NxtLayr AI
Back to HomeLegal

Privacy Policy

Effective May 27, 2026 · Last updated May 27, 2026

1.Introduction

NxtLayr AI is a registered business name of CEG Collective Pty Ltd (ABN 52 690 795 647), a company registered in New South Wales, Australia. This Privacy Policy explains how we handle personal information when you visit nxtlayrai.com, engage us for services, or otherwise interact with us.

We voluntarily apply the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) to all personal information we hold, regardless of whether the small business exemption applies to us at any given time.

2.Who this applies to

This policy covers anyone who visits the Site, contacts us, or engages us directly. It does not apply to personal information we process on behalf of a client under a Data Processing Agreement. That information is governed by the client's own privacy policy.

3.What we collect

Identity and contact: name, business title, company name, email, phone, business address.

Commercial context: industry, business size, role, AI use case, and the inputs and estimate you generate with our on-site calculators (e.g. team size, tools used, estimated annual leak). These estimates are indicative only.

Marketing consent record: where you opt in to our emails, we record that you consented, when, the source form, and the exact wording you agreed to, so we can evidence your consent and honour withdrawal. You can unsubscribe via the one-click link in every marketing email or by replying "unsubscribe".

Financial: invoice records. Payments are processed by Stripe, we do not store card details.

Engagement: call notes, audit findings, project documentation.

Technical and analytics: IP address, browser, OS, device type, pages visited, referrer, conversion events. We use Google Tag Manager / GA4, Meta Pixel, Apollo website tracker, and Contentsquare for analytics and retargeting.

Third-party enrichment: publicly available business information from lead-enrichment sources such as Apollo and ZoomInfo. If you would prefer we remove you from our prospect records, email us and we will.

We do not collect sensitive information (health, biometric, political, etc.) unless you provide it for a specific stated purpose.

4.Why we use it

To respond to enquiries and deliver services, to send service communications, to send marketing where you have opted in, to improve and secure the Site, and to meet legal obligations. We do not use your personal information for automated decisions that significantly affect you.

5.AI and your data

Because we consult on AI, we want to be explicit: we do not use your personal information to train AI models, and our AI sub-processors are contractually prohibited from using our API data to train their models. Full details are in our Trust Center.

6.Who we share it with

Only with service providers who need it to deliver our services: Stripe (payments), Google Workspace (email), Attio (CRM), Cal.com (booking), Vercel and AWS (hosting), and the AI providers listed in our Trust Center. Also with our professional advisors (lawyers, accountants, insurers) or where legally compelled. We do not sell personal information.

7.Overseas transfers

Some of our service providers operate outside Australia, primarily the US and EU. Under APP 8 we take reasonable steps to ensure they handle personal information consistent with the APPs.

8.Cookies and tracking

The Site uses strictly necessary cookies (no consent needed) and analytics, marketing, and session-replay cookies (which require consent in some jurisdictions, a banner will display where applicable). You can manage cookies in your browser at any time.

9.Retention

Audit and engagement records: 7 years. Invoices and payment records: 7 years. Marketing subscriptions: until you unsubscribe plus 30 days. Site analytics (GA4 raw): 14 months. Prospect and CRM records: while the relationship is active, plus 3 years. General email correspondence: 7 years.

10.Security

TLS in transit, encryption at rest for sensitive systems, role-based access, MFA on critical accounts, and the ACSC Essential Eight at Maturity Level 1 (tracking toward Level 2).

11.Your rights

Under APPs 12 and 13 you can ask us for a copy of the personal information we hold about you and request correction. You can also complain to us about how we have handled your information. We aim to respond within 30 days and charge no fee for access. If you are not satisfied, you can escalate to the Office of the Australian Information Commissioner at oaic.gov.au.

If you are located in the EU, UK, or another jurisdiction with privacy rights beyond the APPs, contact us. We voluntarily apply the higher standard where we can and will work with you on access, erasure, or restriction requests on a reasonable-efforts basis.

12.Data breaches

If a breach affecting your personal information occurs and is likely to cause serious harm, we will notify you without undue delay and within 72 hours where feasible, along with the OAIC. For systems we build for clients we operate to a stricter internal standard, see our Trust Center. Report a suspected incident to [email protected] with subject starting "INCIDENT".

13.Children's privacy

The Site and our services are for businesses and professionals. We do not knowingly collect information from anyone under 16.

14.Marketing communications

We send marketing only where you have opted in and comply with the Spam Act 2003 (Cth). Unsubscribe via any marketing email or by emailing [email protected] with subject "Unsubscribe".

15.Changes

Material updates trigger a new "Last updated" date and, for active clients and subscribers, an email notice.

16.Contact

CEG Collective Pty Ltd (ABN 52 690 795 647), trading as NxtLayr AI

Email: [email protected]

Address: Sydney, NSW 2000, Australia

For privacy requests, use subject lines: "Privacy Request" or "INCIDENT" for suspected breaches. We aim to acknowledge within 5 business days.

© 2026 CEG Collective Pty Ltd trading as NxtLayr AI. ABN 52 690 795 647.
Trust CenterPrivacy PolicyTerms of Service