Governing Law: This Privacy Policy is issued in compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, it also reflects obligations under the EU General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act / CPRA (CCPA/CPRA). Users in those jurisdictions retain the rights described herein.

 

 

1.  INTRODUCTION

Welcome to www.borderlink.ai ("BorderLink AI," "Company," "we," "us," or "our"). BorderLink AI is a trade name of Onidexi Pty Ltd, an Australian company (ABN 40 645 109 002).

We are committed to protecting your privacy and ensuring that your personal information is handled responsibly and in accordance with applicable law. This Privacy Policy explains how we collect, use, store, disclose, and protect your information when you:

• Visit www.borderlink.ai (the "Site")

• Subscribe to or use the BorderLink AI SaaS platform (the "Platform" or "Service")

• Upload trade documentation to the Service

• Interact with our AI-powered features including the AI Assistant chatbot and AI email drafting tools

• Communicate with us via email, contact forms, or support channels

 

By using the Site or Service, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Site and Service immediately.

This Policy should be read together with our Terms of Service, which govern your use of the Platform and contain additional obligations related to AI-generated outputs and mandatory human review.

 

2.  WHO THIS POLICY APPLIES TO

This Privacy Policy applies to all individuals whose personal information we handle, including:

• Account holders (subscribers and plan purchasers)

• Administrator users who manage a team or organisational account

• Sub-users nominated by an administrator to access and collaborate on the Platform

• Visitors to the Site who have not created an account

• Individuals whose personal data may appear incidentally in trade documents uploaded to the Platform (e.g., consignee names, shipper contacts)

 

2.1   Sub-Users

Where an administrator account nominates sub-users to access the Platform, the administrator is responsible for:

• Informing each sub-user that their personal information will be collected and processed in accordance with this Privacy Policy

• Obtaining any necessary consents from sub-users prior to nomination

• Ensuring sub-users have access to this Privacy Policy

By nominating a sub-user, the administrator warrants that they have taken the steps above. Sub-users may contact us directly to exercise their privacy rights as set out in Section 10.

 

3.  INFORMATION WE COLLECT

3.1   Personal Information You Provide

We may collect personal information that you voluntarily provide, including:

• Full name and contact details (email address, phone number)

• Billing details (excluding full credit card numbers, which are handled by payment processors)

• Account login credentials (username, password hash)

• Administrator and sub-user profile information (name, work email, role or title)

• Trade-related documentation and the personal data contained therein (e.g., consignee names, shipper contact details, broker information)

• Communications you send to us via contact forms or support channels

 

3.2   Commercial Trade Data

In the course of using the Platform, you may upload or generate documents that contain "Commercial Trade Data," meaning information extracted from trade documents such as Commercial Invoices, Bills of Lading, Packing Lists, Certificates of Origin, Import/Export Declarations, and freight and logistics correspondence.

Commercial Trade Data is treated as strictly confidential and is subject to the enhanced protections described in Section 8 of this Policy.

 

3.3   Digital Product Purchase & Download Data

To deliver digital products securely and prevent misuse, we may collect download timestamps, number of download attempts, IP address used during download, device and browser identifiers, and fraud prevention signals.

 

3.4   Payment Information

Payments are processed by third-party providers including Wix Payments, PayPal, and/or Stripe. We do not store or have access to full credit card numbers. Payment processors may collect billing address, partial card details, transaction metadata, and fraud screening data. Please review the relevant payment processor's privacy policy for further detail.

 

3.5   Usage and Platform Activity Data

We automatically collect information about how you use the Platform, including:

• IP address and approximate geographic location (city/region)

• Browser type, version, and operating system

• Pages visited, features used, and time spent

• Referring URLs and exit pages

• Shipment and workflow actions taken within the Platform

• AI feature usage patterns (in aggregate and de-identified form only)

 

3.6   Cookies & Tracking Technologies

We use cookies and similar technologies to enable essential site and platform functionality, maintain session authentication and account security, analyse website traffic and platform usage, improve user experience, and support marketing and retargeting where you have consented. You may manage cookie preferences through our cookie preference centre or your browser settings. Disabling essential cookies may impair Platform functionality.

 

3.7   Authentication Method

The Platform uses passwordless authentication. When you log in, a secure, single-use login link is sent to your registered email address via our authentication infrastructure provider, Supabase (a subsidiary of Supabase Inc.). No persistent password is stored for your account. Because access to the Platform is contingent upon access to your registered email inbox, you are solely responsible for maintaining the security of your email account. BorderLink AI is not liable for unauthorised access resulting from compromise of your email account.

