Privacy Policy

Back to Log In

Effective date: 6 July 2026

This Privacy Policy explains how Control Shift Co Pty Ltd, trading as Engine64 (“Engine64”, “we”, “us”), handles personal information. Engine64 is an Australian company based in Tasmania. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we describe below how the General Data Protection Regulation (GDPR) applies where relevant.

1. Who we are

Engine64 is a platform that lets businesses build an AI chat agent trained on their own content and deploy it as a chat widget on their website or through connected messaging channels. The platform is operated by Control Shift Co Pty Ltd, trading as Engine64, in Tasmania, Australia.

For any privacy question, or to make a request about your personal information, contact us at support@engine64.au.

2. Two roles: customer data and end-user data

Engine64 handles personal information in two distinct capacities:

  • As a controller of customer data. When a business signs up and uses Engine64, we are the controller of the personal information in that account (for example, the account holder’s name and email, and organisation and member records). This policy governs how we use that information.
  • As a processor of end-user data. When a visitor chats with a customer’s widget or messages the customer through a connected channel, we process that end user’s personal information on behalf of, and under the instructions of, the customer. The customer is the controller of that data and is responsible for their own privacy notices and lawful basis for collection.

If you are an end user chatting with a business’s Engine64-powered agent, you should also read the privacy policy of that business, as they determine why your information is collected and how it is used.

3. Information we collect

Customer information

  • Account details: name and email address used to create and sign in to the account.
  • Organisation and membership records, and roles within an account.
  • Content you provide for your agent to use, such as pages we crawl from your website and documents you upload.
  • Configuration and usage records, including platform audit logs and operational telemetry generated as you use the service.

End-user information (collected via a customer’s widget or channels)

When an end user interacts with a customer’s agent, we process the following on the customer’s behalf:

  • The content of chat messages exchanged with the agent.
  • Identifiers stored in the visitor’s browser using localStorage — a random visitor identifier, a conversation identifier, visit state, and a cached copy of recent messages (namespaced per site). The chat widget does not use cookies.
  • The URL and title of the page where the chat takes place.
  • IP address and user-agent string.
  • Device type, browser, and operating system (derived from the user agent).
  • Approximate location (country, region, and city) inferred from the IP address.
  • The referring URL, where available.
  • If the end user submits the lead form: their name, email address, and optionally a phone number and message.
  • If the end user messages through a connected channel such as WhatsApp: their phone number, profile name, and message content.

4. How we use information

  • To provide, operate, and maintain the Engine64 platform for our customers.
  • To generate AI answers to end-user questions using the customer’s own ingested content (see section 5).
  • To analyse conversations on the customer’s behalf — for example inferring intent and sentiment and producing summaries — so the customer can understand and improve their agent.
  • To capture and pass leads and enquiries to the relevant customer.
  • To monitor reliability, diagnose errors, and keep the service secure.

We do not use personal information for advertising, and we do not sell personal information.

5. AI processing

Engine64 answers questions using large language models. When an end user sends a message, we retrieve relevant passages from the customer’s own ingested content and send the message together with those passages to our AI providers to generate a reply. Message content and retrieved content may also be processed to re-rank search results and to analyse the conversation.

This is a form of automated processing. AI-generated answers can be inaccurate or incomplete and should not be relied on as professional advice. Our AI providers act as our sub-processors and are contractually restricted to processing the data only to provide their services to us. Under the published data-usage policies that govern the API services we use, this data is not used to train the providers’ general models. The providers involved are listed on our Sub-processors page.

6. Storage, security & cross-border disclosure

We host the service with reputable infrastructure and AI providers. Some of these providers store and process data outside Australia, including in the United States and other locations. In accordance with Australian Privacy Principle 8, we disclose that personal information may be handled by overseas recipients as part of delivering the service. The current providers and their general locations are listed on our Sub-processors page.

We protect personal information with encryption in transit, access controls, and logical separation of each customer’s data (tenant isolation). We require our sub-processors to maintain protections consistent with those we apply ourselves.

7. Retention & deletion

  • We retain account and service data for as long as the account is active, and as needed to provide the service.
  • Platform audit logs are pruned automatically on a scheduled retention job after a configured retention period.
  • Conversations automatically close after a period of visitor inactivity (around 30 minutes). Closing changes the conversation’s status; it does not delete the conversation.
  • Customers can delete or archive conversations within the application. Deleting an agent or an organisation cascades to delete the data associated with it.
  • To request access to, correction of, deletion of, or a copy of personal information, contact support@engine64.au and we will handle the request. These requests are handled by our team; there is no self-serve export tool at this stage.

8. Your rights

Under the Australian Privacy Principles, you may request access to and correction of the personal information we hold about you. If you are in a region covered by the GDPR, you may also have rights to erasure, restriction, portability, and objection. Where we process end-user data on a customer’s behalf, we will refer or forward your request to that customer, who is the controller.

To exercise any of these rights, or if you have a complaint about how we handle personal information, contact us at support@engine64.au. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC).

9. Sub-processors

We use a small number of third-party providers to run the service. The current list, what each is used for, and the data involved, is published and kept up to date on our Sub-processors page.

10. Changes & contact

We may update this policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify customers. Continued use of the service after an update constitutes acceptance of the revised policy.

Questions about this policy can be sent to support@engine64.au.