Privacy Policy

This Privacy Policy ("Policy") is issued by New Horizon Code PTY LTD (ABN 61 634 659 804) trading as Relay Pilot ("we", "us", "our").

Relay Pilot is a general-purpose, cloud-based ticketing and support platform (the "Platform") designed to assist organisations in managing customer and internal support communications, including tickets generated via web interfaces and inbound email.

This Policy outlines how we collect, hold, use, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs").

By accessing or using the Platform, you confirm that you have read, understood, and agree to this Policy.

APPs means the Australian Privacy Principles set out in Schedule 1 of the Privacy Act 1988 (Cth).

Content means any information, data, text, files, communications, or metadata submitted to, generated within, or processed by the Platform, including tickets and email content.

Personal Information has the meaning given in the Privacy Act and includes information or opinions about an identified individual or an individual who is reasonably identifiable.

Platform means the Relay Pilot ticketing application and associated services.

Services means the features and functionality made available through the Platform.

User means any individual authorised by a Client to access and use the Platform.

You / Your / Client means the organisation that has created an account and subscribed to the Platform.

This Policy applies to all Personal Information collected, stored, or processed in connection with your use of the Platform.

Relay Pilot is a business-to-business service. In most cases, we act as a data processor, and you act as the data controller in respect of Personal Information submitted to the Platform.

This Policy applies to all Users accessing the Platform under your account.

Personal Information

Depending on how you use the Platform, we may collect:

• Names, email addresses, and contact details of Users
• Account credentials and authentication data
• Ticket content, messages, and attachments submitted by Users or received via inbound email
• Communication records with our support team

System and Technical Data

Depending on how the Platform is accessed and used, we may collect:

• IP addresses and approximate location data
• Device, browser, and operating system information
• Session identifiers and authentication logs
• Audit logs, access records, and usage analytics
• Email metadata associated with inbound and outbound ticketing communications
• Device and browser-derived identifiers, including probabilistic identifiers generated using third-party services, used to recognise devices, maintain session integrity, prevent fraud, and detect abusive or anomalous activity

Intended Use Limitation

Relay Pilot is intended for non-sensitive support data. You must not use the Platform to store or process sensitive information unless required by law and appropriately authorised.

By using the Platform, you acknowledge and agree that:

• You are responsible for all Content submitted by your Users
• You warrant that you have lawful authority to collect and upload Personal Information
• You are responsible for ensuring Users are authorised and trained to handle Personal Information
• You must ensure compliance with all applicable privacy laws when using the Platform
• You are responsible for maintaining the confidentiality of account credentials
• You must promptly notify us of any suspected unauthorised access or misuse

We rely on your representations that Personal Information has been collected lawfully and in compliance with the Privacy Act.

We collect, hold, use, and disclose Personal Information for the following purposes:

• Providing, operating, and maintaining the Platform
• Processing and managing support tickets
• Ingesting and processing inbound emails into tickets
• Authenticating Users and securing accounts
• Responding to enquiries and providing customer support
• Improving performance, reliability, and functionality of the Platform
• Monitoring security, preventing misuse, and enforcing our Terms of Service
• Meeting legal and regulatory obligations

This may include the use of device identification technologies to protect the Platform, prevent fraud, and enforce security controls.

We do not use Personal Information for direct marketing unless expressly authorised.

The Platform may incorporate artificial intelligence or automated systems to assist with operational functions such as:

• Ticket categorisation or summarisation
• Suggested responses or workflow optimisation
• Detection of spam, abuse, or anomalous activity

AI features may rely on external service providers.

AI-generated outputs are provided for assistance only and:

• Are not guaranteed to be accurate or complete
• Do not constitute legal, technical, or professional advice
• Must be reviewed by Users before action is taken

You remain solely responsible for decisions made based on AI-assisted outputs.

We do not sell or rent Personal Information.

We may disclose Personal Information to:

• Users within your organisation
• Infrastructure and service providers supporting the Platform, including:
  • Supabase
  • Vercel
  • Resend
  • Stripe
  • FingerprintJS, Inc. (device identification and fraud prevention)
• Professional advisers, contractors, and auditors bound by confidentiality obligations
• Regulatory or law enforcement authorities where required by law

All disclosures are limited to what is reasonably necessary for the stated purpose.

Personal Information may be processed or stored in jurisdictions outside Australia.

Where data is transferred internationally, we take reasonable steps to ensure that overseas recipients provide a level of protection consistent with Australian privacy standards, including contractual and technical safeguards.

We implement reasonable technical and organisational measures to protect Personal Information, including:

• Encryption in transit and at rest
• Role-based access controls
• Audit logging and monitoring
• Secure authentication mechanisms
• Regular security reviews and risk assessments

No system is completely secure, and you acknowledge that transmission of information over the internet carries inherent risks.

We retain Personal Information only for as long as reasonably necessary to provide the Services and comply with legal obligations.

Unless otherwise required by law:

• Ticket and account data is retained for 90 days after account termination
• Data may be retained longer where required for dispute resolution, security, or legal compliance

After the retention period, data is securely deleted or de-identified.

You may request deletion of Personal Information in accordance with the APPs.

Deletion requests are subject to:

• Verification of authority
• Legal and regulatory retention requirements

We will take reasonable steps to delete or de-identify information once it is no longer required.

In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme, we will:

• Investigate and contain the incident
• Take appropriate remediation steps
• Notify affected Clients and the Office of the Australian Information Commissioner (OAIC) as required

Subject to identity verification, you may request:

• Access to Personal Information held about you
• Correction of inaccurate, incomplete, or out-of-date information

Requests should be directed to the contact details below. We will respond within a reasonable timeframe.

To the maximum extent permitted by law:

• We are not liable for loss arising from your misuse of the Platform or breach of privacy obligations
• We are not liable for indirect, incidental, or consequential loss
• You assume responsibility for compliance with privacy laws applicable to your use of the Platform

Nothing in this Policy limits rights that cannot be excluded under Australian law.

We may update this Policy from time to time.

Updates take effect upon publication. Continued use of the Platform constitutes acceptance of the updated Policy.

Where required by law, we will provide notice of material changes.

If you have a privacy concern or complaint, contact our Privacy Officer:

If you are not satisfied with our response, you may contact the OAIC:

This Policy is governed by the laws of Queensland, Australia. The courts of Queensland have exclusive jurisdiction.

Relay Pilot does not knowingly collect or permit the collection of Personal Information from individuals under the age of 18.

If we become aware that Personal Information of a minor has been collected, we will take reasonable steps to delete it.