Site analytics (GA4 raw): 14 months. Prospect and CRM records: while the relationship is active, plus 3 years. General email correspondence: 7 years.
TLS in transit, encryption at rest for sensitive systems, role-based access, MFA on critical accounts, and the ACSC Essential Eight at Maturity Level 1 (tracking toward Level 2).
Under APPs 12 and 13 you can ask us for a copy of the personal information we hold about you and request correction. You can also complain to us about how we have handled your information. We aim to respond within 30 days and charge no fee for access. If you are not satisfied, you can escalate to the Office of the Australian Information Commissioner at oaic.gov.au.
If you are located in the EU, UK, or another jurisdiction with privacy rights beyond the APPs, contact us. We voluntarily apply the higher standard where we can and will work with you on access, erasure, or restriction requests on a reasonable-efforts basis.
If a breach affecting your personal information occurs and is likely to cause serious harm, we will notify you without undue delay and within 72 hours where feasible, along with the OAIC. For systems we build for clients we operate to a stricter internal standard, see our Trust Center. Report a suspected incident to [email protected] with subject starting "INCIDENT".
The Site and our services are for businesses and professionals. We do not knowingly collect information from anyone under 16.
We send marketing only where you have opted in and comply with the Spam Act 2003 (Cth). Unsubscribe via any marketing email or by emailing [email protected] with subject "Unsubscribe".
Material updates trigger a new "Last updated" date and, for active clients and subscribers, an email notice.
CEG Collective Pty Ltd (ABN 52 690 795 647), trading as NxtLayr AI
Email: [email protected]
Address: Sydney, NSW 2000, Australia
For privacy requests, use subject lines: "Privacy Request" or "INCIDENT" for suspected breaches. We aim to acknowledge within 5 business days.