Privacy Policy

AutopilotMax is an Agentic AI Agency based in New Zealand. We design, deploy, and manage autonomous AI agent systems for businesses across various industries including real estate, e-commerce, healthcare, beauty, and retail. Our registered contact for privacy matters is:

We collect information in several ways depending on how you interact with us:

2.1 Information You Provide Directly

• Name, email address, phone number, and business name submitted via our contact or audit request forms
• Business type, industry, and description of your challenges
• Billing and payment information processed through our secure payment provider
• Communications you send us via email, chat, or social media

2.2 Data We Process on Your Behalf (Client Data)

• Lead and prospect information from your CRM, email lists, or digital campaigns
• Customer interaction data fed into AI agents (call transcripts, chat logs, form submissions)
• Business workflow data used to train and operate your AI agents
• Website analytics and visitor behaviour data from your properties

2.3 Automatically Collected Data

• IP address, browser type, device type, and operating system
• Pages visited on autopilotmax.com, session duration, and navigation patterns
• Referral source and UTM parameters
• Cookie identifiers (see our Cookie Policy for details)

We use collected information for the following purposes:

• Delivering our AI agent deployment and management services to you
• Communicating about your account, service updates, and support requests
• Training and operating AI agents according to your agreed service scope
• Processing payments and managing billing
• Improving our products, services, and internal AI models in aggregated, anonymised form
• Sending relevant marketing communications where you have consented
• Complying with legal obligations under New Zealand law and other applicable regulations
• Fraud prevention and ensuring platform security

We do not sell your personal information to third parties. We do not use your data to train publicly available AI models without your explicit consent.

Our core service involves deploying autonomous AI agents that interact with your customers, leads, and data streams. You should understand how this affects data processing:

• AI agents may read, analyse, and respond to incoming messages, emails, and form submissions on your behalf
• Agent outputs (messages sent, actions taken) are logged for quality assurance and optimisation
• We use large language model (LLM) APIs from third-party providers (such as OpenAI or Anthropic) to power agent reasoning — data sent to these providers is subject to their respective privacy policies
• We implement data minimisation practices: agents are only given access to the data they need to perform their function
• You remain the data controller for any personal data belonging to your customers; we act as your data processor

Our services regularly integrate with CRM platforms and marketing tools. Data may be shared with or processed through:

• GoHighLevel — CRM, pipeline management, and automated follow-up
• HubSpot — Contact management and marketing automation
• Salesforce — Enterprise CRM and workflow automation
• Zapier / Make — Workflow automation and API bridging
• Twilio / SendGrid — SMS and email delivery
• Google Analytics / Meta Pixel — Website analytics and ad attribution
• Stripe / payment processors — Secure payment handling

These integrations are configured at your direction. You are responsible for ensuring that data shared with third-party platforms complies with your own privacy obligations to your customers.

We take reasonable and appropriate technical and organisational measures to protect your data:

• Data is stored on cloud infrastructure with encryption at rest (AES-256) and in transit (TLS 1.2+)
• Access to client data is role-restricted and logged
• We conduct regular security reviews and follow industry best practices
• API keys and credentials are stored in secure vaults, never in plain text
• In the event of a data breach, we will notify affected parties as required by applicable law

While we take security seriously, no system is entirely immune to risk. We encourage you to use strong passwords and report any suspicious activity to us immediately.

• Client account data is retained for the duration of our engagement plus 2 years unless otherwise requested
• AI agent interaction logs are retained for up to 12 months for quality and audit purposes
• Billing records are retained for 7 years as required by New Zealand tax law
• Website analytics data is retained for up to 26 months
• You may request earlier deletion — see Section 8

Depending on your location, you have the following rights regarding your personal information:

New Zealand (Privacy Act 2020)

• Right to request access to your personal information we hold
• Right to request correction of inaccurate data
• Right to complain to the Office of the Privacy Commissioner

European Union / UK (GDPR / UK GDPR)

• Right of access, rectification, erasure, and data portability
• Right to restrict or object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with your supervisory authority

California (CCPA / CPRA)

• Right to know what personal information is collected and shared
• Right to delete personal information
• Right to opt out of the sale or sharing of personal information
• Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at privacy@autopilotmax.com. We will respond within 30 days.

As an NZ-based business serving global clients, data may be transferred to or processed in countries outside New Zealand or the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses for EU data) and that recipient countries provide adequate protection per New Zealand Privacy Act requirements.

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately for deletion.

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a prominent notice on our website at least 14 days before taking effect. Continued use of our services after the effective date constitutes acceptance of the updated Policy.

For privacy-related questions, requests, or complaints: