Pinksheep Privacy Policy

1. Introduction

This Privacy Policy explains how Marshall Tech Group Pty Ltd (ABN 37 682 034 091), operating as “Pinksheep” (“Pinksheep”, “we”, “us”, or “our”), collects, uses, discloses, and safeguards your personal information.

This policy applies to all visitors of our website, users of our web application, and individuals who interact with our AI agent builder platform and related application programming interfaces (collectively, the “Services”).

We are committed to protecting your privacy and strive to comply with applicable data protection laws, including the Australian Privacy Act 1988 (Cth), the EU General Data Protection Regulation (GDPR), the UK GDPR, and relevant US state privacy laws such as the California Consumer Privacy Act (CCPA), to the extent they apply to our operations.

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

2. Information We Collect

We collect information that identifies, relates to, describes, or could reasonably be linked to you (“Personal Information”). We collect this information directly from you, automatically through your use of the Services, and from third-party integrations you authorize.

2.1. Information You Provide Directly

• Account Information: When you register, we collect your first name, last name, email address, and password.
• Payment Information: If you purchase a subscription or Credits, our third-party payment processors collect your billing address and payment details. We do not store raw credit card numbers on our servers.
• Agent Configuration and Chat Inputs: We collect the text prompts, chat messages, and configurations you input when building or communicating with an Agent.
• Support and Inquiries: If you contact us for customer support or sales inquiries, we collect the contents of your messages.

2.2. Information from Connected Accounts

A core feature of Pinksheep is the ability to connect third-party applications (your “Connected Accounts”, such as CRMs, messaging platforms, or productivity suites).

• Authentication Data: When you authorize a connection, we receive and securely store authentication tokens (such as OAuth tokens) brokered by our integration gateways.
• Operational Data: To execute the Agents you configure, our systems access, retrieve, and process data from your Connected Accounts. We only access the specific data required to execute the workflow steps defined in your Agent’s blueprint.

2.3. Information Collected Automatically

• System and Device Data: We automatically collect your IP address, browser type, operating system, and device identifiers when you visit our website or use our app.
• Usage and Telemetry Data: We track how you interact with the Services, including pages visited, features used, clicks, and navigation paths.
• Audit and Execution Logs: We generate and store step-by-step execution logs of your Agents’ activities. This includes records of API requests sent to and responses received from your Connected Accounts, timestamps, and error codes. These logs are necessary for debugging, cost accounting, and providing transparency into autonomous actions.

2.4. Public and Shared Artifacts

If you choose to publish, share, or make available content, Agents, templates, workflows, outputs, or other materials through the Services (“Shared Artifacts”), we will collect and display the information you provide as part of that Shared Artifact, along with related metadata (for example, your display name and basic engagement metrics). Depending on how you share, Shared Artifacts may be visible to other users or the public. Please do not include sensitive information or personal information you are not authorized to share in Shared Artifacts.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide the Services: To create and manage your account, authenticate your logins, and securely connect to your authorized third-party applications.
• To Execute Agents: To process your prompts and pass necessary context to AI models, allowing your Agents to perform their configured tasks.
• To Process Payments: To manage your Credit balance, process subscriptions, and prevent fraudulent transactions.
• To Communicate With You: To send administrative notifications, such as Agent failure alerts, approval requests, billing updates, and security notices.
• To Improve the Platform: To analyze usage trends, monitor platform health, troubleshoot bugs, and develop new features.
• To Enforce Legal Obligations: To investigate and prevent abusive or fraudulent activity, and to comply with legal and regulatory requirements.

3.1 Legal bases (EEA/UK)

If you are located in the EEA or the United Kingdom, we process Personal Information under one or more of the following legal bases:

• Contract: To provide the Services you request, including operating your account and executing Agents you configure.
• Legitimate interests: To secure and improve the Services, prevent fraud and abuse, and maintain platform performance and reliability.
• Consent: Where required by law, for certain cookies and similar tracking technologies (you can manage cookie preferences through your browser settings and any consent tools we provide).
• Legal obligation: To comply with applicable laws, lawful requests, and regulatory requirements.

