Data processing

How ExIQ handles authorised platform, automation and Google API data.

This page explains how ExIQ processes client and user data when delivering software, automation, integrations, AI implementation and advisory services, including where a product or integration connects to Google APIs.

Last updated: 29 April 2026

1. Purpose and scope

This disclosure applies to ExIQ websites, products, integrations, automations, prototypes and client services that process data provided by clients, users, authorised third-party platforms or Google API Services.

It should be read together with our Privacy Policy and any applicable proposal, statement of work, client agreement, confidentiality arrangement or data-processing terms.

2. Roles and responsibilities

Depending on the engagement, ExIQ may act as an independent service provider, a processor acting on a client's instructions, or a controller for our own business operations such as website analytics, enquiries, billing, security and account management.

Where a client provides access to its systems or data, the client is responsible for ensuring it has the authority, notices and permissions required to provide that access. ExIQ is responsible for using the data only for authorised purposes and applying reasonable safeguards.

3. What data may be processed

The data processed depends on the product, integration or engagement. It may include business contact details, account profile information, calendar or scheduling data, documents, files, metadata, messages, workflow records, usage logs, operational data, analytics, form submissions, support requests and technical identifiers.

ExIQ only requests access to data that is reasonably necessary for the requested function, project, support activity, integration or service.

4. Google API Services and Limited Use

Where an ExIQ product, prototype, integration or automation uses Google API Services, access is limited to the scopes and permissions authorised by the user, administrator or client for the specific function being delivered.

ExIQ's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google API data is not used for:

  • selling user data;
  • serving advertising or retargeting unrelated to the requested function;
  • determining creditworthiness, lending, employment or insurance eligibility;
  • training generalised AI or machine-learning models without a separate written agreement and lawful basis;
  • any purpose not disclosed to the user or client.

5. How data is used

ExIQ may process authorised data to:

  • provide the requested product, integration, automation or client service;
  • configure, test, support, secure and troubleshoot systems;
  • prepare reports, recommendations, workflows, prototypes or implementation plans;
  • maintain audit, security, operational and support records;
  • comply with legal, regulatory, accounting or contractual obligations.

6. Storage, security and subprocessors

Data may be processed using reputable cloud, hosting, analytics, automation, communication, AI, security and professional services providers. These providers may process data in Australia or other jurisdictions, depending on the service and configuration.

We use reasonable technical and organisational safeguards, which may include access control, least-privilege permissions, authentication, encryption in transit, secure cloud services, logging, restricted access, staff confidentiality obligations and client-specific controls.

7. Retention, deletion and revocation

ExIQ retains data only for as long as reasonably required for the purpose for which it was collected, to deliver or support the service, to meet legal or accounting obligations, to resolve disputes, or as agreed with a client.

Users or administrators may revoke Google access through their Google account or administrator controls. Clients and users may also request deletion of data held by ExIQ, subject to legal, security, backup, contractual or legitimate business retention requirements.

8. Incident response

If ExIQ becomes aware of unauthorised access, loss or disclosure of data, we will assess the incident, take reasonable containment and remediation steps, and notify affected clients, users or regulators where required by law or agreement.

9. Contact

Data processing, Google API and deletion requests can be sent to ml@exiq.com.au.