 

4.  HOW WE USE YOUR INFORMATION

4.1   Service Delivery (Contractual Necessity)

• Providing, operating, and maintaining the Platform and its features

• Processing subscription payments and managing account billing

• Delivering digital products and granting platform access

• Enabling administrator and sub-user collaboration features

• Processing uploaded trade documents through AI and OCR tools to generate outputs

• Providing the AI Assistant chatbot and AI email drafting functionality

• Displaying currency exposure data within the Platform

 

4.2   Legitimate Business Interests

• Analysing platform usage to improve features and user experience

• Preventing fraud, abuse, or unauthorised account access

• Monitoring for security incidents and system integrity

• Training our internal models using de-identified, aggregated data only (see Section 8.3)

 

4.3   Legal Compliance

• Complying with applicable laws, regulations, and government requests

• Meeting tax and accounting record-keeping obligations

• Responding to lawful legal proceedings or regulatory inquiries

• Enforcing our Terms of Service

 

4.4   Marketing & Communications (Consent)

We send marketing communications only where you have opted in. You may withdraw consent at any time by clicking "Unsubscribe" in any marketing email or contacting us directly.

 

4.5   What We Do NOT Do With Your Data

Important: We do not sell, rent, or trade your personal information or Commercial Trade Data to any third party for their own marketing or commercial purposes. We do not use your Commercial Trade Data to train any public or foundational AI model.

 

5.  SHARING YOUR INFORMATION

We do not sell or rent your personal information. We share information only in the following circumstances:

 

5.1   Service Providers & Sub-Processors

We engage trusted third-party service providers who process data on our behalf and are contractually bound to handle it securely and only for the purposes we specify, including:

• Wix — website hosting, e-commerce checkout, and platform infrastructure

• Payment Processors (Wix Payments, PayPal, Stripe) — payment processing

• Supabase — authentication, database hosting, serverless edge functions, and encrypted file storage infrastructure

• FormSubmit.co — processing and forwarding of in-platform enquiry and upgrade request form submissions

• AI / LLM Providers (e.g., Anthropic and others) — processing uploaded documents and powering AI features (see Section 8)

• OCR Engine Providers — extracting text from uploaded trade documents

• Email Service Providers — transactional and marketing communications

• Analytics Providers — aggregated website and platform usage analytics

• Cloud Storage / Infrastructure Providers — secure encrypted data storage

• Customer Support Platforms — managing support tickets and communications

A current list of our key sub-processors is available on request.

 

5.2   Within Your Organisation (Sub-Users)

Where an administrator has nominated sub-users, certain account data and shipment information will be visible to other nominated members of that organisation's account within the Platform. Administrators control which users are granted access and at what permission level.

 

5.3   Legal Requirements

We may disclose your information where required to comply with applicable laws, respond to lawful government or law enforcement requests, protect our legal rights or property, or investigate suspected fraud or security threats.

 

5.4   Business Transfers

In the event of a merger, acquisition, or sale of assets involving Onidexi Pty Ltd or the BorderLink AI business, your personal information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

 

5.5   Affiliates & Referrals

We may refer you to third-party service providers where our platform does not offer a required service. Any such referral will be disclosed to you in advance. We do not share your personal data with referral partners without your knowledge.

 

6.  INTERNATIONAL DATA TRANSFERS

BorderLink AI is an Australian business. Because we use global service providers (including Wix, AI providers, and cloud infrastructure), your information may be transferred to and stored in countries outside Australia, including the United States and European Union member states.

Where we transfer personal information outside Australia, we take reasonable steps to ensure the recipient handles your information consistently with the Australian Privacy Principles, including by entering into contractual data processing agreements with sub-processors, selecting sub-processors certified under recognised frameworks (e.g., ISO 27001), and utilising zero-retention or ephemeral processing configurations with AI providers where technically available.

 

7.  DATA SECURITY

We implement appropriate technical and organisational measures to protect your personal information and Commercial Trade Data, including:

• Encryption of data at rest and in transit (TLS/HTTPS)

• Encrypted isolated storage environments for Commercial Trade Data (see Section 8.4)

• Access controls limiting data access to authorised personnel only

• Regular security assessments and monitoring

• Sub-processor contractual security requirements

 

No method of electronic transmission or storage is completely secure. In the event of a data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme.

