Privacy Policy — Laruna
Last updated: July 2026
Who we are
Laruna (operated by LEGAL ENTITY NAME, ABN ) builds and runs AI-powered business automation for Australian businesses. Contact for anything in this policy: privacy@laruna.ai.
What we collect
- When you enquire (forms, chat, email, phone): your name, contact details, business name, and what you tell us about your business needs.
- When you become a client: the business information needed to provide the services — leads, customer contact records, bookings, documents, invoices and message history handled by your Laruna platform.
- Technical data: standard server logs (IP address, browser type, pages requested) kept for security and reliability. We do not run third-party advertising trackers.
How we use it
To respond to your enquiry, provide and improve the services you've engaged us for, send service communications (approvals, notifications, invoices), and — only if you've opted in — occasional updates about our services. Every marketing email contains a working unsubscribe (Spam Act 2003).
What we never do
- We never sell personal information.
- Your business data is never used to train AI models — ours or anyone else's.
- We never send marketing to your customers. Your customer data is processed solely to run YOUR services, on your instructions.
AI processing
Parts of the service use AI to draft, sort and analyse. AI-generated actions that affect your customers are subject to the approval settings you control. Text needed for a task (for example, an enquiry to be answered) is processed by our AI provider at run time under contractual terms that prohibit its use for model training.
Who else touches data (service providers)
We use a small number of providers, each receiving only what its job requires: hosting (DigitalOcean, Australia), transactional email (Resend), AI processing (Anthropic), payments when enabled (Stripe — card details go directly to Stripe and never touch our servers), and domain/DNS services. Some providers process data outside Australia (currently the United States); where that happens we take reasonable steps consistent with APP 8. A current provider list is available on request.
Where data lives
Australian clients are hosted in Australia by default. Dedicated instances in other regions are available for clients with data-residency requirements.
Security
Access on a least-privilege basis with automatic expiry, multi-factor authentication on administrative accounts, encrypted connections, encrypted off-site backups, per-client data isolation, and a tamper-evident audit trail of actions taken in the platform. More at laruna.ai/security.
Access, correction and deletion
You may request access to, correction of, or deletion of your personal information at privacy@laruna.ai. We respond within 30 days. Deletion is honoured using redaction that preserves the integrity of legally required records (for example, tax invoices). Clients leaving the service receive a full export of their data.
Retention
Enquiry data that doesn't become a client relationship is retained no longer than 24 months. Client data is retained for the life of the engagement plus any legally required period (for example, financial records), then deleted.
Data breaches
We maintain a breach-response plan aligned with the Notifiable Data Breaches scheme. If a breach is likely to result in serious harm, we will notify affected individuals and the OAIC as the scheme requires.
Complaints
Contact privacy@laruna.ai first — we take this seriously and respond quickly. If you're not satisfied, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).
Changes
We'll post updates to this page with a new "last updated" date; material changes will be notified to active clients directly.