System Operating values and respects the privacy of the people we deal with. System Operating is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws and regulations.

This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.

1) About System Operating

System Operating Pty Ltd (“System Operating,” “we,” “our,” “us”) is a private company based in Australia.

We build Proxy and Helix – AI-enhanced productivity tools delivered via

  • proxy.system-operating.ai
  • system-operating.ai

Effective date: 2025-12-05 | Last updated: 2025-12-05 (v 1.0)

2) Eligibility (Age Requirements)

Proxy and Helix are designed for users aged 18 and older.

We do not knowingly collect personal data from anyone under 18. If you believe a child has provided data, please email privacy@system-operating.ai so we can delete it.

3) Data We Collect

Category

Account details

Usage Data

Content & Inputs

Device Data

Payment Info

Communications

 

Examples

Name, email, hashed password, profile photo

Pages visited, feature clicks, session duration

Prompts, files, comments you upload

Browser, OS, IP address, coarse location

Card tokens (via Stripe), billing address

Support requests, feedback, surveys

Sensitive Information

We generally do not collect sensitive information (e.g., health, race, political beliefs). Should we ever need it, we will request your explicit, opt-in consent first.

4) How & Why We Collect

Source

How we get it

Legal basis* & purpose

You provide

Sign-up, workspace setup, in-product actions

Contract – deliver the service

Automatically

Cookies, server logs, analytics pixels

Legitimate interest – security & performance

Payment Partner

Stripe tokenises card data

Contract / legal obligation – billing

*GDPR legal bases. Where consent is required (e.g., marketing cookies, sensitive data), we ask via an active check-box.

5) How we use Data

  • Deliver core features (chat, analytics, workspace management)
  • Personalise your experience (remember settings, suggest content)
  • Process payments and send invoices
  • Monitor uptime, prevent fraud, enforce terms
  • Improve products through aggregated analytics & privacy-by-design R&D (we run periodic Data Protection Impact Assessments)
  • Comply with law and defend our rights

We do not sell, rent, or lease your personal data, and we do not use customer data to train public AI models.

6) Sharing & International Transfers

Recipient

Purpose

Safeguard

Amazon Web Services

Hosting & storage

TLS/AES encryption · SOC 2 & ISO 27001

Stripe

Payment processing

PCI-DSS compliance

Analytics provider

Site metrics

Pseudonymised IP · EU Standard Contractual Clauses

Authorised advisors

Legal, accounting, security audits

NDA · role-based access

Cross-border transfersData may be processed in Australia, USA, EU, Singapore or other AWS regions. We rely on:

  • EU Standard Contractual Clauses + UK Addendum
  • Australian & Canadian equivalent measures
  • Vendor audits to verify regional data handling

Third-party linksOur site may link to external pages we don’t control. Their privacy practices are their own; please review their policies.

7) Data Storage, Security & Retention

  • TLS 1.2+ in transit, AES-256 at rest
  • Role-based access; annual security & privacy training for staff
  • Continuous vulnerability scanning & independent penetration tests
  • Breach response playbook tested at least yearly – we notify users and regulators within required time frames (e.g., 72 hrs under GDPR)
  • Retention: inactive accounts deleted after 24 months; backups purged within 30 days. Certain records (e.g., invoices or legally required logs) may be kept longer where law demands.
  • Liability: We follow recognised best practices, but no security system is 100 % impenetrable; you use the service at your own risk to the extent permitted by law.

8) Your Rights & Choices

Region

Rights

All Users

Access · Correction · Deletion · Export in a structured, commonly used, machine-readable format (JSON/CSV) · Marketing opt-out (Spam Act 2003 (Cth) compliant)

EU/UK

Object · Restrict · Portability · Withdraw consent

California

Know · Delete · Opt-out of “sale” (we don’t sell) · Non-discrimination

Australia

Complain to OAIC if unresolved

You may also lodge a complaint with your local supervisory authority (e.g., an EU member-state DPA or the UK ICO).

Email privacy@system-operating.ai to exercise any right. We respond within 30 days.

9) Cookies & Tracking

Type

Purpose

Control

Strictly necessary

Sign-in, load balancing

Cannot disable without halting service

Functional

Remember preferences

Browser settings

Analytics

Understand feature usage

Browser add-on / in-app toggle

Marketing (opt-in)

Announcements & campaigns

Region-aware banner with explicit check-box consent

We honour Global Privacy Control and “Do Not Track” signals where technically feasible.

10) Changes to This Policy

We’ll post changes here and update the “Last updated” date. Material updates are emailed or shown in-app 14 days before taking effect. Continuing to use the services after that date means you accept the update.

12) Indemnification

Data Protection Officer

System Operating Pty Ltd81-83 Campbell Street, Surry Hills NSW 2010, AustraliaEmail: privacy@system-operating.ai

 

12) Revision History

Version

Date

Summary

1.0

2025-12-05

Initial public release

Website Footer Notice

Privacy matters. We collect only what we need to power Proxy and Helix, keep it encrypted, and never sell your data. Review our Privacy Policy to see how we safeguard your information, your rights, and the choices you control. 

Last updated 2025-12-05.

