Check out our new tier pricing

AI Policy

Last updated: 11 June 2026


Overview and Scope

This AI Policy explains how we use artificial intelligence (AI) on our public website (nookal.com and subdomains), in our products and support channels, and in internal operations that may affect website visitors, prospects, and customers.

This policy works alongside our Privacy Policy, Terms of Use, Security Statement, and any customer agreements. If a conflict exists, the terms of your signed agreement with Nookal will prevail to the extent of any inconsistency


What We Mean by โ€œAIโ€

โ€œAIโ€ includes machine learning and large language model (LLM) systems used for tasks such as chat assistance, search, summarization, analytics, anomaly detection, and content generation.


Where We Use AI

  • Website and marketing: site search, content recommendations, spam/abuse filtering, analytics, and optional website chat assistants.
  • Support: suggested help articles, ticket triage, and agent assistance.
  • Product features (if enabled in your account): optional drafting, summarization, or automation features designed to increase efficiency. These are off by default unless specifically enabled by an administrator.
  • Internal operations: fraud prevention, security monitoring, and quality assurance.

How AI Features Should Be Used

  • AI outputs may be inaccurate or incomplete and are provided for informational purposes only.
  • AI outputs are not medical, legal, or financial advice and should not replace clinical judgment or professional decisionโ€‘making.
  • You are responsible for reviewing AIโ€‘generated content before using it.
  • We do not make any warranty as to the AI outputs, the results that may be obtained from the use of the AI output or the accuracy of any information obtained through the use of AI or the AI output including with respect to the factual accuracy of any information obtained through the AI output or suitability for your use.

Data We Process for AI

Depending on the feature and your settings, we may process:

  • Website data: page views, clicks, device information, rough location, and referrers.
  • Account and communication data: profile information, preferences, tickets, chat transcripts, and feedback.
  • Content you submit to AI features: prompts, files, and messages you choose to provide.
  • Product telemetry (if enabled): feature usage and performance metrics. We do not sell personal data.

Please refer to our Privacy Policy for more information on how we may use your personal information (to the extent it is part of your use of the AI).


Sensitive Data and PHI

  • Do not submit protected health information (PHI), special category data, or other sensitive personal data into any AI feature unless your agreement and feature documentation explicitly state that the feature is approved and configured for such data.
  • If a feature is designated as approved for regulated data, it will use appropriately scoped infrastructure and vendors and apply required safeguards

Training and Model Use

  • We do not allow thirdโ€‘party AI providers to train their foundation models on customer content or personal data processed via Nookalโ€™s AI features.
  • Where feasible, we use zeroโ€‘retention or noโ€‘training modes and strict data handling terms with AI vendors.
  • We may use deโ€‘identified and aggregated data to improve AI features and service quality. Deโ€‘identified data is data that cannot reasonably be used to identify an individual or customer.

Thirdโ€‘Party AI Providers

  • We may use vetted AI infrastructure and model providers (for example, cloudโ€‘hosted LLMs) bound by data processing and confidentiality obligations.
  • Our current sub-processors are listed on our Sub-processors page. We will provide notice of material changes as required by our customer agreements.

Legal Bases and Compliance

  • We rely on consent, legitimate interests, performance of a contract, or compliance with legal obligations, as appropriate under applicable law.
  • We strive to comply with applicable privacy and data protection laws, including the Australian Privacy Act, GDPR/UK GDPR, and other regional requirements. For US users, certain features are designed to support HIPAAโ€‘aligned controls when explicitly designated and contracted.

Your Choices and Controls

  • Optโ€‘out: You can opt out of website personalization cookies and certain analytics in our cookie banner or preferences centre.
  • Feature controls: Administrators can enable/disable product AI features per workspace or user role where available.
  • Review and correction: You may request access to, correction of, or deletion of your personal data as described in our Privacy Policy.
  • Feedback: You can rate or report AI outputs to help us improve safety and quality.

Data Retention

  • Website prompts and chat logs: are not retained where such prompt content is written. For audio transcription, source audio is retained for up to 7 days for troubleshooting, abuse prevention, and service improvement, after which it is automatically deleted. For clinical notes, we store the noteโ€™s unique ID and not the note content.
  • Product AI prompts and outputs: retained in accordance with your accountโ€™s data retention settings and applicable agreements.
  • We use controls to minimize the personal data included in logs and to segregate data by customer and region when applicable.

Security

  • We apply administrative, technical, and physical safeguards, including encryption in transit and at rest, leastโ€‘privilege access, logging and monitoring, vendor risk management, and secure development practices as set out in this document, to AI.
  • AI features undergo risk assessment and testing before release, and material changes follow our change management process.

Fairness, Bias, and Safety

  • We evaluate AI features for potential bias and unfair outcomes, apply safety filters where feasible, and monitor for harmful or discriminatory outputs.
  • We prohibit using AI features to generate or disseminate unlawful, harassing, discriminatory, or misleading content.

Automated Decisionโ€‘Making

  • We do not use AI on the website to make decisions that produce legal or similarly significant effects without human involvement.
  • If such features are introduced, we will provide clear notice and applicable rights, including the ability to request human review

Children

Our website and AI features are not directed to children. Do not submit personal data of individuals under the age required by local law without verified parental or guardian consent and a signed agreement permitting such processing.


Incident Response

We maintain security incident response procedures. If an incident occurs that affects your data, we will notify you in accordance with our legal and contractual obligations.

Questions? Contact privacy@nookal.com for privacy and compliance enquiries, or support@nookal.com for product support.

Chat with Us!
🍪 Cookies

🍪 Cookie Consent

We use cookies to provide functionality, improve, analyse, market, and support relevant solutions for you. More info ›