AI agent development for Australian teams that need agents to actually work.

Yes — Australia is one of our better overlap windows. Indian Standard Time is UTC+5:30, AEDT is UTC+11, so our 9:30am IST is your 3pm AEDT — that gives roughly a four-hour afternoon overlap with Sydney, Melbourne, and Brisbane working days every weekday. For Perth (AWST, UTC+8), the overlap is even stronger — our 9:30am IST is your noon AWST, giving most of an afternoon together. Daily standups and twice-weekly agent demos run inside your business hours. Written async updates with eval-run numbers land before your morning standup. For engagements that need synchronous morning coverage as well, we can extend to early IST starts on a planned cadence — but it is rarely required.

Our engagement defaults are aligned with the Privacy Act 1988 and the 13 Australian Privacy Principles. DPAs are signed before any personal information is shared, and we run a Privacy Impact Assessment for engagements processing personal information at scale or involving sensitive information. For APP 8 (cross-border disclosure of personal information), we explicitly map the data flow — your DPA spells out exactly where the agent's personal information is processed and which third-party endpoints (if any) receive it. For state-level health privacy law (HRIP NSW, HRA VIC, IP ACT QLD), we layer those controls on top of the federal Privacy Act baseline. Every agent model call, tool call, and tool result is audit-logged so the responsible officer has the evidence required for an OAIC inquiry.

No — Aiinfox itself does not currently hold an IRAP (Information Security Registered Assessors Program) assessment, and we will not pretend otherwise. We are a foreign engineering provider, not an Australian-hosted SaaS, so IRAP assessment of our own platform is not the relevant control. What we do for federal and defence-adjacent clients is structure the engagement so the agent runs inside the customer's existing IRAP-assessed environment (typically AWS Australia or Azure Australia Central at PROTECTED classification); our engineers connect over a privileged-access path the customer's security team controls. If your engagement requires our own IRAP assessment, we will say so on the first call and recommend an Australian provider that holds one.

Your call. We default to AWS ap-southeast-2 (Sydney), AWS ap-southeast-4 (Melbourne), Azure Australia East (Sydney), Azure Australia Central (Canberra) for federal-adjacent work, or GCP australia-southeast1 (Sydney) / australia-southeast2 (Melbourne). For LLM inference, we pin Claude or GPT-4o to an Australian or US region depending on what your DPA permits under APP 8, or we self-host Llama 3 on vLLM inside your Australian VPC for zero overseas inference. Tool calls hit your APIs, not a vendor proxy. No personal information silently leaves Australia unless your DPA explicitly permits it.

DPAs aligned with Privacy Act 1988 obligations on APP entities, NDAs (mutual, before any technical detail is shared), MSAs for ongoing relationships, and per-project SOWs for fixed-price agent builds. The NDB scheme breach playbook is referenced in the DPA and gets a tabletop in week one. Cross-border processing of personal information is covered by Schedule 4 spelling out the safeguards in place under APP 8. Legal turnaround is usually one to two weeks depending on your privacy officer and procurement review cadence; we work from your legal team's MSA template or provide ours. Aiinfox Pvt. Ltd. is a registered Indian entity invoicing Australian clients in AUD or USD via bank transfer — GST does not apply on B2B services supplied from India to Australia under the general rule, but your tax adviser should confirm against your situation.

Most v1 agent engagements at Aiinfox land between AUD $45,000 and AUD $190,000 fixed-price for a focused build — a multi-step SaaS agent, a voice agent, a healthcare patient-inquiry agent, or a fintech compliance copilot. Larger multi-quarter engagements with custom evals, IRAP-boundary integration work, and a regulated platform integration typically reach AUD $230,000 to AUD $400,000. The cost difference versus a Sydney or Melbourne AI consultancy lands roughly 30 to 50 percent lower on senior rates — useful, but the headline is the delivery model: senior engineers only, fixed-price six-week scopes, overrun cost on us if we miss. The Australian senior-engineering market is small and tight; we exist to fill the gap between expensive boutiques and unstaffed agencies.

Yes — agent takeover audits are routine. Step one is reading the agent code, the tool schemas, the prompt stack, the eval results (if any), and the cost telemetry. Step two is shipping the smallest valuable change to prove we understand the system — usually adding the refusal layer, the eval harness, or the NDB breach playbook the previous vendor skipped. Step three is the longer-term rebuild plan if one is needed. Most agent takeovers we see did not need a rewrite; they needed typed tool calls, evals, a refusal layer, and a senior engineer on the build. We will be honest on the first call about which category your project lands in.

Three layers, none of them optional. First, every tool is typed against a JSON schema and the agent's call is validated before execution — a malformed argument is rejected, not coerced. Second, a refusal layer fires when retrieval confidence drops below threshold, when input matches a red-team injection pattern, or when the tool call falls outside the agent's allowlist for the current user role. Third, destructive actions (write to a customer record, charge a card, send a regulated communication, transact under an AFSL) require either a human-in-the-loop approval or a second-model verification step. Every model call, tool call, and tool result is audit-logged — exportable for an OAIC inquiry, APRA examination under CPS 230, or internal compliance review.