Privacy PolicyPrivacy Policy

1. Introduction

Norg Pty Ltd (ABN 44 669 712 494) (Norg, we, us, our) is committed to protecting the privacy and security of your personal information. We are Australia’s AI visibility and structured commerce platform, helping brands control how artificial intelligence systems discover, interpret, cite, and recommend their products and services.

This Privacy Policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and the Privacy and Other Legislation Amendment Act 2024 (Cth).

This policy applies to all personal information collected through our website (norg.ai), our platform, and any related services we provide.

2. What Personal Information We Collect

We may collect the following types of personal information depending on your interaction with us:

3. How We Collect Personal Information

We collect personal information through the following means:

• •Directly from you when you register for an account, submit an enquiry, enter into a contract, or communicate with us
• •Automatically when you access our website or platform through cookies, tracking pixels, and similar technologies
• •From third parties where you have authorised them to share information with us, or where the information is publicly available

4. Why We Collect, Use, and Disclose Personal Information

We collect, hold, use, and disclose your personal information for the following purposes:

• •Providing our services: To deliver our AI visibility, structured commerce, and Generative Engine Optimisation (GEO) platform, including AI gap analysis, content publishing, crawler analytics, and brand profile management
• •Account management: To create, manage, and maintain your account and provide customer support
• •Billing and payments: To process payments, issue invoices, and manage subscriptions
• •Communications: To respond to your enquiries, send service-related notifications, and provide updates about our platform
• •Marketing: To send promotional materials and information about our services where you have consented or where otherwise permitted by law (you may opt out at any time)
• •Analytics and improvement: To analyse website usage, improve our platform, and develop new features
• •AI crawler intelligence: To track, classify, and report on AI system crawling activity across client content for the purpose of measuring AI visibility and citation performance
• •Legal and regulatory compliance: To comply with applicable laws, regulations, and legal processes
• •Security: To detect, prevent, and respond to fraud, security threats, and technical issues

5. Automated Decision-Making

Our platform uses automated processes in the delivery of our services. These include:

• •AI gap analysis: Automated identification of content gaps between your existing digital presence and what AI systems require for citation and recommendation
• •Content generation assistance: AI-assisted enrichment of product data, including specifications, compatibility information, and structured descriptions
• •Crawler classification: Automated categorisation of AI crawler visits by purpose (training, search, or user action)
• •Opportunity scoring: Automated scoring of content gaps based on potential impact on AI visibility

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and collect analytical data. These include:

• •Essential cookies: Required for the website and platform to function (session management, authentication, security)
• •Analytics cookies: Help us understand how visitors interact with our website (page views, traffic sources, user journeys)
• •Functional cookies: Remember your preferences and settings to improve your experience

7. Disclosure of Personal Information

We may disclose your personal information to the following categories of recipients:

• •Service providers: Third-party providers who assist us in delivering our platform and services, including cloud hosting providers, payment processors, email service providers, and analytics tools
• •Professional advisers: Lawyers, accountants, and auditors where necessary
• •Business partners: Where you have authorised or requested an integration
• •Regulatory authorities: Where required by law, regulation, or legal process

8. Overseas Disclosure of Personal Information

We may disclose personal information to overseas recipients in the course of providing our services. This includes:

• •Cloud infrastructure and hosting providers based in the United States, the European Union, and the Asia-Pacific region
• •Third-party SaaS tools and analytics services that process data in overseas jurisdictions

9. Data Security

We take reasonable technical and organisational measures to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These measures include:

• •Encryption of data in transit and at rest
• •Access controls and authentication mechanisms
• •Regular security assessments and monitoring
• •Employee training on data handling and privacy obligations
• •Incident response procedures for potential data breaches

10. Data Breach Notification

In the event of an eligible data breach (as defined under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act), we will:

• •Take reasonable steps to contain the breach and assess whether it is likely to result in serious harm to affected individuals
• •Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required
• •Provide information about the breach and steps individuals can take to mitigate potential harm

11. Your Rights

Under the Australian Privacy Principles, you have the following rights in relation to your personal information:

12. Children’s Privacy

Our platform and services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete that information promptly.

We are monitoring the development of the Children’s Online Privacy Code by the OAIC and will update our practices as required.

13. Complaints

If you wish to make a complaint about how we have handled your personal information, please contact us using the details in Section 14. We will:

• •Acknowledge your complaint within 5 business days
• •Investigate the matter and provide a response within 30 days
• •Work with you to resolve the complaint in a fair and timely manner

14. Contact Us

If you have any questions about this Privacy Policy, wish to make an access or correction request, or have a complaint, please contact us:

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will publish the updated policy on our website and update the “Last Updated” date at the top of this document. Where changes are material, we will take reasonable steps to notify you (such as via email or a notice on our platform).

We encourage you to review this policy periodically to stay informed about how we protect your information.

16. Applicable Law

This Privacy Policy is governed by the laws of the Commonwealth of Australia, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles. The courts of Victoria, Australia shall have non-exclusive jurisdiction in relation to any dispute arising from this policy.