PRIVACY POLICY

1. Who We Are and Our Commitment to Your Privacy

OmniPulse (ABN: 18 685 524 387), operated by Omnipulse Pty Ltd ("OmniPulse," "we," "us," or "our"), is an AI strategy consulting and commercial advisory business operating across Australia, New Zealand, and internationally.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"). We take our obligations seriously and are committed to handling your personal information with care, transparency, and integrity.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have in relation to it. It applies to all personal information we collect through our website at www.omnipulseai.ai, our contact forms, our business development communications, and our professional services engagements.

OmniPulse is an authorised reseller and commercial partner of The Augmented 4 Pty Ltd (ACN: 686 749 575) ("The Augmented 4"). We use The Augmented 4's AI agent platform to conduct our own business development activities, including outbound prospecting calls, emails, and SMS communications. This Policy covers how OmniPulse handles your personal information throughout those activities and in the delivery of our professional services.

This Policy does not cover The Augmented 4's own data practices. Where you proceed to engage The Augmented 4 directly for platform services following an introduction by OmniPulse, their own Privacy Policy governs that arrangement and is available at www.ta4.ai.

For all privacy-related questions or requests, contact us at:
Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai

2. Scope of This Policy

This Policy applies to personal information we collect from:

• (a) Visitors to our website at www.omnipulseai.ai;
• (b) Individuals who submit enquiries through our contact form, booking forms, or other intake channels;
• (c) Prospective clients we identify and contact through outbound business development activities, including calls, emails, and SMS messages conducted with the assistance of The Augmented 4's AI agent platform;
• (d) Clients who engage OmniPulse for professional AI strategy consulting and advisory services; and
• (e) Business contacts, referral partners, and other individuals we interact with in the normal course of our business.

This Policy does not apply to personal information processed by The Augmented 4 on behalf of their own customers. Where OmniPulse introduces a client to The Augmented 4 and that client proceeds to engage The Augmented 4 directly, the ongoing handling of that client's data by The Augmented 4 is governed by The Augmented 4's own privacy policy and customer agreement.

3. What Personal Information We Collect

3.1 Information You Provide to Us

We collect personal information you provide directly, including:

• (a) Identity information: your full name, job title, and company name, collected when you submit an enquiry, book a meeting, or engage our services;
• (b) Contact information: your email address, phone number, and business address, collected through our contact form, booking systems, and during the course of our business communications;
• (c) Professional information: details about your role, business, industry, and technology environment, shared during discovery conversations, strategy sessions, or onboarding processes; and
• (d) Communications: the content of enquiries, meeting notes, email correspondence, and feedback you provide during our engagement.

3.2 Information Collected Through Our Business Development Activities

OmniPulse uses The Augmented 4's AI agent platform to conduct outbound prospecting and business development. In connection with these activities, we may collect:

• (a) Contact details sourced from publicly available business directories, professional networks such as LinkedIn, or referral partners, where lawful and relevant to our services;
• (b) Call recordings and transcripts from conversations between you and our AI agents or human representatives, where consent has been obtained; and
• (c) Response and engagement data from emails, SMS messages, and other communications we send to you, including whether a message was opened or responded to.

3.3 Information Collected Automatically

When you visit our website, we automatically collect:

• (a) Device and browser information: IP address, browser type and version, operating system, and device type;
• (b) Usage data: pages visited, time spent on pages, links clicked, and referring website addresses, collected through analytics tools; and
• (c) Cookie data: information stored on your device through cookies and similar technologies, as described in Section 14 of this Policy.

3.4 Information We Do Not Collect

OmniPulse does not collect sensitive information (as defined under the Privacy Act 1988, including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or biometric data) unless you voluntarily provide it and we have obtained your explicit consent. In the ordinary course of our business development and consulting activities, we have no need for sensitive information and we will not seek to collect it.

