Privacy Policy

Bluejay AI Pty Ltd

1. We respect your privacy

(a) Bluejay AI Pty Ltd respects your right to privacy and is committed to safeguarding the privacy of our customers and website visitors. This policy sets out how we collect and treat your personal information.

(b) We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).

(c) "Personal information" is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.

(d) You may contact us in writing at Suite 2003, 109 Pitt St, Sydney, New South Wales, 2000 for further information about this Privacy Policy.

2. What personal information is collected

(a) Bluejay AI Pty Ltd will, from time to time, receive and store personal information you submit to our website, provided to us directly or given to us in other forms.

(b) You may provide basic information such as your name, phone number, address and email address to enable us to send you information, provide updates and process your product or service order.

(c) We may collect additional information at other times, including but not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.

(d) Additionally, we may also collect any other information you provide while interacting with us.

3. How we collect your personal information

(a) Bluejay AI Pty Ltd collects personal information from you in a variety of ways, including when you interact with us electronically or in person, when you access our website and when we engage in business activities with you. We may receive personal information from third parties. If we do, we will protect it as set out in this Privacy Policy.

(b) By providing us with personal information, you consent to the supply of that information subject to the terms of this Privacy Policy.

4. How we use your personal information

(a) Bluejay AI Pty Ltd may use personal information collected from you to provide you with information about our products or services. We may also make you aware of new and additional products, services and opportunities available to you.

(b) Bluejay AI Pty Ltd will use personal information only for the purposes that you consent to. This may include to:

  • (i) provide you with products and services during the usual course of our business activities;
  • (ii) administer our business activities
  • (iii) manage, research and develop our products and services;
  • (iv) provide you with information about our products and services;
  • (v) communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail; and
  • (vi) investigate any complaints.

If you withhold your personal information, it may not be possible for us to provide you with our products and services or for you to fully access our website.

(c) We may disclose your personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.

(d) If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

5. Disclosure of your personal information

(a) Bluejay AI Pty Ltd may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy.

(b) If we do disclose your personal information to a third party, we will protect it in accordance with this privacy policy.

6. General Data Protection Regulation (GDPR) for the European Union (EU)

(a) Bluejay AI Pty Ltd will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

(b) We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

(c) We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

(d) We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

(e) We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

(f) We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

(g) We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

(h) You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

7. Your rights under the GDPR

(a) If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Bluejay AI Pty Ltd complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU

(b) Except as otherwise provided in the GDPR, you have the following rights:

  • (i) to be informed how your personal information is being used;
  • (ii) access your personal information (we will provide you with a free copy of it);
  • (iii) to correct your personal information if it is inaccurate or incomplete;
  • (iv) to delete your personal information (also known as "the right to be forgotten");
  • (v) to restrict processing of your personal information;
  • (vi) to retain and reuse your personal information for your own purposes;
  • (vii) to object to your personal information being used; and
  • (viii) to object against automated decision making and profiling.

(c) Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.

(d) We may ask you to verify your identity before acting on any of your requests.

8. Hosting and International Data Transfers

(a) Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include, but are not limited to the UK and the USA.

(b) We and our other group companies have offices and/or facilities in Australia, the
UK and the USA. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from Bluejay AI Pty Ltd's Data Protection Officer.

(c) The hosting facilities for our website are situated in Australia and the USA. Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from Bluejay AI Pty Ltd, Data Protection Officer.

(d) Our Suppliers and Contractors are situated in Australia, New Zealand, India and the UK. Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from Bluejay AI Pty Ltd's Data Protection Officer.

(e) You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

9. Security of your personal information

(a) Bluejay AI Pty Ltd is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

(b) Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

(c) The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

10. Access to your personal information

(a) You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at

(b) We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.

11. Complaints about privacy

(a) If you have any complaints about our privacy practices, please feel free to send in details of your complaints to We take complaints very seriously and will respond shortly after receiving written notice of your complaint.

12. Changes to Privacy Policy

(a) Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.

13. Website

(a) When you visit our website When you come to our website (, we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.

(b) Cookies
We may from time to time use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. However, this may prevent you from taking full advantage of our website. Our website may from time to time use cookies to analyses website traffic and help us provide a better website visitor experience. In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google AdWords. These ads may appear on this website or other websites you visit.

(c) Third party sites
Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third-party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Bluejay AI Pty Ltd is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.

Bluejaÿ Security Statement

Bluejaÿ: Your Data, Our Priority

At Bluejaÿ, we know trust is earned, not given. That's why transparency is the cornerstone of our security approach. We believe in giving you complete peace of mind by providing clear insights into how we safeguard your data.

Enterprise-grade Security Built for You:

  • Protecting customer data is our top priority. We deploy industry-leading security solutions and rigorous compliance measures to ensure the continuous security, availability, confidentiality, and integrity of your information.
  • Expertise you can trust: Our dedicated Security and Privacy Teams are the brains behind the operation. They craft robust policies, monitor compliance, and demonstrate our commitment to security through independent audits.
  • Risk-based protection: We take a proactive approach to security, constantly identifying and mitigating potential threats through layered controls and processes tailored to your specific needs.

With Bluejaÿ, you can rest assured knowing your data is in safe hands. We're committed to earning your trust every day.

Built on Security: Your Data Always Protected

At Bluejaÿ, security isn't an afterthought, it's woven into the very fabric of our platform. From how we develop software to protecting your critical data, security is an integral part of everything we do.

Unwavering Commitment:

  • Dedicated expertise: Our robust security program is led by a Chief Information Security Officer (CISO) and a team of passionate security professionals. They're your guardians, constantly vigilant and proactively mitigating risks.
  • Embedded practices: From employee onboarding to product development, security isn't just a tickbox; it's infused into every aspect of our business.
  • Uncompromising data protection: We take your data's safety seriously. All data, including yours, is encrypted in transit and at rest across all layers of our applications.

Rigorous Controls:

  • Secure access: We enforce strict administrative controls, utilizing Single Sign-On with Two-Factor Authentication (SSO with 2FA) to ensure only authorized users access your information.
  • Confidentiality assured: Every employee and contractor signs a confidentiality agreement and undergoes mandatory security training to protect your data.
  • Thorough vetting: All personnel with access to your confidential information go through background checks, giving you an extra layer of peace of mind.

Continuous Improvement:

Our security measures are never static. We constantly strive to evolve our controls, enhancing their effectiveness, auditability, and efficiency to provide you with the most robust protection possible

At Bluejaÿ, your data is our top priority. We're committed to earning your trust, every step of the way.

Compliance Built In, Assurance Guaranteed

At Bluejaÿ, compliance isn't just a box to tick, it's a foundation we build upon. We understand the importance of securing your data and meeting the highest industry standards, which is why we're:

  • ISO 27001:2022 Certified: This rigorous certification demonstrates our commitment to maintaining a comprehensive Information Security Management System (ISMS) that protects your data to the highest level.
  • SOC 2 Type II on the Horizon: We're actively working towards achieving SOC 2 Type II certification, providing you with independent assurance of the effectiveness of our security, availability, and confidentiality controls.
  • Empowering Knowledge: Our team undergoes continuous training and education to stay ahead of the curve in security best practices, expanding our knowledge both within and outside Bluejaÿ.

This approach means you can rely on Bluejaÿ for:

  • Reduced Compliance Burden: We take care of the heavy lifting, so you can focus on what you do best.
  • Enhanced Data Protection: Your data is protected by industry-leading security controls and rigorous compliance standards.
  • Total Peace of Mind: You can trust that your information is in safe hands, backed by independent validation and continuous improvement.

Choose Bluejaÿ and experience the power of a partner that takes compliance seriously.


Protecting data is a very serious priority for Bluejaÿ. We are committed to protecting privacy via comprehensive processes, administrative controls, safeguards, and ongoing training for all employees.

Using safeguards such as data encryption at rest, in transit, and in backups, we leverage industry-standard practices to ensure the confidentiality of data while also meeting customer organization’s privacy obligations.

Refer to our privacy policy for more details.

Data Protection

We design our systems to treat all customer data as critical.

Customer data is encrypted at rest and in transit using industry-accepted tools, standards, and best practices.

Customer data is stored in secure facilities, on secure servers, and within secure applications.

We implement fine-grained access controls which limit access to only those with a legitimate business need and granted based on the principle of least privilege. By limiting access to those who need it and regularly monitoring access, we minimise access points and operational risk.

