Legal & Privacy Policy — Dion AI LLC
Right now, AI is recommending businesses to your customers. Is yours one of them? Find out free →
Dion AI LLC — Legal

Legal & Privacy Policy

Effective date: 1 January 2026 Last updated: March 2026
Section 01

Introduction

Dion AI LLC ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, disclose, and protect your information in connection with our AI automation, consulting, and digital services.

We comply with the Australian Privacy Act (Australian Privacy Principles), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), as applicable based on your location and our relationship with you.

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

Section 02

Information We Collect

We collect only the data necessary to provide our services and operate our business. This includes the following categories:

  • Personal identifiers — name, email address, phone number, business name, and job title provided through forms, calls, or direct communication
  • User-generated data — AI inputs, prompts, workflow instructions, file uploads, and other content you provide when using our systems
  • Technical data — IP address, browser type, device identifiers, operating system, and referral source collected automatically when you visit our website
  • Cookies and analytics data — session data, usage patterns, and interaction data collected via cookies and analytics tools (see Section 6)
  • Payment and billing information — processed by third-party payment providers; we do not store full card details on our servers

We do not knowingly collect data from individuals under the age of 16.

Section 03

How We Use Your Data

We use the information we collect for the following purposes:

  • Delivering AI automation and consulting services you have engaged us to provide
  • Operating, configuring, and monitoring AI systems and automated workflows on your behalf
  • Communicating with you, including onboarding, project updates, and support
  • Sending relevant marketing communications — you may opt out at any time via the unsubscribe link in any email or by contacting us directly
  • Improving the quality, reliability, and security of our products and services
  • Meeting our legal, compliance, and contractual obligations

We do not sell your personal data to third parties for their own marketing purposes.

Section 04

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following legal bases:

  • Consent — where you have given clear, informed consent (e.g., subscribing to marketing communications)
  • Contractual necessity — where processing is required to perform a contract with you or take pre-contractual steps at your request
  • Legitimate interests — where processing is necessary for our legitimate business interests, such as improving our services and preventing fraud, provided these interests are not overridden by your rights
  • Legal obligation — where processing is required to comply with a legal obligation to which we are subject

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Section 05

AI Processing & Transparency

Dion AI LLC builds and deploys AI-powered systems, agents, and workflows. Where your data is processed through these systems, the following principles apply:

  • Accuracy — AI-generated outputs may not always be fully accurate or complete. We recommend human review of AI outputs before relying on them for consequential decisions
  • Model training — your personal data and inputs are not used to train publicly-available AI models without your explicit prior consent
  • Human oversight — where required by law or agreed in our service terms, human review and approval is applied to automated decisions that significantly affect you
  • Third-party AI providers — we may use services from providers such as OpenAI, Anthropic, and others to operate AI features. These providers have their own data processing terms, which are linked where applicable
Section 06

Cookies & Tracking

Our website uses cookies and similar tracking technologies. We use three categories of cookies:

  • Essential cookies — strictly necessary for the website to function. These cannot be disabled without affecting core functionality
  • Analytics cookies — used to understand how visitors interact with our website (e.g., via Google Analytics) to improve user experience
  • Marketing cookies — used to track visitors across websites for the purpose of displaying relevant advertising

You can manage your cookie preferences at any time through your browser settings. Note that disabling certain cookies may impact the functionality of our website. Where required by law, we obtain your consent before placing non-essential cookies.

Section 07

Data Sharing & Third Parties

We do not sell or rent your personal data. We may share data with trusted third-party service providers strictly for the purpose of delivering our services:

  • Platform & hosting providers — including GoHighLevel (CRM and automation platform), cloud infrastructure providers, and website hosting services
  • Analytics providers — such as Google Analytics for website usage data
  • Payment processors — such as Stripe, for secure handling of billing and transactions
  • AI service providers — including OpenAI and other AI infrastructure providers used to power our automation systems
  • Professional advisors — legal, accounting, or other professional advisors where necessary
  • Law enforcement or regulatory authorities — where required by applicable law

All third-party processors are required to handle your data in compliance with applicable privacy law and our data processing agreements.

Section 08

International Data Transfers

Dion AI LLC operates across multiple jurisdictions. Your data may be processed in or transferred to countries outside your own, including the United States and Australia.

Where we transfer data from the EEA or UK to third countries, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms — to ensure your data receives an equivalent level of protection.

Section 09

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Specifically:

  • Client records are retained for the duration of our engagement and for up to 7 years thereafter for legal and compliance purposes
  • Marketing contact data is retained until you withdraw consent or opt out
  • Website analytics data is retained in accordance with the settings of the relevant analytics platform

Upon receiving a verified deletion request, we will delete or anonymise your personal data within 30 days, unless retention is required by applicable law.

Section 10

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your data, subject to legal retention obligations
  • Right to restrict processing — request that we limit how we use your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to withdraw consent — withdraw any consent you have given at any time
  • Right to opt out of marketing — unsubscribe from marketing communications at any time
  • Right to lodge a complaint — contact the relevant supervisory authority in your jurisdiction

To exercise any of these rights, please contact us at the details in Section 13. We will respond within 30 days of receiving a verified request.

Section 11

Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest
  • Secure, access-controlled servers and cloud infrastructure
  • Role-based access controls limiting data access to authorised personnel only
  • Regular security monitoring and vulnerability assessments
  • Incident response procedures for data breaches, including notification obligations

No system is entirely immune to risk. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

Section 12

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practice. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our services following any changes constitutes your acceptance of the updated policy.

Section 13

Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us directly:

Privacy enquiries
[email protected]

We aim to respond to all legitimate privacy enquiries within 5 business days, and to all formal rights requests within 30 days.