4. How We Collect Your Information

We collect personal information:

• (a) directly from you when you submit a contact form, respond to an outreach communication, attend a demonstration, or engage our professional services;
• (b) through automated systems when you visit our website, using cookies and analytics tools as described in Section 14;
• (c) from publicly available sources, including business directories and professional networking platforms, where we identify individuals who may benefit from our services; and
• (d) through call recordings and interaction logs during AI agent communications, where consent has been obtained.

We collect only the personal information that is reasonably necessary for our functions and activities, and we do so by lawful and fair means in accordance with APP 3.

Where practicable, you have the option of not identifying yourself or of using a pseudonym when dealing with us. However, in most cases we require your identity and contact details in order to respond to enquiries or deliver our services.

Where our AI agents contact you by telephone, the agent will identify itself as an AI-powered system at the commencement of the call and will inform you that the call may be recorded. You may decline to continue the interaction at any time and we will record your preference accordingly.

5. Why We Collect and Use Your Information

We use the personal information we collect for the following purposes:

• (a) To respond to your enquiries and manage follow-up communications arising from your Contact Submission or from our outbound business development activities;
• (b) To assess whether and how OmniPulse's professional services or The Augmented 4's platform may assist your business;
• (c) To conduct outbound prospecting, including AI agent calls, emails, and SMS messages, to connect with businesses that may benefit from AI strategy consulting or The Augmented 4's technology;
• (d) To deliver professional AI strategy consulting, implementation advisory, and technology introduction services to clients who engage OmniPulse;
• (e) To record and transcribe calls conducted by AI agents for the purposes of accurate follow-up, quality assurance, compliance, and performance improvement;
• (f) To send you relevant information about OmniPulse's services and The Augmented 4's platform where you have consented to receive such communications;
• (g) To manage our business operations, including invoicing, record keeping, and professional correspondence;
• (h) To improve the quality and performance of our communications, website, and service delivery; and
• (i) To comply with our legal and regulatory obligations under applicable Australian and international law.

We will not use your personal information for a purpose other than the purpose for which it was collected, unless you have consented to that secondary use, the secondary purpose is directly related to the primary purpose and you would reasonably expect us to use your information in that way, or we are required or authorised by law to do so (APP 6).

If we receive personal information about you that we did not actively seek and we determine that we could not have lawfully collected it, we will destroy or de-identify that information as soon as practicable and where it is lawful to do so (APP 4).

6. Consent to AI-Assisted Contact and Call Recording

6.1 How We Obtain Consent

Where you submit an enquiry through our website contact form, you will be asked to confirm your agreement to our Terms of Service and this Privacy Policy by ticking a clearly visible, pre-unticked checkbox before your submission is accepted. That checkbox constitutes your express consent to:

• (a) being contacted by OmniPulse via telephone, email, SMS, and chat, including through AI-powered agents operating on The Augmented 4's platform; and
• (b) telephone calls being recorded and transcribed for the purposes set out in Section 5(e) of this Policy.

Where OmniPulse contacts you through outbound prospecting and you were not previously a website enquirer, consent to call recording will be obtained verbally at the commencement of the call. If you do not provide consent to recording, the call will proceed unrecorded and your preference will be noted.

6.2 What Call Recording Involves

When our AI agents or human representatives conduct telephone calls on behalf of OmniPulse, those calls may be recorded and transcribed. Recordings and transcripts are used to:

• (a) generate accurate call summaries and notes for follow-up purposes;
• (b) maintain an accurate record of communications for compliance and quality assurance;
• (c) assist in training and improving AI agent performance; and
• (d) resolve any disputes about the content of communications.

Call recordings are stored securely and retained in accordance with the retention periods set out in Section 12 of this Policy.

6.3 AI Disclosure

Our AI agents will identify themselves as AI-powered systems at the commencement of each telephone call or communication channel interaction. OmniPulse does not direct or program AI agents to misrepresent their nature as human.