Privacy Policy

System Operating values and respects the privacy of the people we deal with. System Operating is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws and regulations.

This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.

1) About System Operating

System Operating Pty Ltd (“System Operating,” “we,” “our,” “us”) is a private company based in Australia.

We build Proxy and Helix – AI-enhanced productivity tools delivered via

  • proxy.system-operating.ai
  • system-operating.ai

Effective date: 2025-12-05 | Last updated: 2025-12-05 (v 1.0)

2) Eligibility (Age Requirements)

Proxy and Helix are designed for users aged 18 and older.

We do not knowingly collect personal data from anyone under 18. If you believe a child has provided data, please email privacy@system-operating.ai so we can delete it.

3) Data We Collect

Category

Account details

Usage Data

Content & Inputs

Device Data

Payment Info

Communications

 

Examples

Name, email, hashed password, profile photo

Pages visited, feature clicks, session duration

Prompts, files, comments you upload

Browser, OS, IP address, coarse location

Card tokens (via Stripe), billing address

Support requests, feedback, surveys

Sensitive Information

We generally do not collect sensitive information (e.g., health, race, political beliefs). Should we ever need it, we will request your explicit, opt-in consent first.

4) How & Why We Collect

Source

How we get it

Legal basis* & purpose

You provide

Sign-up, workspace setup, in-product actions

Contract – deliver the service

Automatically

Cookies, server logs, analytics pixels

Legitimate interest – security & performance

Payment Partner

Stripe tokenises card data

Contract / legal obligation – billing

*GDPR legal bases. Where consent is required (e.g., marketing cookies, sensitive data), we ask via an active check-box.

5) How we use Data

  • Deliver core features (chat, analytics, workspace management)
  • Personalise your experience (remember settings, suggest content)
  • Process payments and send invoices
  • Monitor uptime, prevent fraud, enforce terms
  • Improve products through aggregated analytics & privacy-by-design R&D (we run periodic Data Protection Impact Assessments)
  • Comply with law and defend our rights

We do not sell, rent, or lease your personal data, and we do not use customer data to train public AI models.

6) Sharing & International Transfers

Recipient

Purpose

Safeguard

Amazon Web Services

Hosting & storage

TLS/AES encryption · SOC 2 & ISO 27001

Stripe

Payment processing

PCI-DSS compliance

Analytics provider

Site metrics

Pseudonymised IP · EU Standard Contractual Clauses

Authorised advisors

Legal, accounting, security audits

NDA · role-based access

Cross-border transfersData may be processed in Australia, USA, EU, Singapore or other AWS regions. We rely on:

  • EU Standard Contractual Clauses + UK Addendum
  • Australian & Canadian equivalent measures
  • Vendor audits to verify regional data handling

Third-party linksOur site may link to external pages we don’t control. Their privacy practices are their own; please review their policies.

7) Data Storage, Security & Retention

  • TLS 1.2+ in transit, AES-256 at rest
  • Role-based access; annual security & privacy training for staff
  • Continuous vulnerability scanning & independent penetration tests
  • Breach response playbook tested at least yearly – we notify users and regulators within required time frames (e.g., 72 hrs under GDPR)
  • Retention: inactive accounts deleted after 24 months; backups purged within 30 days. Certain records (e.g., invoices or legally required logs) may be kept longer where law demands.
  • Liability: We follow recognised best practices, but no security system is 100 % impenetrable; you use the service at your own risk to the extent permitted by law.

8) Your Rights & Choices

Region

Rights

All Users

Access · Correction · Deletion · Export in a structured, commonly used, machine-readable format (JSON/CSV) · Marketing opt-out (Spam Act 2003 (Cth) compliant)

EU/UK

Object · Restrict · Portability · Withdraw consent

California

Know · Delete · Opt-out of “sale” (we don’t sell) · Non-discrimination

Australia

Complain to OAIC if unresolved

You may also lodge a complaint with your local supervisory authority (e.g., an EU member-state DPA or the UK ICO).

Email privacy@system-operating.ai to exercise any right. We respond within 30 days.

9) Cookies & Tracking

Type

Purpose

Control

Strictly necessary

Sign-in, load balancing

Cannot disable without halting service

Functional

Remember preferences

Browser settings

Analytics

Understand feature usage

Browser add-on / in-app toggle

Marketing (opt-in)

Announcements & campaigns

Region-aware banner with explicit check-box consent

We honour Global Privacy Control and “Do Not Track” signals where technically feasible.

10) Changes to This Policy

We’ll post changes here and update the “Last updated” date. Material updates are emailed or shown in-app 14 days before taking effect. Continuing to use the services after that date means you accept the update.

12) Indemnification

Data Protection Officer

System Operating Pty Ltd81-83 Campbell Street, Surry Hills NSW 2010, AustraliaEmail: privacy@system-operating.ai

 

12) Revision History

Version

Date

Summary

1.0

2025-12-05

Initial public release

Website Footer Notice

Privacy matters. We collect only what we need to power Proxy and Helix, keep it encrypted, and never sell your data. Review our Privacy Policy to see how we safeguard your information, your rights, and the choices you control. 

Last updated 2025-12-05.

Privacy Policy

Privacy Policy

System Operating values and respects the privacy of the people we deal with. System Operating is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws and regulations.

This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.

1) About System Operating

System Operating Pty Ltd (“System Operating,” “we,” “our,” “us”) is a private company based in Australia.

We build Proxy and Helix – AI-enhanced productivity tools delivered via

  • proxy.system-operating.ai
  • system-operating.ai

Effective date: 2025-12-05 | Last updated: 2025-12-05 (v 1.0)

2) Eligibility (Age Requirements)

Proxy and Helix are designed for users aged 18 and older.

We do not knowingly collect personal data from anyone under 18. If you believe a child has provided data, please email privacy@system-operating.ai so we can delete it.

3) Data We Collect

Category

Account details

Usage Data

Content & Inputs

Device Data

Payment Info

Communications

 

Examples

Name, email, hashed password, profile photo

Pages visited, feature clicks, session duration

Prompts, files, comments you upload

Browser, OS, IP address, coarse location

Card tokens (via Stripe), billing address

Support requests, feedback, surveys

Sensitive Information

We generally do not collect sensitive information (e.g., health, race, political beliefs). Should we ever need it, we will request your explicit, opt-in consent first.

4) How & Why We Collect

Source

How we get it

Legal basis* & purpose

You provide

Sign-up, workspace setup, in-product actions

Contract – deliver the service

Automatically

Cookies, server logs, analytics pixels

Legitimate interest – security & performance

Payment Partner

Stripe tokenises card data

Contract / legal obligation – billing

*GDPR legal bases. Where consent is required (e.g., marketing cookies, sensitive data), we ask via an active check-box.

5) How we use Data

  • Deliver core features (chat, analytics, workspace management)
  • Personalise your experience (remember settings, suggest content)
  • Process payments and send invoices
  • Monitor uptime, prevent fraud, enforce terms
  • Improve products through aggregated analytics & privacy-by-design R&D (we run periodic Data Protection Impact Assessments)
  • Comply with law and defend our rights

We do not sell, rent, or lease your personal data, and we do not use customer data to train public AI models.

6) Sharing & International Transfers

Recipient

Purpose

Safeguard

Amazon Web Services

Hosting & storage

TLS/AES encryption · SOC 2 & ISO 27001

Stripe

Payment processing

PCI-DSS compliance

Analytics provider

Site metrics

Pseudonymised IP · EU Standard Contractual Clauses

Authorised advisors

Legal, accounting, security audits

NDA · role-based access

Cross-border transfersData may be processed in Australia, USA, EU, Singapore or other AWS regions. We rely on:

  • EU Standard Contractual Clauses + UK Addendum
  • Australian & Canadian equivalent measures
  • Vendor audits to verify regional data handling

Third-party linksOur site may link to external pages we don’t control. Their privacy practices are their own; please review their policies.

7) Data Storage, Security & Retention

  • TLS 1.2+ in transit, AES-256 at rest
  • Role-based access; annual security & privacy training for staff
  • Continuous vulnerability scanning & independent penetration tests
  • Breach response playbook tested at least yearly – we notify users and regulators within required time frames (e.g., 72 hrs under GDPR)
  • Retention: inactive accounts deleted after 24 months; backups purged within 30 days. Certain records (e.g., invoices or legally required logs) may be kept longer where law demands.
  • Liability: We follow recognised best practices, but no security system is 100 % impenetrable; you use the service at your own risk to the extent permitted by law.

8) Your Rights & Choices

Region

Rights

All Users

Access · Correction · Deletion · Export in a structured, commonly used, machine-readable format (JSON/CSV) · Marketing opt-out (Spam Act 2003 (Cth) compliant)

EU/UK

Object · Restrict · Portability · Withdraw consent

California

Know · Delete · Opt-out of “sale” (we don’t sell) · Non-discrimination

Australia

Complain to OAIC if unresolved

You may also lodge a complaint with your local supervisory authority (e.g., an EU member-state DPA or the UK ICO).

Email privacy@system-operating.ai to exercise any right. We respond within 30 days.

9) Cookies & Tracking

Type

Purpose

Control

Strictly necessary

Sign-in, load balancing

Cannot disable without halting service

Functional

Remember preferences

Browser settings

Analytics

Understand feature usage

Browser add-on / in-app toggle

Marketing (opt-in)

Announcements & campaigns

Region-aware banner with explicit check-box consent

We honour Global Privacy Control and “Do Not Track” signals where technically feasible.

10) Changes to This Policy

We’ll post changes here and update the “Last updated” date. Material updates are emailed or shown in-app 14 days before taking effect. Continuing to use the services after that date means you accept the update.

11) Contact Us

Data Protection Officer

System Operating Pty Ltd81-83 Campbell Street, Surry Hills NSW 2010, AustraliaEmail: privacy@system-operating.ai

 

12) Revision History

Version

Date

Summary

1.0

2025-12-05

Initial public release

Website Footer Notice

Privacy matters. We collect only what we need to power Proxy and Helix, keep it encrypted, and never sell your data. Review our Privacy Policy to see how we safeguard your information, your rights, and the choices you control. 

Last updated 2025-12-05.