Data processing

How ExIQ handles authorised platform, automation and Google API data.

This page explains how ExIQ processes client and user data when delivering software, automation, integrations, AI implementation and advisory services, including where a product or integration connects to Google APIs.
Abstract data-processing visual showing controlled API handoffs and platform data flow.

Last updated: 29 April 2026

1. Purpose and scope

This disclosure applies to ExIQ websites, products, integrations, automations, prototypes and client services that process data provided by clients, users, authorised third-party platforms or Google API Services.

It should be read together with our Privacy Policy and any applicable proposal, statement of work, client agreement, confidentiality arrangement or data-processing terms.

2. Roles and responsibilities

Depending on the engagement, ExIQ may act as an independent service provider, a processor acting on a client's instructions, or a controller for our own business operations such as website analytics, enquiries, billing, security and account management.

Where a client provides access to its systems or data, the client is responsible for ensuring it has the authority, notices and permissions required to provide that access. ExIQ is responsible for using the data only for authorised purposes and applying reasonable safeguards.

3. What data may be processed

The data processed depends on the product, integration or engagement. It may include business contact details, account profile information, calendar or scheduling data, documents, files, metadata, messages, workflow records, usage logs, operational data, analytics, form submissions, support requests and technical identifiers.

ExIQ only requests access to data that is reasonably necessary for the requested function, project, support activity, integration or service.

4. Google API Services and Limited Use

Where an ExIQ product, prototype, integration or automation uses Google API Services, access is limited to the scopes and permissions authorised by the user, administrator or client for the specific function being delivered.

ExIQ's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google API data is not used for:

  • selling user data;
  • serving advertising or retargeting unrelated to the requested function;
  • determining creditworthiness, lending, employment or insurance eligibility;
  • training generalised AI or machine-learning models without a separate written agreement and lawful basis;
  • any purpose not disclosed to the user or client.

5. How data is used

ExIQ may process authorised data to:

  • provide the requested product, integration, automation or client service;
  • configure, test, support, secure and troubleshoot systems;
  • prepare reports, recommendations, workflows, prototypes or implementation plans;
  • maintain audit, security, operational and support records;
  • comply with legal, regulatory, accounting or contractual obligations.

6. AI, automation and integration handling

For AI, automation and systems integration work, ExIQ aims to keep client data tied to the authorised workflow. This means identifying the source systems, approved data fields, human review points, system of record, logging needs, retention period and fallback path before a workflow is moved toward production use.

Where AI-assisted processing is used, ExIQ may use authorised data to prepare summaries, classify records, extract fields, draft workflow tasks, support testing or produce implementation evidence. Unless a separate written agreement says otherwise, this processing is for the requested client purpose and not for training a generalised model.

Practical controls may include limiting data to representative samples, masking unnecessary sensitive fields, using approved test records, keeping source references with generated outputs, recording reviewer corrections and ensuring any customer, staff, financial, operational or regulated decision remains subject to the agreed human review path.

7. Client controls and production readiness

Before connecting an automation, agent, workflow or reporting process to live systems, ExIQ may work with the client to confirm the production control model. This can include the accountable business owner, access permissions, approved data sources, acceptance criteria, monitoring measures, incident process and the person or team responsible for ongoing changes.

This is important because useful AI and automation systems often depend on operational data that was created for another purpose. A project may need to confirm data quality, provenance, duplicate handling, exception paths, and the point where an output becomes part of the official or operational record.

If a client asks ExIQ to review or remove access, narrow permissions, delete a data sample, pause an integration, export project records or explain how a workflow uses authorised data, ExIQ will respond through the agreed support, project or contact pathway subject to legal, security, backup and contractual requirements.

8. Storage, security and subprocessors

Data may be processed using reputable cloud, hosting, analytics, automation, communication, AI, security and professional services providers. These providers may process data in Australia or other jurisdictions, depending on the service and configuration.

We use reasonable technical and organisational safeguards, which may include access control, least-privilege permissions, authentication, encryption in transit, secure cloud services, logging, restricted access, staff confidentiality obligations and client-specific controls.

9. Retention, deletion and revocation

ExIQ retains data only for as long as reasonably required for the purpose for which it was collected, to deliver or support the service, to meet legal or accounting obligations, to resolve disputes, or as agreed with a client.

Users or administrators may revoke Google access through their Google account or administrator controls. Clients and users may also request deletion of data held by ExIQ, subject to legal, security, backup, contractual or legitimate business retention requirements.

10. Incident response

If ExIQ becomes aware of unauthorised access, loss or disclosure of data, we will assess the incident, take reasonable containment and remediation steps, and notify affected clients, users or regulators where required by law or agreement.

11. Contact

Data processing, Google API and deletion requests can be sent to ml@exiq.com.au.