6.4 State and Territory Surveillance Laws

OmniPulse operates in compliance with the Telecommunications (Interception and Access) Act 1979 (Cth) and applicable state and territory surveillance device legislation. Because laws vary across jurisdictions regarding consent requirements for call recording, our AI agents obtain verbal consent at the start of each call before recording commences. If consent to recording is not provided, the call will proceed without recording.

6.5 Withdrawing Consent to Be Contacted

You may withdraw consent to further contact from OmniPulse at any time by:

• (a) emailing Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai;
• (b) informing our AI agent or a human representative during any communication; or
• (c) using the unsubscribe facility included in any electronic marketing message.

OmniPulse will process all withdrawal requests within five business days in accordance with the Spam Act 2003 (Cth). Withdrawal of consent to contact does not affect the validity of this Privacy Policy or any processing that occurred before the withdrawal.

6.6 Do Not Call Register Compliance

OmniPulse checks telephone numbers against the Australian Do Not Call Register at least every 30 days before initiating outbound calling campaigns. We do not make unsolicited telemarketing calls to numbers listed on the Register unless the individual has provided express consent to be contacted by us.

7. Automated Decision-Making and AI Transparency

AI Transparency Notice (APP 1.7, effective 10 December 2026): OmniPulse uses AI-powered technology, operated through The Augmented 4's platform, in the conduct of its business development and client communication activities.

7.1 How We Use Automated Systems

OmniPulse uses AI agent technology to assist with:

• (a) outbound prospecting calls, where an AI agent initiates and conducts initial contact with prospective clients on OmniPulse's behalf;
• (b) email and SMS follow-up, where AI-assisted tools generate and send follow-up communications based on prior interaction data;
• (c) call routing and scheduling, where AI tools assist in managing appointment bookings and follow-up sequencing; and
• (d) call summarisation and note generation, where AI transcription tools process recorded calls to generate summaries for human review.

7.2 Human Oversight

OmniPulse does not rely on fully automated decision-making for any significant commercial decision. All decisions regarding whether to proceed with a client engagement, the content of strategy advice, and the terms of any professional services arrangement involve human review by OmniPulse personnel. AI tools assist with communication and organisation; they do not make binding decisions on OmniPulse's behalf.

7.3 Kinds of Personal Information Used

Personal information used in our automated communication processes includes names, contact details, job titles, company information, call recordings, and interaction history.

7.4 Your Rights in Relation to AI Processing

You have the right to request human review of any AI-assisted process that you believe has significantly affected you. To make such a request, contact us at Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai.

7.5 AI-Generated Information

Where AI systems generate, infer, or summarise information from your interactions with us, we treat that information as personal information where it relates to an identified or reasonably identifiable individual, and handle it in accordance with the APPs and OAIC guidance on AI-generated data.

8. Who We Share Your Information With

We do not sell your personal information. We do not share your personal information with third parties for their own marketing or commercial purposes. We may share your information only in the following circumstances:

• (a) The Augmented 4: Where OmniPulse introduces you to The Augmented 4's platform, your contact details and relevant engagement context may be shared with The Augmented 4 to facilitate a demonstration or introductory conversation. This sharing is limited to what is necessary for that introduction. The Augmented 4's handling of your information following that introduction is governed by their own Privacy Policy.
• (b) Technology and service providers: Third-party providers who assist OmniPulse in operating its business, including CRM platforms, email delivery tools, scheduling software, analytics providers, and website hosting. These providers are engaged under contractual terms that require them to protect your information and use it only for the purpose of providing their services to us.
• (c) Professional advisors: Lawyers, accountants, auditors, and insurers, where necessary for the conduct of our business.
• (d) Law enforcement and regulators: Where required by applicable law, court order, or government authority, or where necessary to protect OmniPulse's rights, property, or safety, or the safety of others.
• (e) Business transfers: In connection with a merger, acquisition, restructure, or sale of all or substantially all of OmniPulse's assets, your personal information may be transferred as part of that transaction. We will provide advance notice of any such transfer.

9. The Augmented 4: Our Technology Partner

OmniPulse operates as an authorised reseller and commercial partner of The Augmented 4. We use The Augmented 4's AI agent platform to conduct our own outbound business development activities.

9.1 How Their Platform Interacts With Your Data

When OmniPulse uses The Augmented 4's platform to contact you, your personal information (including your contact details and interaction data from calls, emails, or SMS) is processed through that platform to deliver the communication. OmniPulse maintains a commercial agreement with The Augmented 4 that governs the handling of data within their platform.

9.2 Data Hosting

The Augmented 4 hosts its platform on Australian AWS infrastructure. Personal information processed through that platform in connection with OmniPulse's activities is stored within Australia.

9.3 Your Relationship With The Augmented 4

OmniPulse is your primary point of contact for all matters relating to how we handle your information. Where you have a question or concern about data processed through The Augmented 4's platform on our behalf, contact us at Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai and we will coordinate with The Augmented 4 as required.

Where you proceed to engage The Augmented 4 directly following an OmniPulse introduction, your relationship with them is governed by their own Customer Agreement and Privacy Policy. OmniPulse is not a party to that arrangement.

10. Overseas Disclosure and Data Location

10.1 Australian-Based Storage

OmniPulse's primary systems and The Augmented 4's platform are hosted within Australia. Your personal information is stored in Australia.

10.2 Potential Overseas Processing

In some circumstances, personal information may be processed or accessible outside Australia, including where:

• (a) OmniPulse uses third-party tools or platforms operated by companies based overseas, such as CRM or email delivery providers with infrastructure in the United States or other jurisdictions; or
• (b) OmniPulse contacts individuals located outside Australia as part of its international business development activities.

In accordance with APP 8, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs, including through contractual protections. OmniPulse accepts accountability for the acts of overseas recipients where required by law.

10.3 Countries

As at the date of this Policy, overseas recipients may be located in the United States. We will update this section as our service and technology arrangements evolve.

11. Data Security

OmniPulse takes the security of personal information seriously. We implement technical and organisational measures consistent with the requirements of APP 11 and the 2024 amendments to the Privacy Act, including:

• (a) encryption of data in transit using TLS 1.2 or higher and encryption of data at rest;
• (b) role-based access controls and multi-factor authentication for systems containing personal information;
• (c) use of reputable third-party platforms with recognised security certifications;
• (d) periodic review of security practices and third-party supplier arrangements; and
• (e) a documented incident response process for identifying, containing, and reporting data security incidents.

While we take all reasonable precautions, no method of data transmission or storage is completely secure. We cannot guarantee absolute security but commit to responding promptly and appropriately to any incident that arises.

12. How Long We Keep Your Information

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, or as required by applicable law. Our general retention periods are:

• (a) Enquiry and contact records: three years from the date of the enquiry or last communication, for customer service and compliance purposes;
• (b) Professional services engagement records: seven years from the conclusion of the engagement, in accordance with Australian tax and financial record-keeping obligations;
• (c) Call recordings and transcripts: twelve months from the date of the recording, unless a longer period is required for compliance, dispute resolution, or legal purposes;
• (d) Marketing consent records: the duration of the consent plus three years, to maintain evidence of compliance;
• (e) Do-not-contact records: five years from the date of the withdrawal request, to ensure ongoing compliance with communication preferences and applicable telemarketing laws;
• (f) Website analytics data: 26 months, for website improvement purposes, after which it is aggregated and de-identified; and
• (g) Financial and billing records: seven years after the relevant transaction, as required by Australian law.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it in accordance with APP 11.2.

13. Your Privacy Rights

13.1 Right of Access (APP 12)

You may request access to the personal information OmniPulse holds about you. We will respond within 30 days. In limited circumstances permitted by law, we may decline to provide access, and we will give reasons for any refusal.

13.2 Right of Correction (APP 13)

You may request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within 30 days.

13.3 Right to Withdraw Consent to Contact

You may withdraw consent to being contacted by OmniPulse at any time as described in Section 6.5. Withdrawal of consent to contact does not affect this Privacy Policy, which continues to govern information we have already collected.

13.4 Right to Opt Out of Marketing Communications

You may opt out of receiving commercial electronic messages from us at any time by using the unsubscribe facility in any email or SMS we send, or by contacting us at Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai. We will process your request within five business days.

13.5 Right to Request Deletion

You may request deletion of your personal information where it is no longer needed for the purpose for which it was collected. Some information may need to be retained for legal, tax, or compliance reasons as set out in Section 12.

13.6 Right to Human Review of AI-Assisted Processes

Where you believe an AI-assisted process used by OmniPulse has significantly affected you, you have the right to request human review. Contact us at Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai.

13.7 No Opt-Out of This Privacy Policy

This Privacy Policy is a legal disclosure document that applies whenever OmniPulse collects your personal information. You cannot opt out of this Policy. However, you can exercise any of the rights described above at any time, and we will honour those requests promptly and in accordance with applicable law.

To exercise any of your rights, contact us at Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai. We may need to verify your identity before processing your request.

14. Cookies and Website Tracking

14.1 What We Use

Our website uses cookies and similar tracking technologies to provide essential website functionality, analyse how visitors use our site, and improve our website and communications.

14.2 Types of Cookies

• (a) Essential cookies: Required for the website to function, including session management. Duration: session or up to 12 months.
• (b) Analytics cookies: Help us understand how visitors interact with our website. Duration: up to 26 months.
• (c) Functional cookies: Remember your preferences and settings. Duration: up to 12 months.

14.3 Managing Cookies

You can manage your cookie preferences through our cookie consent banner, your browser settings, or by contacting us. Disabling essential cookies may affect the functionality of our website.

15. Telemarketing and Communication Compliance

15.1 Australian Compliance

All OmniPulse communications comply with applicable Australian legislation, including:

• (a) the Spam Act 2003 (Cth), which prohibits sending unsolicited commercial electronic messages without consent and requires accurate sender identification and a functional unsubscribe facility in every message;
• (b) the Do Not Call Register Act 2006 (Cth), which prohibits telemarketing calls to numbers listed on the Register without a recognised exemption;
• (c) the Telecommunications (Telemarketing and Research Calls) Industry Standard 2017, prescribing permitted calling hours, caller identification requirements, and call handling obligations; and
• (d) the Privacy Act 1988 (Cth) and the Australian Privacy Principles, governing the collection, use, disclosure, and storage of personal information.

15.2 New Zealand Compliance

Where OmniPulse contacts individuals in New Zealand, we comply with:

• (a) the Privacy Act 2020 (NZ) and its Information Privacy Principles;
• (b) the Unsolicited Electronic Messages Act 2007 (NZ), which prohibits sending unsolicited commercial electronic messages without consent; and
• (c) the Telecommunications Information Privacy Code 2020, where applicable.

15.3 Record Keeping

OmniPulse maintains records of all consents, Do Not Call Register checks, and communication preference records for a minimum of five years in accordance with applicable regulatory requirements. Records include the date and method of consent, the terms presented at the time of collection, and any subsequent changes to communication preferences.

16. International Users

16.1 New Zealand

If you are located in New Zealand, the following additional provisions apply under the Privacy Act 2020 (NZ) and its Information Privacy Principles ("IPPs"):

• (a) We collect personal information only for lawful purposes related to our functions and activities, and only to the extent reasonably necessary for those purposes (IPP 1).
• (b) Where practicable, we collect personal information directly from you (IPP 2).
• (c) We do not collect personal information by unlawful, unfair, or unreasonably intrusive means (IPP 4).
• (d) Before disclosing personal information to a recipient outside New Zealand, we will take reasonable steps to ensure the recipient is subject to comparable privacy protections (IPP 12).
• (e) You have the right to request access to your personal information (IPP 6), request correction of inaccurate information (IPP 7), and lodge a complaint with the New Zealand Office of the Privacy Commissioner at www.privacy.org.nz.

16.2 European Economic Area and United Kingdom

If you are located in the EEA or UK, the following additional provisions apply under the GDPR (EU) 2016/679 or UK GDPR:

• (a) Legal basis: We process your personal data on the basis of contractual necessity (Article 6(1)(b)), legitimate interests (Article 6(1)(f)), consent (Article 6(1)(a)), and legal obligation (Article 6(1)(c)).
• (b) Automated decision-making (Article 22): Where our systems involve solely automated decision-making that produces legal or similarly significant effects, we will ensure you have the right to obtain human intervention, express your view, and contest the decision.
• (c) International transfers: Where personal data is transferred from the EEA or UK to Australia or other countries, we implement appropriate safeguards including Standard Contractual Clauses or equivalent mechanisms approved by the relevant authority.
• (d) Additional rights: You may also have the right to object to processing, restrict processing, and lodge a complaint with your local supervisory authority.

16.3 California Residents

If you are a California resident, you may have rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we collect and use, the right to request deletion, the right to correct inaccurate information, and the right to non-discrimination for exercising privacy rights. OmniPulse does not sell personal information. To exercise your California privacy rights, contact us at Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai.

16.4 United States: TCPA Compliance

For individuals located in the United States, OmniPulse's AI agent calls are classified as calls using an artificial or prerecorded voice under the Telephone Consumer Protection Act (47 U.S.C. 227). We obtain prior express written consent before making such calls to individuals in the United States. You may revoke consent to AI agent calls at any time by contacting us.

17. Data Breach Notification

In the event of an eligible data breach under Part IIIC of the Privacy Act 1988, OmniPulse will comply with the Notifiable Data Breaches scheme. This requires us to:

• (a) take reasonable steps to contain the breach and assess the risk of harm to affected individuals within 30 days of becoming aware of the breach;
• (b) notify the Office of the Australian Information Commissioner and affected individuals as soon as practicable if the breach is likely to result in serious harm; and
• (c) include in any notification a description of the breach, the kinds of information involved, and recommended steps for individuals to protect themselves.

For New Zealand users, we will comply with the mandatory breach notification requirements under Part 6 of the Privacy Act 2020 (NZ), including notifying the New Zealand Office of the Privacy Commissioner.

For EEA and UK users, we will comply with the 72-hour notification obligation to the relevant supervisory authority under Articles 33 and 34 of the GDPR or UK GDPR.

OmniPulse will coordinate with The Augmented 4 on any breach that involves data processed through their platform.

18. Children's Privacy

Our services are designed for business and professional use and are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we hold personal information about a child, we will take reasonable steps to delete it promptly. If you believe we hold personal information about a child, contact us at Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai.

19. Complaints

If you believe OmniPulse has handled your personal information in a way that breaches the APPs or this Policy, you may lodge a complaint with us.

To make a complaint, email Dclelland@omnipulseai.ai or bshaddick@omnipulseai.ai with the subject line "Privacy Complaint." We will acknowledge your complaint within five business days and provide a substantive response within 30 days.

If you are not satisfied with our response, you may contact:

New Zealand residents may contact the New Zealand Office of the Privacy Commissioner at www.privacy.org.nz or by calling 0800 803 909.

EEA and UK residents may contact their local data protection supervisory authority.

California residents may contact the California Privacy Protection Agency at cppa.ca.gov.

20. Changes to This Policy

OmniPulse may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or our technology arrangements. Where changes are material, we will:

• (a) post a prominent notice on our website at least 30 days before the changes take effect; and
• (b) where applicable, send a notification to any email address associated with an active engagement with OmniPulse.

We encourage you to review this Policy periodically. The "Last Updated" date at the top of this document will reflect the date of the most recent revision. Your continued engagement with OmniPulse after any update takes effect constitutes acceptance of the revised Policy.

21. Contact Us

For all privacy-related questions, requests, or complaints, contact us at:

For matters relating specifically to The Augmented 4's own privacy practices: