Laruna ← Back to site

Privacy Policy — Laruna

Last updated: July 2026

Who we are

Laruna (operated by LEGAL ENTITY NAME, ABN     ) builds and runs AI-powered business automation for Australian businesses. Contact for anything in this policy: privacy@laruna.ai.

What we collect

How we use it

To respond to your enquiry, provide and improve the services you've engaged us for, send service communications (approvals, notifications, invoices), and — only if you've opted in — occasional updates about our services. Every marketing email contains a working unsubscribe (Spam Act 2003).

What we never do

AI processing

Parts of the service use AI to draft, sort and analyse. AI-generated actions that affect your customers are subject to the approval settings you control. Text needed for a task (for example, an enquiry to be answered) is processed by our AI provider at run time under contractual terms that prohibit its use for model training.

Who else touches data (service providers)

We use a small number of providers, each receiving only what its job requires: hosting (DigitalOcean, Australia), transactional email (Resend), AI processing (Anthropic), payments when enabled (Stripe — card details go directly to Stripe and never touch our servers), and domain/DNS services. Some providers process data outside Australia (currently the United States); where that happens we take reasonable steps consistent with APP 8. A current provider list is available on request.

Where data lives

Australian clients are hosted in Australia by default. Dedicated instances in other regions are available for clients with data-residency requirements.

Security

Access on a least-privilege basis with automatic expiry, multi-factor authentication on administrative accounts, encrypted connections, encrypted off-site backups, per-client data isolation, and a tamper-evident audit trail of actions taken in the platform. More at laruna.ai/security.

Access, correction and deletion

You may request access to, correction of, or deletion of your personal information at privacy@laruna.ai. We respond within 30 days. Deletion is honoured using redaction that preserves the integrity of legally required records (for example, tax invoices). Clients leaving the service receive a full export of their data.

Retention

Enquiry data that doesn't become a client relationship is retained no longer than 24 months. Client data is retained for the life of the engagement plus any legally required period (for example, financial records), then deleted.

Data breaches

We maintain a breach-response plan aligned with the Notifiable Data Breaches scheme. If a breach is likely to result in serious harm, we will notify affected individuals and the OAIC as the scheme requires.

Complaints

Contact privacy@laruna.ai first — we take this seriously and respond quickly. If you're not satisfied, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).

Changes

We'll post updates to this page with a new "last updated" date; material changes will be notified to active clients directly.

© 2026 Laruna. Built & run in Australia. Home · Privacy · Terms · Security