Trust & Safety

Trust & Safety at Totii.ai

Totii.ai is used by people across every stage of life and every level of technical ability — from high-school students participating in research programs, to elderly grandparents preserving their stories for future generations, to busy professionals who’ve never had time to learn a new tool, to community members who speak English as a second language. Some of these people are highly capable with technology. Many are not. Some are in vulnerable situations. All of them deserve a platform that is safe, respectful, accessible, and designed with them in mind — not just for the technically confident.

This page sets out how we protect every person who interacts with Totii, across every deployment type — enterprises, small businesses, communities, and individuals.

Effective as of 14 August 2025

1. Our commitment

Safety at Totii is not a feature. It is a design principle that governs how we build, operate, and monitor the platform.

We are committed to:

  • Protecting the privacy, dignity, and safety of every person who interacts with Totii — regardless of their age, ability, technical skill, language, culture, or circumstances.
  • Making the platform genuinely accessible to people with disabilities, people who are not comfortable with technology, and people who speak languages other than English.
  • Providing specific, additional protections for people who may be more vulnerable to harm — including children, elderly users, people with cognitive impairments, and people in crisis situations.
  • Ensuring our AI technology is used ethically, responsibly, and in accordance with Australian law.
  • Providing transparent policies, accessible reporting pathways, and meaningful enforcement.

2. Who this applies to

This Trust & Safety policy applies to:

  • Totii for Enterprises — organisations using Totii as a private knowledge platform for employees and teams.
  • Totii for Small Business — professionals and business owners using Totii to serve clients, automate workflows, and share knowledge through conversational assistants and avatars.
  • Totii for Communities — cultural associations, neighbourhood groups, service clubs, and member organisations running private community hubs.
  • Totii for Individuals — people preserving their personal wisdom, stories, and voice for family and chosen recipients.
  • All end users — anyone who interacts with a Totii-powered assistant, regardless of age, ability, or technical experience.
  • All Totii staff, contractors, and partners.

3. Compliance and standards

Totii’s operations align with the following Australian and international standards:

  • Privacy Act 1988 (Cth) and the Australian Privacy Principles — see our Privacy Policy.
  • National Principles for Child Safe Organisations — Australian Human Rights Commission.
  • Commonwealth Child Safe Framework — Australian Government.
  • Web Content Accessibility Guidelines (WCAG) 2.1 — the international standard for digital accessibility, which we reference in our platform design.
  • Disability Discrimination Act 1992 (Cth) — our obligations to provide accessible services in Australia.
  • Age Discrimination Act 2004 (Cth) — our obligations not to discriminate against users on the basis of age.
  • SOC 2 Type 2 — independently audited security controls maintained by our key service partners.
  • IRAP assessment at PROTECTED level — our default Australian cloud infrastructure (Microsoft Azure).
  • Encryption standards — TLS 1.2+ on every connection, AES-256 at rest, HSM-backed key management.

All customer data is hosted locally in the customer’s chosen region. In its default Australian configuration, all data remains within Australian data centres. Your data is never used to train AI models. See our Privacy Policy for the full data-handling framework.

4. Safety for everyone — our approach

Different people face different risks when they use technology. A 14-year-old student, a 78-year-old grandparent, a recently arrived migrant, and a vision-impaired professional all need different things from a safety framework. We do not treat “safety” as a one-size-fits-all checkbox. We design for each group specifically.

The sections below cover our approach for each group. The controls described are built into the platform by default — they do not require customers to configure them manually.

5. Child Safe Policy

Totii.ai is committed to the safety and wellbeing of all children and young people who interact with our platform — whether through educational programs, community hubs, family legacy accounts, or any other deployment. A child or young person is anyone under the age of 18.

5.1. Framework

This policy reflects our commitment to:

5.2. Principles

  1. Child safety is embedded in leadership, governance, and culture. Every person at Totii — staff, contractors, and partners — is responsible for maintaining a child-safe environment.
  2. Children and young people are valued and treated fairly regardless of ethnicity, culture, sex, gender, religion, disability, socioeconomic background, or any other characteristic.
  3. Children and young people are listened to. Concerns raised by children or their families are taken seriously and acted upon.
  4. Children and young people know what to do if they feel unsafe. The platform provides clear, age-appropriate guidance and exit controls.
  5. Safety by design. Default settings collect no personal information from children, never activate the camera, enforce maximum AI safety filters, and provide a visible exit control at all times.
  6. Third parties held to the same standard. Customers deploying Totii with children must comply with this policy and have their own safeguarding procedures in place.