Your Data: Our Fort Knox

At Bluejay AI, we guard your data like it's our crown jewel. That's why every system we design treats customer information with the utmost care.

Rigorous Controls:

  • Fortress-like Security: Your data rests safely encrypted at all times, both in motion and at rest, using industry-approved tools and best practices. Picture it locked away in a secure vault, inaccessible to unauthorized eyes.
  • Secure Foundations: We house your data in impenetrable facilities, on robust servers, and within secured applications. Think of it as an impregnable castle protecting your information.
  • Granular Access Controls: Only authorized personnel with a demonstrable business need are granted access to your data, following the principle of least privilege. We minimize access points and keep a watchful eye on activity, mitigating operational risks.

With Bluejay AI, your data is in safe hands. We treat it with the same respect and vigilance as our own, giving you peace of mind and unwavering confidence.

Continuous Monitoring and Incident Response

Our platform is monitored for operational performance, availability, and security events. The operations team uses a security information and event monitoring (SIEM) platform to help ensure that there are no security ramifications based on any alerts received in relation to authentication, endpoint, web application, and more.

If a suspected incident is identified, an incident response team has an established response plan and accompanying procedures to investigate and ameliorate the situation.

Vulnerability Management and Testing

We understand that the threat landscape is continuously evolving and to evaluate these ever-changing threats we have established methods to identify and remediate risks in our platform, including:

  • Vulnerability scanning
  • Code scanning
  • Third-Party penetration testing
  • Automated testing
Christian Hunt
February 11, 2022
The dog did not eat your homework
"You can blame the dog as much as you like, but ultimately you're the one who gets in trouble, not the dog"

A long time ago, I thought about becoming a teacher. Not, I might add, because I fancied the idea of standing in front of the most critical audience in the world. But because I always thought the teaching went both ways.

There’s as much for us to learn from little people as we can teach them. Like the highly creative and usually entertaining excuses they come up with for not having done their homework. No, Ashley, the dog did not eat your homework. You know that, I know that, and you know that I know that. Do you even have a dog?!

It was (pun intended) a lesson I was reminded of when I became a financial services regulator. Only this time, it wasn’t little Ashley explaining how his or her fictional dog really did have an insatiable appetite for paper and ink.

When — as they inevitably would — things went wrong in the firms I was supervising, it was adult Ashley’s turn to play the same game. Only this time, the excuses had one thing in common; the reason things had gone wrong was entirely unpredictable.

"A third party provider had an outage..."
"An unfortunate series of events led to..."
"initial investigation point towards an unusual..."

Not to mention my favourite, the ones that began with

"a junior employee..."

Our response — straight out of the teaching textbook was always the same. We’d ask for more information. And then we’d ask for more. Until we got to a point where the excuses ran out.

Now, I didn’t blame the adult Ashleys for trying this approach. Financial services firms are complex operations that can be difficult to hard to oversee. Particularly when they’re run on legacy systems, are heavily reliant on manual controls and are engaged in a wide range of highly technical products. But we know what happens when firms aren’t properly controlled. Unlike little Ashley’s failure to do his or her homework, there are big societal consequences.

Which is why my former colleagues are increasingly introducing regimes that are making sure firms are on top of these issues. Measures like accountability regimes that hold management accountable for whatever happens on their watch. The test isn’t whether you knew about something but whether you should have known about it. If something goes wrong in a business you’re being paid to run, then you’re accountable for it.

Then there’s operational resilience; the idea that certain activities performed by firms are so societally important — think running ATMs or payment systems — that regulators are requiring firms to ensure they can keep them running whatever happens.

All of which poses a challenge for Ashleys everywhere. How can they really know what’s happening in their organisation? The traditional answer is more controls, more reporting and above all, hiring more risk, compliance and audit staff. Of course, as a former Risk & Compliance Officer, that’s something I should be encouraging! But it’s not efficient. Having more controls, doesn’t necessarily make the world safer. It can make it more dangerous.

What we need is a smarter solution. It’s why I’m a big proponent of data science and behavioural science. The former can help us to understand what has happened, the latter why.

'you can blame the dog as much as you like, but ultimately you're the one who gets in trouble, not the dog'