BIDLA.
Legal

Privacy Policy.

Last updated: 17 June 2026

How Bidla collects, uses, discloses and protects your personal information, in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

1. About this Policy

This Privacy Policy describes how Feike Newcastle Pty Ltd ACN 622 647 269 trading as Bidla (Bidla, we, us, our) collects, uses, discloses and protects personal information.

Bidla is an Australian AI consultancy. We design, build and host AI applications and workflows for clients (our Hosted Services), and we train clients to design, build and operate their own AI systems using our templates, skills and prompts (our Training and Enablement Services).

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Policy explains the personal information we handle in connection with our website (bidla.ai), our sales and marketing activities, our client engagements, and our Services.

2. What is personal information

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether it is recorded in a material form or not.

Sensitive information is a subset of personal information that includes health information and information about race, religious beliefs, sexual orientation, political views and similar attributes. We do not actively collect sensitive information. If sensitive information is included in client Data we handle in connection with our Services, we will only use that information for the purpose of providing the Services and as otherwise required by law.

3. The personal information we collect

The kinds of personal information we collect depend on how you interact with us. This may include:

  • Website visitors: IP address, device and browser information, pages visited and similar analytics data collected automatically when you visit bidla.ai (see clause 12 on cookies and analytics).
  • Enquiries and prospects: your name, business name, role, email address, phone number, and the content of any enquiry or message you send to us via our website, email, LinkedIn or other channels.
  • Clients and client personnel: your name, role, business contact details, billing information, and information you provide to us in connection with a client engagement (including via meetings, calls, shared documents and project tooling).
  • Client Data: in the course of providing our Services, we may handle data supplied by our clients which contains personal information about their employees, customers or other individuals. This is referred to as Client Data and is handled in accordance with the relevant client agreement.
  • Suppliers and contractors: name, contact details, business details and information needed to manage the supplier relationship.

4. How we collect personal information

We collect personal information in the following ways:

  • Directly from you when you contact us, fill in a form on our website, sign up for our Services, or otherwise interact with us.
  • From your use of our website, through cookies and similar technologies.
  • From third parties we work with, including referral partners, sales enrichment tools, and authentication providers, where you have consented or such collection is otherwise permitted by law.
  • From your colleagues, where someone in your organisation provides your details to us in connection with a Service engagement.

5. Why we collect, use and disclose personal information

We collect, use and disclose personal information to:

  • respond to enquiries and provide quotes or Proposals;
  • provide the Services described in our agreements with clients;
  • manage client relationships, billing and payments;
  • communicate with you about our Services, including service updates, support, and marketing communications you have agreed to receive;
  • improve our Services, including through internal analytics and benchmarking using de-identified and aggregated information;
  • comply with our legal, regulatory, audit, accounting and tax obligations; and
  • protect our rights and the rights of our clients and other third parties.

We will only use your personal information for the primary purpose for which it was collected, for a related secondary purpose that you would reasonably expect, or where you have consented or we are otherwise permitted by law.

We will not use Client Data to train, fine-tune or evaluate any artificial intelligence model owned or developed by Bidla. Where Client Data is sent to third-party services (including large language model providers), we will use configurations that do not permit those third-party services to use Client Data to train their models, to the extent such configurations are made available by the relevant third-party service.

6. Our use of artificial intelligence tools

We use AI tools, principally Anthropic's Claude, internally to deliver our services.

Our internal use runs on commercial terms or on accounts configured with model training disabled, so information we enter is not used to train the provider's models, in accordance with the provider's published terms or settings current at the time.

We do not enter client personal information or sensitive information into AI tools unless agreed in writing for a specific engagement with an architecture designed to support that information. This is consistent with guidance from the Office of the Australian Information Commissioner that personal and sensitive information should not be entered into general-purpose AI chatbots.

7. Marketing

From time to time we may send you marketing communications about our Services. You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us using the details in clause 15.