5.3. Platform safeguards for children

  • No personal information collected by default. No names, emails, passwords, or any other personal data from children unless the deploying organisation has specifically opted in for a documented purpose.
  • Camera never activated. In Avatar Mode, only the microphone is used.
  • One-to-one and private. No other student, user, teacher, or administrator can see the live conversation.
  • Maximum AI safety filters across every harm category — sexually explicit material, hate speech, harassment, violence, and dangerous content. These cannot be overridden by end users.
  • Locked mentor persona. The AI refuses inappropriate content, redirects off-topic conversations, and does not engage in personal, romantic, or age-inappropriate dialogue.
  • Session time limits. Avatar Mode sessions are capped at a maximum duration. An “End Session” button is available at all times.
  • Rate limiting. Rapid or abusive query patterns are throttled automatically.
  • Safeguarding escalation. Concerning interactions can be flagged and escalated to the organisation’s nominated safeguarding contact, where enabled.
  • All Totii staff, contractors, and partners who may have contact with children or young people — directly or through the platform — are required to hold a current Working with Children Check (or equivalent) as required by the relevant state or territory.
  • All staff are trained on child safety obligations, recognition of warning signs, and reporting procedures.

5.5. Reporting concerns about children

If you are a child or young person and something makes you feel uncomfortable or unsafe:

  • Click the “End Session” button to stop the conversation immediately.
  • Tell a parent, teacher, or trusted adult.
  • Ask a trusted adult to contact us at [email protected]

If you are an adult and you have concerns about the safety of a child:

  • Email us at [email protected]
  • If a child is in immediate danger, contact the police (000) or your state/territory child protection authority.

All child-safety concerns are treated seriously, handled confidentially, and escalated to the relevant authorities where required by law.

5.6. Review

This Child Safe Policy is reviewed every 12 months and updated as required. Feedback is welcome at [email protected]

6. Elder safety and protection of older users

Many Totii users are older adults — grandparents preserving their legacy, retired community leaders offering guidance, or elderly community members accessing services for the first time. Older users may face specific risks that younger, more digitally experienced users do not, including susceptibility to scams, confusion around consent and data sharing, isolation, and difficulty navigating unfamiliar technology. We take these risks seriously.

6.1. Design for older users

  • Simple, conversational interface. Totii works through natural conversation — chat or voice — not through menus, dashboards, or complex settings. An older user does not need to learn a new tool. They just talk.
  • Voice-first interaction. Avatar Mode allows users to speak naturally without needing to type, navigate, or read small text. This is especially important for users with limited keyboard skills, arthritis, low vision, or unfamiliarity with digital devices.
  • Clear exit controls. The “End Session” button is always visible and clearly labelled. The user is always in control of when the conversation stops.
  • No pressure or urgency. Totii never creates artificial urgency, countdown timers, limited-time offers, or pressure to make decisions quickly. The assistant waits patiently for the user, responds at their pace, and never rushes them.
  • No upselling or manipulation. The assistant never attempts to sell products, solicit donations, extract financial information, or push the user toward commercial decisions unless the deploying organisation has specifically configured it for a legitimate, transparent purpose.

6.2. Protection from exploitation

  • Scam and manipulation resistance. The AI persona is locked into its configured role and cannot be manipulated by third parties to deliver scam content, phishing attempts, or social-engineering attacks through the conversation.
  • No financial transactions. Totii does not process payments, collect credit card numbers, or handle financial transactions through the chat or avatar interface. If a deployment involves commercial services, the user is directed to the organisation’s own secure payment process outside of Totii.
  • No unsolicited data collection. The platform never asks an older user for personal information (date of birth, Medicare number, banking details, government identifiers) unless the deploying organisation has specifically configured a transparent, consent-based collection process for a documented purpose.
  • Trusted contact safeguards. In Totii for Individuals (Legacy Mode), the account holder nominates a designated executor or trusted contact. We verify evidence of death before engaging Legacy Mode and do not act on the request of any family member alone unless they are the designated executor. This protects against elder exploitation and unauthorised access to a vulnerable person’s account.

6.3. Support for carers and families

We recognise that many older users are supported by family members, carers, or community organisations. Where a carer helps an older person use Totii:

  • The carer should set up the account and walk through the interface with the older person before leaving them to use it independently.
  • The deploying organisation (community hub, professional practice, etc.) can configure the assistant to provide extra guidance, simpler language, and slower-paced interactions.
  • The older person’s privacy is still protected. A carer does not automatically have access to the older person’s conversations. Access is governed by the privacy tiers and permissions the account holder (or deploying organisation) has set.

7. Accessibility

Totii is built to be usable by people with a wide range of abilities. Accessibility is not a feature we add at the end — it shapes how we design the interface, the conversation flow, and the avatar experience from the start.

7.1. Our accessibility commitments

  • We design and test the platform with reference to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standard.
  • We meet our obligations under the Disability Discrimination Act 1992 (Cth) to provide accessible services.
  • We actively seek feedback from users with disabilities and their advocates to improve the platform.

7.2. What we do for specific needs

Vision impairment and blindness

  • Chat Mode supports screen readers. We test with commonly used assistive technologies.
  • Avatar Mode is fully usable without visual input — the user speaks and listens. No screen interaction is required to have a complete conversation.
  • Text sizes, colour contrast, and layout follow WCAG AA guidelines.
  • We avoid communicating information through colour alone.

Hearing impairment and deafness

  • Chat Mode provides a fully text-based experience that does not require hearing.
  • Where Avatar Mode is used, the conversation is also available in text form through the session context.

Motor and physical disabilities

  • Avatar Mode allows full interaction through voice only — no keyboard, mouse, or touchscreen required.
  • Chat Mode supports keyboard navigation.
  • Interactive elements (buttons, inputs, links) are designed to meet minimum touch-target sizes.

Cognitive and learning disabilities

  • The conversational interface uses plain language by default. The AI responds in clear, simple sentences and avoids jargon unless the deployment is specifically configured for a technical audience.
  • Totii never creates time pressure, disappearing content, or complex multi-step processes.
  • Users can ask the same question multiple times or rephrase it. The assistant responds patiently every time.
  • Deploying organisations can configure the assistant to use shorter responses, simpler vocabulary, and more structured guidance.

7.3. Reporting accessibility issues

If you encounter an accessibility barrier on the Totii platform, please let us know at [email protected] .We take accessibility reports seriously and aim to address them promptly.

8. Language and cultural safety

Totii serves diverse communities — including migrant and diaspora communities, First Nations communities, and multilingual households. Language and cultural barriers can create real safety risks: a person who doesn’t fully understand what they’re consenting to, or who feels culturally excluded by the way a system speaks to them, is not a safe user.

8.1. Language support

  • Totii supports conversations in 100+ languages. The assistant can detect the user’s language and respond accordingly.
  • Where a community or organisation serves members who speak a specific language, the deployment can be configured to default to that language.
  • Consent messages, session controls (“End Session”), and safety guidance are presented in the user’s language where technically possible.

8.2. Cultural respect

  • Totii’s AI is configured to be respectful of cultural, religious, and community norms. It does not impose a single cultural perspective.
  • For community deployments serving specific cultural groups, the assistant’s tone, language, and examples can be adapted to reflect the community’s values and communication style.
  • Content uploaded by community admins is verified before it becomes available. No unvetted, culturally inappropriate, or divisive content is surfaced to members.

8.3. First Nations communities

Totii acknowledges the Traditional Owners of the land, sea, and waters of the areas where we live and work. Where Totii is deployed in partnership with Aboriginal and Torres Strait Islander communities, we work with community leaders to ensure the platform is culturally appropriate, that community knowledge is handled with respect, and that content governance is led by the community itself.

9. Digital literacy and support for non-technical users

Many Totii users have never used a conversational AI before. Some have limited experience with computers, smartphones, or the internet. Totii is designed so that technical inexperience is never a barrier to safety.

  • No setup required for end users. End users (employees, clients, community members, family recipients) do not need to install software, create accounts, configure settings, or learn a new tool. They open a link and start talking.
  • Conversation as interface. The primary interaction model is natural conversation — typing or speaking. There are no menus to navigate, no settings to find, no workflows to follow.
  • Forgiving of mistakes. Users can misspell words, ask incomplete questions, change topics mid-conversation, or say “I don’t understand.” The assistant handles all of this gracefully without error messages, dead ends, or confusion.
  • No penalty for not knowing. The assistant never makes a user feel ignorant for asking a basic question. Whether someone asks “What is a PDF?” or “How do I use this?” — the answer is always patient, respectful, and helpful.
  • Session controls are obvious. The “End Session” button is always visible, always labelled in plain language, and always works immediately. No confirmation dialogs, no “are you sure?” prompts.
  • No dark patterns. Totii never uses manipulative design — no hidden consent, no pre-ticked checkboxes, no confusing opt-out flows, no pressure tactics. What you see is what you get.

10. Protection of vulnerable persons

Some Totii users may be in vulnerable situations — due to age, illness, disability, grief, social isolation, financial hardship, domestic violence, mental health difficulties, or other circumstances. While Totii is not a crisis service and does not replace professional support, we design the platform to avoid making vulnerable situations worse and — where possible — to guide people toward appropriate help.

  • No harmful advice. The AI never provides medical diagnoses, legal advice, financial recommendations, or crisis counselling. Where a question falls outside the assistant’s configured scope, it clearly states its limitations and, where appropriate, suggests the user contact a qualified professional or relevant service.
  • No exploitation. The platform never attempts to extract personal information, financial details, or commitments from a user who may not fully understand what they are agreeing to.
  • No emotional manipulation. The AI is warm, patient, and respectful — but it does not simulate a personal relationship, create emotional dependency, or pretend to be a human. Users are always aware they are talking to an AI.
  • Crisis recognition (where enabled). Deploying organisations can configure the assistant to recognise language patterns that may indicate a user is in distress (self-harm, suicidal ideation, domestic violence) and respond with gentle, non-judgmental guidance toward relevant services — such as Lifeline (13 11 14), 1800RESPECT (1800 737 732), or Kids Helpline (1800 55 1800). This feature is opt-in and must be configured responsibly by the deploying organisation.
  • Privacy of vulnerable users. Conversations are always private and one-to-one. No other user, admin, or family member can see a live conversation unless the deploying organisation has specifically configured transparent monitoring for a documented safeguarding purpose.

11. AI safety controls

Totii uses AI to generate responses from the customer’s own knowledge base. AI introduces specific risks — hallucination, inappropriate content, prompt manipulation — and we apply the following controls across every deployment.

  • Maximum safety filters. All AI models are configured with the strictest available safety filters across every harm category: sexually explicit content, hate speech, harassment, violence, self-harm, and dangerous content.
  • Locked system prompts. The AI persona is locked into its defined role. End users cannot override the system prompt, jailbreak the persona, or force the AI to act outside its configured boundaries.
  • Knowledge-grounded responses. Totii answers from the customer’s uploaded knowledge base — not from the open internet or the model’s general training data. This reduces hallucination and keeps responses grounded in verified, customer-approved content.
  • Off-topic redirection. If a user attempts to steer the conversation outside the assistant’s scope, the AI redirects the conversation back to its purpose.
  • Rate limiting. Rapid or abusive query patterns are throttled automatically.
  • No AI model training on customer data. All providers are contractually bound not to train models on customer content.
  • Response length and complexity controls. Responses are capped at appropriate lengths for the deployment context, including shorter, simpler outputs for educational, youth-facing, and elder-facing settings.

12. Content moderation policy

This section sets out what content is and is not permitted on the Totii platform. It applies to all customers and all end users, across every deployment type. Violations may result in content removal, access suspension, account termination, or referral to authorities.

12.1. Prohibited content

The following content may never be generated, uploaded, shared, or facilitated through the Totii platform:

  • Child safety violations. Any content involving minors in abuse, exploitation, solicitation, trafficking, nudity, or sexualisation. Zero-tolerance policy for CSAM. All incidents reported to the Australian Federal Police and relevant state/territory authorities.
  • Elder abuse and exploitation. Content designed to manipulate, defraud, coerce, or exploit elderly or cognitively impaired users.
  • Violence and criminal behaviour. Content promoting, inciting, or glorifying violence, terrorism, or criminal activity.
  • Hate speech. Content attacking individuals or groups based on race, ethnicity, religion, gender, sexual orientation, disability, age, national origin, or any other protected characteristic.
  • Bullying and harassment. Content targeting individuals with threats, intimidation, doxxing, or sustained hostile behaviour.
  • Self-harm and suicide. Content that promotes, instructs, or glorifies suicide, self-harm, or eating disorders.
  • Sexual content. Sexually explicit material, except in documented clinical, educational, or health-related contexts with appropriate labelling and access controls.
  • Fraud and scams. Content promoting scams, phishing, financial fraud, identity theft, or the sale of stolen goods or personal information.
  • Misinformation and disinformation. Deliberately false or misleading claims about elections, public health, civic processes, or safety.
  • Intellectual property violations. Content that infringes copyright, trademarks, or other intellectual property rights.
  • Restricted goods and services. Promotion of illegal drugs, weapons, commercial sex services, unlicensed gambling, or trade in endangered species.
  • Impersonation. Creating avatars or personas that impersonate real individuals without their written consent.
  • Discrimination. Content that unlawfully discriminates against users on the basis of age, disability, race, sex, or any characteristic protected under Australian law.

12.2. Conditional content

  • Educational content on sensitive topics is permitted if respectful, factual, clearly labelled, age-appropriate, and not targeted at minors or vulnerable users without appropriate context.
  • Religious content is permitted if respectful and not used to promote division or hatred.
  • Political content is permitted in civic-education or community-information contexts, provided it does not promote hatred, misinformation, or illegal activity.
  • Health and medical information is permitted if accurate, clearly identified as general information (not medical advice), and accompanied by guidance to consult a qualified professional.

12.3. Avatar-specific rules

  • Consent. All avatars depicting a real person require explicit, written consent. The person can request removal at any time.
  • No minors. Avatars may not represent anyone under 18.
  • No prohibited imagery. Avatars must not display illegal, defamatory, sexually explicit, violent, threatening, hateful, or deceptive imagery.
  • Removal requests. Email [email protected]. Actioned within 5 business days.

13. Enforcement

13.1. How we monitor

We use a combination of automated moderation (machine-learning-powered scanning and real-time AI safety filters) and human review (trained moderators reviewing flagged content).

13.2. Reporting a concern

If you encounter content or behaviour on the Totii platform that you believe violates this policy, email [email protected] with a description of the content, the issue, and your contact details.

13.3. Actions we may take

Depending on the severity, Totii may: remove the content, prevent its generation, notify the user or deploying organisation, suspend or terminate access, or report to authorities — including the Australian Federal Police, state/territory child protection authorities, the eSafety Commissioner, or the OAIC.

13.4. Appeals

Users and customers may appeal an enforcement decision by emailing [email protected] Appeals are reviewed by a different moderator where possible. We aim to respond within 10 business days.

14. Customer obligations

Every customer who deploys Totii is responsible for how their deployment is used:

  • Comply with this policy, our Privacy Policy, and our Terms and Conditions.
  • Comply with applicable Australian law, including privacy, anti-discrimination, and — where children are involved — child protection legislation.
  • Maintain safeguarding procedures if the deployment involves children, elderly users, or other vulnerable groups.
  • Ensure accessibility of the content they upload. If a customer’s knowledge base uses complex jargon, acronyms, or technical language, and the end users include people with limited literacy or cognitive disabilities, the customer should provide plain-language versions.
  • Honour avatar consent and removal requests.
  • Report incidents promptly — including suspected policy violations, safeguarding concerns, and data breaches.

15. Responsible AI

  • Transparency. We tell customers which AI models power their deployment, where they are hosted, and what safeguards are applied. Responses are never disguised as human-generated.
  • Human oversight. AI provides guidance and information — it does not make binding decisions, give medical diagnoses, provide legal advice, or replace human professionals.
  • Bias mitigation. We configure and test AI responses to minimise bias across gender, race, culture, age, disability, religion, and other characteristics.
  • Accountability. If our AI causes harm, we take responsibility, investigate, and fix it.

16. Incident response

When a safety or security incident occurs:

  1. Contain — isolate the affected system, user, or content.
  2. Assess — determine scope, severity, and impact.
  3. Notify — inform affected customers and users per the Notifiable Data Breaches scheme and any child-safety or vulnerable-persons reporting obligations.
  4. Remediate — fix the root cause and implement controls to prevent recurrence.
  5. Review — conduct a post-incident review and update policies, training, or technical controls.

For incidents involving children, we additionally notify the relevant state/territory child protection authority and, where applicable, the Australian Federal Police. For incidents involving elder abuse or exploitation of vulnerable persons, we notify the relevant state/territory authorities.

17. Updates to this policy

We may revise this Trust & Safety policy from time to time. Changes take effect on the date published. Material changes are communicated to customers via email or in-platform notification. We encourage all users and customers to review this page periodically.

18. Contact

We welcome feedback on our trust and safety practices. You can reach us at:

Platform owner: Mr and Mrs Cloud Pty Ltd — ABN 77 613 464 136
Technology partner: Shine Me Pty Limited — ABN 22 688 961 257 / ACN 688 961 257