 

8.  AI PROCESSING & COMMERCIAL TRADE DATA

Enhanced Protection: Commercial Trade Data is subject to the enhanced protections in this Section. We treat it as strictly confidential and apply controls that go beyond those applied to standard personal information.

 

8.1   Processing of Commercial Trade Data

When you upload trade documents to the Platform, we process the data contained in those documents solely for the purpose of providing the Services to you, including generating HS code classification suggestions, performing document auditing and compliance risk assessments, calculating landed costs and export costs, and populating shipment records and workflow automation.

We do not use Commercial Trade Data for any purpose beyond delivering the contracted Services.

 

8.2   AI Sub-Processors & Model Training Opt-Out

BorderLink AI uses third-party AI and ML providers (such as Anthropic and others) via secured API connections to process uploaded documents and power AI features.

• Training Opt-Out: We explicitly opt out of all model training and data retention features offered by our third-party AI sub-processors. Your Commercial Trade Data is never used to train, fine-tune, refine, or improve any public, shared, or foundational AI model.

• Ephemeral Processing: Where technically available, we configure AI sub-processors to use zero-retention or ephemeral processing, meaning your data is deleted from the sub-processor's environment immediately after the AI output is generated.

• API-Only Access: Your data is transmitted to AI sub-processors solely via secured API connections and is not stored in or accessible through any shared AI provider environment.

 

8.3   Internal Model Improvement

To improve Platform accuracy, we may use de-identified, aggregated data derived from Platform usage to refine internal models. Before any such use, we warrant that all PII is removed, all commercially sensitive trade details are removed or generalised, and the resulting data cannot reasonably be re-linked to any individual or organisation. You may opt out by contacting us without affecting your ability to use the Service.

 

8.4   Data Isolation & Encryption

All uploaded documents and extracted Commercial Trade Data are stored in encrypted, isolated storage environments. Logical separation controls ensure that no cross-contamination occurs between different user accounts or organisations. Access is restricted to the account that uploaded the data and authorised BorderLink AI personnel with a legitimate operational need.

 

8.5   AI Outputs Are Not Automated Decisions with Legal Effect

AI-generated suggestions for tariff classifications, compliance risks, and cost calculations do not constitute "automated decision-making" with direct legal or similarly significant effect. A qualified human reviewer (the "Human-in-the-Loop" as defined in our Terms of Service) is always required to review and approve AI Outputs before they are used for any official, commercial, or regulatory purpose.

 

8.6   Third-Party Personal Data in Uploaded Documents

Trade documents you upload may contain personal information relating to third parties (e.g., consignee names, shipper contact details). You warrant that you have a lawful basis to upload such information and that doing so complies with any privacy obligations you owe to those individuals. We process such third-party personal data only as necessary to deliver the Service.

 

9.  DATA RETENTION

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal obligations:

• Account Information: Retained for the duration of your active subscription or as required by law

• Commercial Trade Data: Retained for the duration of your active subscription plus the period required to assist you in meeting statutory trade record-keeping obligations (typically 5-7 years in most jurisdictions, including 5 years under Australian customs law). Upon cancellation, you will have the opportunity to export your data before deletion.

• Payment Records: Retained for 7 years to meet Australian tax and accounting obligations

• Usage and Analytics Data: Retained in identifiable form for up to 24 months, after which aggregated and de-identified

• AI Processing Logs: Ephemeral by design; sub-processor logs deleted in accordance with our zero-retention configuration

• Marketing Consent Records: Retained until you withdraw consent, plus a reasonable period to demonstrate compliance

 

You may request deletion of your personal information at any time (see Section 10). We will action deletion requests within 30 days, subject to any overriding legal retention obligations.

 

Upon cancellation of your subscription, you will have 30 days to export your Shipment Data and Commercial Trade Data via the Platform's export functionality or by requesting a data export from admin@borderlink.ai.

Exported data will be provided in standard machine-readable formats (e.g., CSV, JSON, or PDF). After the 30-day export window, your data will be scheduled for permanent deletion in accordance with our retention obligations.