8. Disclosure to third parties

We may disclose personal information to:

  • our personnel, contractors and related entities who need access to perform their roles;
  • third-party service providers who help us run our business and provide our Services, including cloud hosting, database, authentication, automation, large language model, payment processing, email, CRM, marketing, accounting and analytics providers;
  • our professional advisers, including lawyers, accountants and insurers;
  • government agencies, law enforcement bodies or courts where required or authorised by law; and
  • any party in connection with a sale, transfer or restructure of our business, on the basis that the recipient will be bound by appropriate confidentiality and privacy obligations.
Key third-party service providers
ProviderWhat they do for usWhat they may holdWhere hosted
NeonDatabase hosting for client applicationsClient Data and application dataAWS, default region ap-southeast-2 (Sydney) for Australian clients; region per project
VercelApplication hostingApplication content and logsPrimary region default Sydney for Australian clients; global edge network
ClerkAuthentication and sign-inNames, email addresses, sign-in credentialsUnited States (primary)
AnthropicLarge language model servicesPrompts and outputsUnited States (processing)
OpenAILarge language model services, where used for a specific engagementPrompts and outputsUnited States (processing)
GitHubSource code hosting for client deliverablesDeliverable source code and commit metadataUnited States
Automation platforms (e.g. n8n, Make, Zapier)Workflow automation, where used for a specific engagementWorkflow data passing through the automationPer provider, identified in the engagement
Productivity, CRM, payment, email, accounting and analytics toolsRunning our businessBusiness records and contact detailsUnited States or Europe

We update this list from time to time as our service providers change.

9. Overseas disclosure

Some of our service providers store or process personal information outside Australia. In particular:

  • Databases and hosting: by default, Australian client databases and primary application hosting are located in Australia (for example, Neon and Vercel regions in Sydney); see the provider table above. Some components may be hosted in other regions for performance or availability reasons.
  • Authentication: our authentication provider is based in the United States and information used for sign-in and identity management is processed there.
  • Large language models: prompts and outputs sent to large language model providers (including Anthropic and OpenAI) are processed in the United States.
  • Productivity, CRM and marketing tools: many of these tools are operated by United States or European providers and store information accordingly.

Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles the information in accordance with the Australian Privacy Principles or substantially similar protections.

Providers operating outside Australia may be subject to the laws of the jurisdictions in which they operate, including laws permitting access to data by government authorities.

10. Storage and security

We hold personal information in secure electronic systems operated by us or our service providers. We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include access controls, encryption of data in transit and at rest where appropriate, and monitoring of our systems.

If we become aware of a confirmed unauthorised access to or disclosure of personal information in our control (a Security Incident), we will notify affected clients without undue delay and, where practicable, within 72 hours of becoming aware of the incident. We will also comply with our obligations under the Notifiable Data Breaches scheme where applicable.

11. Retention

We retain personal information for as long as we need it for the purposes set out in this Policy, or as required by law. When personal information is no longer needed, we will take reasonable steps to destroy or de-identify it.

On termination of a client engagement, and on written request, we will within a reasonable period not exceeding 30 days either return Client Data to the client in a structured, commonly used format, or securely delete Client Data and provide written confirmation of deletion, subject to any legal or regulatory obligations and our standard backup retention processes.

12. Cookies and analytics

Our website uses cookies and similar technologies to operate the site, remember your preferences, and understand how visitors use the site. You can disable cookies in your browser settings, but parts of the site may not function correctly without them.

We may use third-party analytics services (such as Google Analytics) to understand site usage. These services may collect information about your visit. You can find out more about how these services use your information by reviewing their privacy policies.

13. Your rights

You have the right to:

  • Access: request access to the personal information we hold about you.
  • Correction: request that we correct personal information we hold about you that is inaccurate, out of date, incomplete, irrelevant or misleading.
  • Complain: complain about how we have handled your personal information.

To exercise any of these rights, contact us using the details in clause 15. We may need to verify your identity before responding to your request. We will respond within a reasonable time and, where practicable, within 30 days.

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The current version is available at bidla.ai/privacy and the Last updated date at the top of this Policy reflects when it was last changed. We encourage you to review this Policy periodically.

15. Contact us

For any privacy queries, requests or complaints, please contact:

Bidla
c/o Feike Newcastle Pty Ltd ACN 622 647 269
Email: hello@bidla.ai
Website: bidla.ai

End of Policy.