4. How We Share Your Information

We do not sell your Personal Information. We share your information only in the following circumstances:

• Third-Party AI Model Providers: To generate outputs and determine Agent actions, we securely transmit your prompts and the necessary contextual data retrieved from your Connected Accounts to third-party AI model APIs.
• Integration and Authentication Gateways: We use secure infrastructure partners to broker OAuth connections and API requests to your Connected Accounts.
• Cloud Infrastructure Providers: Our database, application hosting, and MCP API endpoints are hosted on secure cloud infrastructure providers located in Australia and globally.
• Analytics Partners: We share usage and telemetry data with analytics providers to help us understand web traffic and UI interactions.
• Payment Processors: We share billing information with secure payment gateways to process your purchases.
• Other Users and the Public (When You Choose to Share): If you publish or share Shared Artifacts, we will disclose that content and related metadata to the audience you select (for example, other users or the public).
• Legal Compliance and Safety: We may disclose your information if required to do so by law, court order, or government request, or to protect the rights, property, or safety of Pinksheep, our users, or the public.

5. Our Stance on AI Training

We understand that your business data is sensitive.

We explicitly do not use your Account Information, Customer Data, chat inputs, or any data retrieved from your Connected Accounts to train our own proprietary foundational AI models.

We also take steps designed to prevent our third-party AI model providers from using the content we submit via their APIs to train their publicly available models. Depending on the provider and configuration, those providers may retain submitted content for a limited period to provide the service, maintain safety, prevent abuse, or comply with legal obligations.

6. Cookies and Tracking Technologies

We use cookies, local storage, and similar tracking technologies to ensure the proper functioning of our Services and to analyze user behavior.

• Necessary Cookies: These are required for the platform to function, such as maintaining your logged-in session and securing your account.
• Analytics Cookies: These help us understand how visitors interact with our website by collecting reporting data anonymously.

Where required by law (including in the EEA and the UK), we seek your consent before placing non-essential cookies and similar technologies. You can withdraw consent at any time through any cookie preference tools we make available, or through your browser settings.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept necessary cookies, you may not be able to use the logged-in features of our app.

For more information, please see our Cookie Policy.

7. Data Security and Retention

Security: We implement industry-standard technical and organizational measures to protect your Personal Information from unauthorized access, loss, or alteration. This includes encryption of data in transit and at rest. However, no internet transmission or electronic storage system is 100% secure, and we cannot guarantee absolute security.

Retention: We retain your Account Information for as long as your account is active or as needed to provide you the Services. We retain Audit and Execution Logs, as well as chat histories, to provide you with a transparent record of your Agents’ actions. You may delete your Agents or request account deletion at any time, after which we will delete or anonymize your data, except where retention is required for legal, tax, or accounting purposes.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your Personal Information:

• Access: The right to request a copy of the personal data we hold about you.
• Correction: The right to request that we correct inaccurate or incomplete data.
• Deletion (Right to be Forgotten): The right to request the deletion of your personal data.
• Objection and Restriction (EEA/UK): Where applicable, the right to object to certain processing or request that we restrict processing.
• Portability (EEA/UK): Where applicable, the right to request a copy of certain personal data in a structured, commonly used, machine-readable format.
• Revocation of Consent: You may revoke Pinksheep’s access to any Connected Account at any time via the Integrations page in your dashboard. This immediately ceases our ability to read or write data to that specific third-party service.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request in accordance with applicable data protection laws.

8.1 Complaints

If you have a privacy complaint or concern, please contact us first so we can try to resolve it. If you are not satisfied with our response, you may be able to lodge a complaint with your local regulator. In Australia, this includes the Office of the Australian Information Commissioner (OAIC).

9. International Data Transfers

Pinksheep operates globally. Your Personal Information may be transferred to, processed, and stored in countries outside of your jurisdiction of residence, including Australia and the United States, where our cloud infrastructure and third-party service providers are located. Where required, we use contractual and other safeguards designed to help protect your Personal Information during international transfers (for example, standard contractual clauses or equivalent mechanisms).

10. Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Information from children under 18. If we become aware that we have collected Personal Information from a child under 18 without parental consent, we will take steps to remove that information and terminate the associated account.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. We may also notify you via email or through a prominent notice on our platform.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Marshall Tech Group Pty Ltd
Suite 110, 147 King Street
Sydney NSW 2000
Australia
Email: privacy@pinksheep.ai

Business customers who require a processor agreement for EU/UK data protection compliance can request our Data Processing Addendum.