 

10.  YOUR PRIVACY RIGHTS & CHOICES

Under applicable privacy law (including the Australian Privacy Act 1988 and, where applicable, the GDPR and CCPA/CPRA), you may have the following rights:

• Right of Access: Request a copy of the personal information we hold about you

• Right to Correction: Request that we correct inaccurate or incomplete personal information

• Right to Deletion: Request that we delete your personal information, subject to legal retention requirements

• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances

• Right to Data Portability: Request your data in a structured, machine-readable format where technically feasible

• Right to Object: Object to processing based on legitimate interests

• Right to Withdraw Consent: Withdraw consent for marketing or optional data uses at any time

• Right to Opt Out of Internal Model Training: Opt out of your de-identified data being used to refine internal AI models (see Section 8.3)

 

To exercise any of these rights, contact us via the website contact form or at admin@borderlink.ai. We will respond within 30 days and may ask you to verify your identity before processing your request.

 

If you are dissatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. EU and UK residents may also complain to their relevant supervisory authority.

 

11.  ACCOUNT & SUB-USER MANAGEMENT

11.1   Account Holders

If you create an account on the Platform:

• You are responsible for maintaining the confidentiality of your login credentials

• You must notify us immediately of any suspected unauthorised access to your account

• You may request account deletion at any time; upon cancellation you will be responsible for exporting your shipment data before it is scheduled for deletion

• Deleting your account will remove access to the Platform subject to retention requirements in Section 9

 

11.2   Administrator Responsibilities for Sub-Users

Administrator users who nominate sub-users:

• Are responsible for informing sub-users of this Privacy Policy before granting access

• Control the level of data access granted to each sub-user

• Are responsible for revoking sub-user access promptly when a sub-user leaves the organisation or no longer requires access

• Acknowledge that sub-users may access shipment data and Commercial Trade Data within the scope of their permissions

Sub-users may contact us directly to exercise their rights under this Policy.

 

12.  COOKIES & TRACKING TECHNOLOGIES

We use the following categories of cookies:

• Strictly Necessary Cookies: Required for the Platform to function (e.g., session authentication, security tokens). Cannot be disabled without impairing core functionality.

• Functional Cookies: Enable personalisation features and remember your preferences.

• Analytics Cookies: Help us understand how users interact with the Platform. Used in aggregate and de-identified form.

• Marketing / Retargeting Cookies: Used to serve relevant advertisements. Only placed with your consent.

 

You can manage your cookie preferences at any time via our cookie preference centre [link if applicable] or your browser settings.

 

13.  AUTOMATED PROCESSING & FRAUD DETECTION

We use automated tools to detect and prevent fraudulent transactions, limit excessive download attempts, and flag suspicious account activity or security anomalies. These fraud-detection processes may result in temporary restriction or suspension of account access. If you believe your account has been incorrectly restricted, you may contact us to request human review of the decision.

AI-generated compliance and classification outputs do not constitute automated decisions with legal effect (see Section 8.5).

 

14.  CHILDREN'S PRIVACY

The Platform and Site are not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe that a person under 18 has provided personal information to us, please contact us and we will delete that information promptly.

 

15.  THIRD-PARTY LINKS & SERVICES

The Site and Platform may contain links to third-party websites, tools, or services that are not operated or controlled by BorderLink AI. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the relevant third party's privacy policy before providing your personal information to them.

 

16.  CURRENCY MANAGEMENT FEATURE

The currency exposure management feature displays exchange rate data and your calculated currency exposures for informational purposes only. This feature does not involve collection of financial account credentials or banking information, does not connect to any external bank or financial institution account, and does not transmit your currency exposure data to any third party for financial advice, hedging, or trading purposes.

 

17.  NOTIFIABLE DATA BREACHES

BorderLink AI is subject to the Notifiable Data Breaches (NDB) scheme under the Australian Privacy Act 1988 (Cth). In the event of an eligible data breach likely to result in serious harm, we will notify the OAIC as soon as practicable, notify affected individuals directly (or via public notice if direct notification is not practicable), and take immediate steps to contain the breach and mitigate harm.

Given the sensitive nature of Commercial Trade Data, we treat any suspected breach of trade document data as high priority and will act with urgency in assessment and notification.

 

18.  CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy with a revised "Last Updated" date, provide notice via email to your registered address, and where required by law, seek your renewed consent. Continued use of the Site or Platform following notice of changes constitutes acceptance of the updated Policy.

 

19.  CONTACT US

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or wish to make a complaint, please contact us:

• Via the contact form on www.borderlink.ai

• By email to: admin@borderlink.ai

 

We aim to respond to all privacy enquiries within 30 days.