Privacy Policy — Cornerstone AI
Contact Us

Privacy Policy

Effective 2026 — Applies to all users and packages

Cornerstone AI is a systems and automation brand owned and operated by Venture Mentors. This Privacy Policy explains how Cornerstone AI and Venture Mentors ("we", "our", "us") collect, store, use, and protect personal information when you ("Client", "you", "your") use our services. It also explains how we handle the personal information of your customers that passes through the systems we build for you. We take this seriously — your business runs on trust, and so does ours.

1. Who This Policy Covers

This policy applies to two groups of people:

  • Our Clients — business owners who subscribe to a Cornerstone AI package
  • Your Customers — the leads, clients, and contacts whose details flow through the forms, quoting systems, booking pages, and automations we build and manage for you

We handle both with the same level of care. Where your customers' information is concerned, we act on your instructions and use that data solely to deliver your service — nothing more.

2. Information We Collect

2.1 From You (Our Client)

  • Business name, contact name, email, and phone number
  • Business details such as services offered, pricing structures, and branding
  • Billing and payment details (processed by secure third-party payment providers — we never store full card numbers)
  • Account access details you provide for setup (such as website, domain, calendar, Google, Stripe, or social media logins)
  • Communications with our team, including emails and support requests

2.2 From Your Customers (Through Your Systems)

  • Names, email addresses, and phone numbers submitted through quote forms, lead capture forms, and chatbots
  • Service details such as property size, service type, location, and booking preferences
  • Appointment and booking information
  • Any information your customers choose to provide in form fields or messages

2.3 Collected Automatically

  • Basic analytics data such as page visits, form completions, and conversion tracking on the pages we build for you
  • Standard technical data such as browser type and device information, used only to keep your systems working properly

3. How We Use Information

We use personal information for one purpose: delivering and supporting your service. Specifically, this means:

  • Building, installing, and maintaining your automation systems
  • Routing leads, quotes, and bookings through your workflows
  • Sending automated communications on your behalf (quotes, confirmations, follow-ups, review requests)
  • Providing support, troubleshooting, and system updates
  • Processing your subscription billing
  • Communicating with you about your account and build progress

What we will never do

  • Sell your data, or your customers' data, to anyone
  • Share your client lists or lead information with third parties for their own use
  • Use your customers' personal information for our own marketing
  • Access your accounts or data beyond what is needed to deliver your service

Where requested, we are happy to provide a signed statutory declaration confirming that we do not sell, share, or use your client data for any purpose other than delivering your service.

4. Where Your Data Is Stored

We use GoHighLevel (GHL) as our CRM and systems platform. GHL is a US-based company headquartered in Dallas, Texas. Data processed through your systems is stored securely on their platform with the following protections in place:

  • All data is encrypted at rest and in transit
  • GHL is certified under the EU Data Privacy Framework
  • GHL explicitly states it will never use personal data uploaded to its platform for its own purposes — data is used solely to deliver the service
  • A full Data Processing Agreement (DPA) is available on request

4.1 Other Service Providers

Depending on your package, we may also use trusted platforms for automation, email delivery, scheduling, and document signing. Every provider we use is selected with data security in mind, and each is given access only to the information needed to perform its specific function within your system.

4.2 Overseas Storage

Because some of our service providers (including GHL) are based outside Australia, personal information may be stored or processed overseas. We take reasonable steps, consistent with the Australian Privacy Principles under the Privacy Act 1988 (Cth), to ensure any overseas provider handles personal information securely and in line with this policy.

5. Sensitive & Confidential Information

Some businesses handle customer information that carries a higher duty of care — whether due to the personal nature of the services provided, the vulnerability of the people being served, or industry-specific regulations and standards.

Every Cornerstone AI account is built with this standard in mind:

  • We treat all customer data flowing through your systems as confidential, regardless of how it is formally classified
  • We design your forms and workflows to collect only what is needed to deliver your service — no unnecessary data capture
  • Our team accesses your customer records only when required for setup, troubleshooting, or support that you have requested
  • We will sign a Data Processing Agreement or statutory declaration on request, confirming how your data is handled

If your business operates under specific privacy, regulatory, or professional compliance obligations, let us know during onboarding. We will work with you to make sure your system supports those obligations rather than complicates them.

6. Your Role and Ours

For your customers' personal information, you are the data controller — you decide what is collected and why. We act as your data processor — we handle that information on your instructions, solely to operate the systems we build for you.

This means you remain responsible for:

  • Having a lawful basis to collect your customers' information
  • Maintaining your own customer-facing privacy notices where required
  • Telling us about any specific privacy or compliance requirements that apply to your industry

And we are responsible for handling that information securely, using it only as instructed, and supporting you with the documentation you need.

7. Account Access & Credentials

During setup, we may ask for access to accounts such as your website, domain registrar, calendar, Google, Stripe, or social media platforms. When you share these with us:

  • Credentials are used only for the setup or support task they were provided for
  • They are stored securely and shared only with team members working on your account
  • You may change your passwords or revoke our access at any time once setup is complete
  • Where a platform supports it, we recommend granting team or collaborator access instead of sharing passwords directly

8. Security

We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss, and unauthorised access. This includes:

  • Encryption of data at rest and in transit across our core platforms
  • Access controls limiting who on our team can view client systems
  • Using established, security-certified platforms rather than building or hosting data storage ourselves
  • Reviewing the security practices of any new provider before introducing it into client systems

No system is completely immune to risk, but if we ever become aware of a data breach affecting your information, we will notify you promptly and act in line with the Notifiable Data Breaches scheme under Australian law.

9. Data Retention & Deletion

We keep personal information only for as long as it is needed to deliver your service.

  • While your subscription is active, your data and your customers' data remain in your system so your automations can run
  • When your subscription ends, system access is removed in line with our Terms & Conditions
  • You may request an export of your customer data before your final paid month ends — just ask and we will arrange it
  • After cancellation, data held in your account is deleted or de-identified within a reasonable period, except where we are required by law to retain certain records (such as billing history)

10. Cookies & Analytics

The pages we build for you may use cookies and similar technologies to:

  • Keep forms and booking flows working correctly
  • Track conversions so you can see how your system is performing
  • Support remarketing or advertising features, but only if you choose to enable them

Visitors can manage or disable cookies through their browser settings at any time.

11. Access, Correction & Complaints

You can request access to, or correction of, the personal information we hold about you at any time by contacting us. We will respond within a reasonable timeframe.

If one of your customers contacts us directly about their information, we will refer them to you as the data controller and assist you in actioning their request.

If you have a privacy concern or complaint, contact us first and we will work to resolve it promptly. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, platforms, or legal requirements. The current version will always be available on this page, and material changes will be communicated to active clients.

13. Contact Us

For any privacy questions, data requests, Data Processing Agreements, or to request a statutory declaration regarding the handling of your data, reach out through our contact page and our team will respond during business hours (Monday to Friday, 9:00 AM to 5:00 PM AEST).

Questions about your privacy?

We're happy to walk you through exactly how your data is stored, protected, and used — no vague answers.

Contact Us

© 2026 Cornerstone AI™. All rights reserved.

Home Contact