Privacy Policy

Last updated: April 2026

Curble Pty Ltd (“Curble”, “we”, “us”, “our”) is an Australian company committed to protecting the privacy of your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains how we collect, use, store, and disclose your personal information when you use the Curble platform — an AI readiness assessment and AI agent platform — at https://curble.com.

1. Information We Collect

Account Information

  • Name, email address, and profile picture provided via Google OAuth sign-in
  • Company name, industry, and company size

Assessment Data

  • Your responses to AI readiness assessment questions, covering areas such as AI strategy, data practices, governance, budgets, talent, and technology
  • Assessment scores and generated reports

Workspace Data

  • Agent configurations, workflow definitions, and task histories created within your workspace
  • Approval requests, scheduling preferences, and integration connection details (authentication tokens are encrypted at rest)
  • Content processed by your AI agents, including inputs you provide and outputs generated

Payment Information

  • Payment transactions are processed entirely by Stripe. We do not store, process, or have access to your credit card details. We retain only a transaction reference and the amount paid.

Usage Data

  • Pages visited, features used, and assessment completion status
  • Browser type, device information, and IP address
  • Agent execution logs and usage metrics within your workspace

2. How We Use Your Information

We use your personal information to:

  • Provide AI readiness assessments and generate personalised reports based on your responses
  • Operate AI agents within your workspace, including executing tasks, processing approvals, and managing integrations
  • Process payments for paid tiers via Stripe
  • Send transactional emails, including assessment results, payment confirmations, agent notifications, and account updates
  • Improve our platform and assessment methodology using anonymised, aggregated data (your individual responses are never shared publicly)
  • Send you relevant communications about your account, new features, or services where you have provided consent
  • Comply with legal obligations under Australian law

3. Third-Party Services

We use the following third-party services to deliver the platform. We want to be upfront about this:

Google (Authentication & Workspace Integrations)

For authentication: We use Google OAuth to sign in. When you sign in with Google, we receive your name, email address, and profile picture.

For workspace integrations: When you connect Google services in your workspace, we request additional permissions to access Gmail (read and send emails on your behalf), Google Sheets (read and write spreadsheet data), Google Calendar (read and manage events), and Google Drive (read files). These permissions are requested separately from sign-in, only when you explicitly choose to connect each service. You can disconnect any Google service at any time from your workspace connections page. Access tokens are encrypted at rest.

Curble’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Anthropic (Claude AI)

Your assessment responses, company profile, and workspace data are sent to Anthropic’s Claude API for AI-powered analysis, report generation, and agent execution. This is a core part of how the platform works.

Anthropic processes this data under their data usage policy. Importantly, Anthropic does not use data submitted via their API to train their models.

Stripe (Payments)

Payment processing is handled entirely by Stripe. Your card details are submitted directly to Stripe and are never sent to or stored on our servers.

Amazon Web Services (Hosting)

Our application, database, and email infrastructure are hosted on AWS in the Asia Pacific (Sydney) region (ap-southeast-2). This means your data is stored on servers physically located in Australia.

All third-party processors are bound by their respective privacy policies and, where applicable, data processing agreements.

4. Data Storage and Security

Your data is stored in the AWS Asia Pacific (Sydney) region (ap-southeast-2) on servers physically located in Australia. Our security measures include:

  • All data is encrypted in transit using HTTPS/TLS
  • Database encryption at rest
  • Database access is restricted to application servers with no direct public access
  • Passwords are hashed using bcrypt
  • Integration tokens are encrypted at rest
  • Access to systems is controlled via role-based authentication

No method of electronic storage or transmission is 100% secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

5. Cookies

  • Session cookies: We use session cookies for authentication. These cookies identify your login session and expire when you log out or after a period of inactivity. They are essential for the platform to function.
  • No tracking cookies: We do not use Google Analytics, Facebook Pixel, or any third-party tracking cookies.
  • No advertising cookies: We do not serve or facilitate targeted advertising.

6. Data Retention

  • Account data (name, email, company details) is retained for as long as your account remains active.
  • Assessment data (responses, scores, and reports) is retained for 2 years from your last activity on the platform.
  • Workspace data (agent configurations, task histories, execution logs) is retained for as long as your workspace is active, and for 90 days after workspace deletion.
  • Payment records are retained as required by Australian tax law (generally 5 years).
  • You may request deletion of your data at any time (see Your Rights below).

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of any inaccurate, incomplete, or out-of-date information
  • Request deletion of your personal information and workspace data (subject to any legal obligations requiring us to retain it)
  • Export your data in a portable format upon request
  • Withdraw consent for non-essential communications at any time
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs. You can contact the OAIC at www.oaic.gov.au

To exercise any of these rights, email us at hello@curble.com. We will respond within 30 days.

8. Children

Curble is a business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a person under 18, we will delete it promptly.

9. International Users

Curble is operated from Australia and our data is stored in the AWS Asia Pacific (Sydney) region. If you access the platform from outside Australia, your data will be transferred to and processed in Australia. By using the platform, you consent to this transfer. Where your data is processed by third parties (such as Anthropic or Stripe), it may be processed in other jurisdictions in accordance with their respective privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email. The “Last updated” date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

11. Contact

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us: