How long does onboarding take?

Most teams are up and running within a day. We handle setup, import your machine list, and walk your crew through the app on site.

What devices does it run on?

FaultPilot runs on any modern smartphone or tablet. iOS and Android. No special hardware needed — your crew's existing devices work fine.

Does it work offline or underground?

The app works offline and syncs automatically when connectivity returns. Designed for remote sites with patchy coverage.

How is our data stored and protected?

All data is encrypted in transit and at rest, hosted on secure cloud infrastructure in Australia. Your data belongs to your organisation and is never shared.

Can we use our own technical documentation?

Yes. Upload your verified knowledge and technical documents and FaultPilot will generate diagnostic workflows specific to your machines and procedures.

What does pricing look like?

FaultPilot offers three tiers — Core, Pro, and Enterprise — priced per head and per machine with volume discounts. Core covers essential fault logging and handovers. Pro adds AI diagnostics and fleet intelligence. Enterprise adds cross-site knowledge networks and custom integrations. Contact us for a quote tailored to your operation.

FaultPilot Technologies Pty Ltd

Data Processing Agreement

Last updated: May 2026 · Version 1.00

1. Introduction

1.1 This Data Processing Agreement (DPA) forms part of the Customer Agreement between FaultPilot Technologies Pty Ltd (ACN 687 468 202) (FT, we or us) and the Customer.

1.2 This DPA sets out the terms on which we process data on behalf of the Customer in connection with the FaultPilot platform.

2. Definitions and Interpretation

2.1 In this DPA:

Australian Privacy Principles or APPs means the Australian Privacy Principles set out in Schedule 1 of the Privacy Act 1988 (Cth).

Customer Agreement means the written agreement between FT and the Customer under which FT permits the Customer to use the FaultPilot platform.

Customer Data means all data provided by the Customer or its Authorised Users to FaultPilot, and all data generated by the Customer or its Authorised Users through their use of FaultPilot, including Uploaded Documentation, Operational Data, Diagnostic Outputs and any personal information submitted through the platform.

Data Breach means any unauthorised access to, disclosure of, or loss of Customer Data.

Personal Information has the meaning given in the Privacy Act 1988 (Cth).

Processing means any operation performed on Customer Data, including collection, storage, use, modification, retrieval, indexing, embedding, and deletion.

Sub-processor means any third-party service provider engaged by us to Process Customer Data on our behalf.

2.2 Any capitalised terms which are not defined in this DPA have the meaning given to them in the Customer Agreement.

2.3 In this DPA, unless the contrary intention appears:

the singular includes the plural and the plural includes the singular;
another grammatical form of a defined word or expression has a corresponding meaning;
a reference to legislation includes that legislation as amended or modified or re-enacted and includes any applicable regulations, instruments and determinations made it; and
a reference to any agreement, document or materials is to that agreement or document, or those materials, as amended, updated, novated, supplemented or replaced.

3. Scope of Processing

3.1 We will process Customer Data solely for the purpose of providing the FaultPilot platform and related services to the Customer in accordance with the Customer Agreement.

3.2 The Customer acknowledges that the types of Customer Data processed include:

personal information of Authorised Users (name, email address, job title, login credentials) and others;
uploaded technical documentation (service manuals, fault code references, maintenance procedures, wiring diagrams, parts lists);
operational data generated through use of the FaultPilot platform (fault logs, handover records, diagnostic history, usage patterns); and
diagnostic outputs generated by the AI diagnostic tooling.

3.3 Customer acknowledges that the Processing activities include:

storing and retrieving Customer Data;
breaking uploaded documents into chunks for indexing;
generating embeddings for semantic searching;
retrieving relevant sections to produce AI-assisted diagnostic responses; and
generating anonymised and aggregated data for platform improvement.

4. Our Obligations

4.1 We will:

process Customer Data only in accordance with the Customer Agreement and this DPA;
not use Customer Data for any purpose other than providing the FaultPilot platform to the Customer, except where data has been anonymised and aggregated in accordance with clause 8;
not sell, rent, or otherwise make Customer Data available to third parties, except as set out in this DPA;
implement and maintain appropriate technical and organisational security measures in accordance with clause 6; and
ensure that our personnel who have access to Customer Data are subject to appropriate confidentiality obligations; and
assist the Customer in meeting its obligations under the Privacy Act 1988 (Cth) in respect of any Personal Information it provides to us, to the extent reasonably practicable.

5. Customer Obligations

5.1 The Customer will:

ensure that it has obtained all necessary consents and authorisations for the collection and processing of Personal Information submitted to FaultPilot;
ensure that it holds all necessary rights, licences, and permissions required for any documentation uploaded to FaultPilot;
comply with all applicable privacy laws in connection with its use of FaultPilot; and
notify us promptly of any requests, complaints, or regulatory enquiries relating to Personal Information processed through FaultPilot.

6. Security Measures

6.1 We will implement and maintain the following security measures:

encryption of Customer Data in transit using TLS 1.2 or higher;
encryption of Customer Data at rest using AES-256;
role-based access controls restricting access to Customer Data to authorised personnel only;
logical isolation of each Customer's data so that it is not accessible by other organisations on the platform;
regular security reviews and maintenance of audit logs of system access;
multi-factor authentication for administrative access to production systems;
automated daily backups of Customer Data; and
incident detection and response procedures.

7. Sub-processors

7.1 The Customer consents to our use of the Sub-processors engaged by us as at the date of the Customer Agreement DPA (a list of our current Sub-processors will be provided on request).

7.2 We will notify the Customer at least 30 days prior to engaging any new Sub-processor or materially changing the processing activities of an existing Sub-processor.

7.3 If the Customer objects to a new Sub-processor on reasonable grounds relating to data protection, it must give notice of that objection and the grounds on which it objects within 14 days after our notice under clause 7.2. If the Customer gives notice under this clause, the parties must meet within 14 days to discuss the objection in good faith and acting reasonably. If the objection cannot be resolved within that 14 day period, the Customer may terminate the Customer Agreement on 14 days' notice. If the Customer does not give notice of its objection or notice of termination within the timing set out in this clause, it will be deemed to have accepted the new Sub-processor.

7.4 We will use our reasonable endeavours to ensure that each Sub-processor is bound by data protection obligations no less protective than those set out in this DPA.

8. Anonymised and Aggregated Data

8.1 We may use anonymised and aggregated data collected from the FaultPilot platform for the purposes of improving FaultPilot, marketing purposes, business planning, and developing new offerings and products.

8.2 Anonymised and aggregated data means data that has been processed such that it cannot, whether on its own or in combination with other data, be used to identify any individual or organisation.

8.3 No uploaded content is used to train AI models or shared outside the Customer's account.

9. Data Breach Notification

9.1 In the event of a Data Breach, we will:

notify the Customer without undue delay and in any event within 72 hours of becoming aware of the breach;
provide the Customer with sufficient information to enable the Customer to assess the nature and impact of the breach, including the types of data affected, the approximate number of individuals affected, and the measures taken or proposed to address the breach;
take all reasonable steps to contain and remediate the breach; and
cooperate with the Customer and any regulatory authority in relation to the investigation and resolution of the breach.

9.2 Notification of a Data Breach will be provided to the Customer's nominated contact by email and, where the severity of the breach warrants it, by telephone.

10. Data Location

10.1 Customer Data is primarily stored on secure cloud infrastructure in Australia (AWS ap-southeast-2, Sydney).

10.2 Some Processing activities, including AI model inference via OpenAI, involve the transfer of Customer Data to the United States. No Customer Data is retained by OpenAI after processing.

10.3 We will not transfer Customer Data to any jurisdiction outside Australia and the United States without the prior written consent of the Customer, such consent not to be unreasonably withheld or delayed.

11. Data Retention and Deletion

11.1 Customer Data will be retained and deleted in accordance with our Data Retention Policy, a copy of which is available here.

11.2 Upon termination or expiry of the Customer Agreement, Customer Data will be made available for export for a period of 30 days. After that period, Customer Data may be deleted in accordance with the Data Retention Policy.

12. Audit

12.1 Upon reasonable written request (no more than once per calendar year), we will provide the Customer with information reasonably necessary to demonstrate our compliance with this DPA.

12.2 Where a Customer requires an on-site audit, the parties will agree (acting reasonably and in good faith) on the scope, timing, confidentiality and security requirements, and cost of such audit in advance. If the Customer wishes to appoint a third party to conduct the audit on its behalf, that third party must be reasonably acceptable to us. The Customer will bear the reasonable costs (including our costs) of any on-site audit.

13. Liability

13.1 Liability arising under this DPA is subject to the limitations and exclusions of liability set out in the Customer Agreement.

14. Term

14.1 This DPA commences on the date the Customer enters into the Customer Agreement and continues for the duration of the Customer Agreement, including any period of data retention following termination or expiry.

15. Governing Law

15.1 This DPA is governed by the laws of Western Australia, Australia.

15.2 The parties submit to the non-exclusive jurisdiction of the courts of Western Australia for the resolution of any disputes arising under or in connection with this DPA.