Last updated: 11 June 2026
Overview and Scope
This AI Policy explains how we use artificial intelligence (AI) on our public website (nookal.com and subdomains), in our products and support channels, and in internal operations that may affect website visitors, prospects, and customers.
This policy works alongside our Privacy Policy, Terms of Use, Security Statement, and any customer agreements. If a conflict exists, the terms of your signed agreement with Nookal will prevail to the extent of any inconsistency
What We Mean by โAIโ
โAIโ includes machine learning and large language model (LLM) systems used for tasks such as chat assistance, search, summarization, analytics, anomaly detection, and content generation.
Where We Use AI
- Website and marketing: site search, content recommendations, spam/abuse filtering, analytics, and optional website chat assistants.
- Support: suggested help articles, ticket triage, and agent assistance.
- Product features (if enabled in your account): optional drafting, summarization, or automation features designed to increase efficiency. These are off by default unless specifically enabled by an administrator.
- Internal operations: fraud prevention, security monitoring, and quality assurance.
How AI Features Should Be Used
- AI outputs may be inaccurate or incomplete and are provided for informational purposes only.
- AI outputs are not medical, legal, or financial advice and should not replace clinical judgment or professional decisionโmaking.
- You are responsible for reviewing AIโgenerated content before using it.
- We do not make any warranty as to the AI outputs, the results that may be obtained from the use of the AI output or the accuracy of any information obtained through the use of AI or the AI output including with respect to the factual accuracy of any information obtained through the AI output or suitability for your use.
Data We Process for AI
Depending on the feature and your settings, we may process:
- Website data: page views, clicks, device information, rough location, and referrers.
- Account and communication data: profile information, preferences, tickets, chat transcripts, and feedback.
- Content you submit to AI features: prompts, files, and messages you choose to provide.
- Product telemetry (if enabled): feature usage and performance metrics. We do not sell personal data.
Please refer to our Privacy Policy for more information on how we may use your personal information (to the extent it is part of your use of the AI).
Sensitive Data and PHI
- Do not submit protected health information (PHI), special category data, or other sensitive personal data into any AI feature unless your agreement and feature documentation explicitly state that the feature is approved and configured for such data.
- If a feature is designated as approved for regulated data, it will use appropriately scoped infrastructure and vendors and apply required safeguards
Training and Model Use
- We do not allow thirdโparty AI providers to train their foundation models on customer content or personal data processed via Nookalโs AI features.
- Where feasible, we use zeroโretention or noโtraining modes and strict data handling terms with AI vendors.
- We may use deโidentified and aggregated data to improve AI features and service quality. Deโidentified data is data that cannot reasonably be used to identify an individual or customer.
ThirdโParty AI Providers
- We may use vetted AI infrastructure and model providers (for example, cloudโhosted LLMs) bound by data processing and confidentiality obligations.
- Our current sub-processors are listed on our Sub-processors page. We will provide notice of material changes as required by our customer agreements.
Legal Bases and Compliance
- We rely on consent, legitimate interests, performance of a contract, or compliance with legal obligations, as appropriate under applicable law.
- We strive to comply with applicable privacy and data protection laws, including the Australian Privacy Act, GDPR/UK GDPR, and other regional requirements. For US users, certain features are designed to support HIPAAโaligned controls when explicitly designated and contracted.
Your Choices and Controls
- Optโout: You can opt out of website personalization cookies and certain analytics in our cookie banner or preferences centre.
- Feature controls: Administrators can enable/disable product AI features per workspace or user role where available.
- Review and correction: You may request access to, correction of, or deletion of your personal data as described in our Privacy Policy.
- Feedback: You can rate or report AI outputs to help us improve safety and quality.
Data Retention
- Website prompts and chat logs: are not retained where such prompt content is written. For audio transcription, source audio is retained for up to 7 days for troubleshooting, abuse prevention, and service improvement, after which it is automatically deleted. For clinical notes, we store the noteโs unique ID and not the note content.
- Product AI prompts and outputs: retained in accordance with your accountโs data retention settings and applicable agreements.
- We use controls to minimize the personal data included in logs and to segregate data by customer and region when applicable.
Security
- We apply administrative, technical, and physical safeguards, including encryption in transit and at rest, leastโprivilege access, logging and monitoring, vendor risk management, and secure development practices as set out in this document, to AI.
- AI features undergo risk assessment and testing before release, and material changes follow our change management process.
Fairness, Bias, and Safety
- We evaluate AI features for potential bias and unfair outcomes, apply safety filters where feasible, and monitor for harmful or discriminatory outputs.
- We prohibit using AI features to generate or disseminate unlawful, harassing, discriminatory, or misleading content.
Automated DecisionโMaking
- We do not use AI on the website to make decisions that produce legal or similarly significant effects without human involvement.
- If such features are introduced, we will provide clear notice and applicable rights, including the ability to request human review
Children
Our website and AI features are not directed to children. Do not submit personal data of individuals under the age required by local law without verified parental or guardian consent and a signed agreement permitting such processing.
Incident Response
We maintain security incident response procedures. If an incident occurs that affects your data, we will notify you in accordance with our legal and contractual obligations.
Questions? Contact privacy@nookal.com for privacy and compliance enquiries, or support@nookal.com for product support.