Salim Zakkour trading as OpsBots (ABN 22 838 356 145) ("OpsBots", "we", "us", "our") is committed to protecting the privacy of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
OpsBots is a sole trader business registered in Australia. References to "OpsBots" throughout this policy refer to the business operated by Salim Zakkour under ABN 22 838 356 145.
This Privacy Policy describes how we collect, hold, use, disclose, and otherwise manage personal information in connection with our AI-powered Managed Service Provider (MSP) support services.
This policy applies to:
This policy is freely available on our website and upon request. We review and update this policy at least annually or when our data practices materially change. Any updates will be published and communicated to affected parties.
Contact for privacy enquiries: hello@opsbots.com.au
Individuals have the option of not identifying themselves, or of using a pseudonym, when dealing with OpsBots — where it is lawful and practicable to do so.
Anonymity or pseudonymity may not be practicable in the following circumstances:
Where anonymity is not practicable, we will explain why identification is necessary.
We collect only personal information that is reasonably necessary for the provision of our MSP AI support services. The categories of personal information we may collect include:
When our AI-powered systems process IT support tickets on behalf of MSP clients, the following categories of personal information may be present in ticket data:
Important: OpsBots does not independently collect end-user personal information. End-user data enters our systems only through the MSP client's Professional Services Automation (PSA) integration. The MSP client remains the primary data controller for their end-user data.
If OpsBots receives personal information that was not solicited (e.g., personal details included in support tickets that are not relevant to the service request), we will:
This assessment will be completed within 10 business days of receiving the unsolicited information.
At or before the time of collection, we notify individuals (or, for end-user data, the MSP client for onward notification) about:
MSP clients are contractually required (via the Data Processing Agreement) to provide appropriate collection notices to their end-users before activating OpsBots services.
We collect and use personal information for the following primary purposes:
| Purpose | Description |
|---|---|
| Service delivery | Processing IT support tickets via AI-powered systems, including ticket classification, response generation, and escalation |
| Service management | Account administration, integration configuration, performance monitoring |
| Communication | Service notifications, support communications, incident alerts |
| Billing | Invoicing, payment processing, financial record-keeping |
| Service improvement | Analysing aggregate, de-identified service performance metrics |
| Compliance | Meeting legal and regulatory obligations, responding to lawful requests |
We will not use personal information for a secondary purpose unless:
We do not sell, rent, or trade personal information. We do not share personal information between MSP clients.
| Recipient | Purpose | Safeguards |
|---|---|---|
| MSP client | Returning processed ticket data, reports, and AI-generated responses | Governed by service agreement and DPA |
| AI infrastructure provider (Anthropic) | Processing ticket content through AI models | See Section 8 (Cross-border disclosure) |
| Hosting infrastructure (self-hosted) | Primary data storage and processing | See Section 8.1 (Data residency) |
| Payment processors | Processing subscription payments | PCI-DSS compliant processors only |
| Professional advisors | Legal, accounting, or audit services | Bound by professional confidentiality |
| Law enforcement / regulators | As required by law, court order, or regulatory request | Only as legally compelled |
OpsBots does not use personal information for direct marketing without consent.
OpsBots's primary infrastructure is self-hosted on dedicated hardware located in New South Wales, Australia. This is privately owned and operated infrastructure — not a third-party cloud or IaaS provider. All persistent data storage — including task queues, documentation, and operational data — resides on this self-hosted Australian infrastructure.
Infrastructure details:
Because the infrastructure is self-hosted and operated directly by OpsBots, there is no sub-processor relationship for data storage. OpsBots maintains full physical and logical control over all stored data.
Our services use the Anthropic Claude API for AI-powered ticket classification and natural language processing. When tickets are processed via the Claude API, ticket content is transmitted to Anthropic's infrastructure in the United States. In this scenario:
| Recipient | Country | Purpose | Data Retained? |
|---|---|---|---|
| Anthropic (Claude API) | United States | AI-powered ticket classification and natural language processing | No — transient processing only |
MSP clients with strict data sovereignty requirements (e.g., government, financial services under APRA CPS 234) will be flagged for review before service activation. We will work with such clients to configure services that meet their residency requirements, which may include limiting or excluding AI API processing for their data.
OpsBots does not adopt government-related identifiers (such as Tax File Numbers, Medicare numbers, ABN/ACN, driver's licence numbers, or passport numbers) as its own identifiers for individuals.
We will not collect, use, or disclose government-related identifiers unless:
Where government identifiers are inadvertently received (e.g., included in support ticket content), they will be handled under our APP 4 unsolicited information procedures and destroyed or de-identified as soon as practicable.
OpsBots takes reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant.
We maintain data quality through:
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
Individuals have the right to request access to personal information that OpsBots holds about them.
If an individual believes that personal information held by OpsBots is inaccurate, out-of-date, incomplete, irrelevant, or misleading, they may request correction:
In addition to the access and correction rights described above, you have the following rights under the Privacy Act 1988 and the Privacy and Other Legislation Amendment Act 2024:
You may request that we delete your personal information. We will comply unless we are required by law to retain the information, or the information is necessary for an ongoing service agreement. Erasure requests will be actioned within 30 days.
Upon erasure, we will:
You may object to the processing of your personal information for a particular purpose. Where you object, we will cease processing for that purpose unless we have a lawful basis to continue (e.g., legal obligation or legitimate interest that overrides your objection).
To object, contact hello@opsbots.com.au with the subject line "Privacy Objection". We will acknowledge your objection within 5 business days and provide a substantive response within 30 days, including our decision and reasoning.
You may request a copy of your personal information in a structured, commonly used, machine-readable format. We will provide portable data within 30 days of your request.
Available export formats:
Portable data will include all personal information we hold about you in a format that allows you to transfer it to another service provider.
To exercise any of these rights, contact us at hello@opsbots.com.au with the subject line "Privacy Rights Request". We will:
OpsBots uses artificial intelligence (AI) — specifically Anthropic's Claude, a large language model — as a core component of our service delivery. In accordance with the Privacy Act 1988, the Privacy and Other Legislation Amendment Act 2024, and Australia's National AI Plan (December 2025), we are committed to full transparency about how AI is used in our operations.
| AI Function | Description | Human Oversight |
|---|---|---|
| Ticket classification | AI categorises and prioritises IT support tickets submitted by MSP clients | Results reviewed by MSP support staff |
| Response generation | AI generates suggested responses for support staff review | All responses subject to human approval before sending to end-users |
| Pattern detection | AI identifies trends and recurring issues across ticket data | Reports reviewed by operations team |
| Escalation recommendations | AI flags tickets requiring urgent human attention | Human decision on all escalations |
| Internal operations | AI assists with internal task management, documentation, and operational workflows | Supervised by OpsBots operations team |
In compliance with the automated decision-making disclosure requirements effective 10 December 2026 (Privacy and Other Legislation Amendment Act 2024), OpsBots discloses the following:
| Consent Type | When Used | Mechanism |
|---|---|---|
| Contractual consent | MSP client onboarding | Execution of the Service Agreement and Data Processing Agreement (DPA), which includes explicit consent to AI-powered ticket processing |
| Informed consent | Before AI processing of end-user data | MSP clients are contractually required to inform their end-users that AI-powered systems (including Anthropic's Claude) will process support ticket data, and to obtain any necessary consents |
| Collection notice consent | At point of data collection | Collection notices presented during onboarding, within platform interfaces, and via API documentation clearly state what data is collected and how it is used |
| Marketing consent | Before any marketing communications | Opt-in consent obtained separately; not bundled with service consent |
By using OpsBots's services (directly or through your MSP provider), you consent to the following:
You have the right to withdraw consent at any time. To withdraw consent:
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Where support tickets contain sensitive information (as defined under the Privacy Act 1988 — including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal records), OpsBots processes this data only with the individual's consent or where required by law. MSP clients operating in sensitive sectors (e.g., healthcare, legal, financial) must ensure appropriate consents are in place before activating OpsBots services.
OpsBots does not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected personal information from a child without verified parental consent, we will take steps to delete that information promptly.
Under Part IIIC of the Privacy Act 1988, OpsBots is subject to the Notifiable Data Breaches (NDB) scheme. A data breach is notifiable when there is unauthorised access to, disclosure of, or loss of personal information that is likely to result in serious harm.
Report a suspected breach: hello@opsbots.com.au
OpsBots acknowledges the statutory tort for serious invasions of privacy introduced by the Privacy and Other Legislation Amendment Act 2024. This provision creates a legal cause of action for individuals who suffer a serious invasion of their privacy.
OpsBots is committed to handling all personal information in a manner that respects individual privacy and minimises the risk of any privacy invasion. Our data handling practices, security measures, and consent mechanisms described in this policy are designed to ensure that personal information is treated lawfully and responsibly.
If you believe your privacy has been seriously invaded in connection with OpsBots's services, you may:
If you believe we have breached the Australian Privacy Principles or handled your personal information inappropriately, you may lodge a complaint:
Salim Zakkour trading as OpsBots
ABN: 22 838 356 145
| Contact Type | Details |
|---|---|
| Privacy enquiries | hello@opsbots.com.au |
| Complaints | hello@opsbots.com.au (subject: "Privacy Complaint") |
| Access/correction requests | hello@opsbots.com.au |
| AI processing enquiries | hello@opsbots.com.au |
| Data breach reporting | hello@opsbots.com.au |
| ADM explanation requests | hello@opsbots.com.au (subject: "ADM Explanation Request") |
| Rights requests (erasure, objection, portability) | hello@opsbots.com.au (subject: "Privacy Rights Request") |
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will:
| APP | Principle | Section |
|---|---|---|
| APP 1 | Open and transparent management | Section 1 |
| APP 2 | Anonymity and pseudonymity | Section 2 |
| APP 3 | Collection of solicited personal information | Section 3 |
| APP 4 | Dealing with unsolicited personal information | Section 4 |
| APP 5 | Notification of collection | Section 5 |
| APP 6 | Use or disclosure of personal information | Section 6 |
| APP 7 | Direct marketing | Section 7 |
| APP 8 | Cross-border disclosure | Section 8 |
| APP 9 | Government-related identifiers | Section 9 |
| APP 10 | Quality of personal information | Section 10 |
| APP 11 | Security of personal information | Section 11 |
| APP 12 | Access to personal information | Section 12 |
| APP 13 | Correction of personal information | Section 13 |
| — | Individual Rights (erasure, objection, portability) | Section 14 |
| — | AI Disclosure and Automated Decision-Making | Section 15 |
| — | Consent Mechanisms | Section 16 |
| — | Notifiable Data Breaches | Section 17 |
| — | Statutory Tort Acknowledgment | Section 18 |
This Privacy Policy has been prepared in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Privacy and Other Legislation Amendment Act 2024. It should be reviewed by a qualified Australian privacy lawyer before external publication.