Privacy Policy
This Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It covers the personal information of our customers, website visitors, and the individuals our customers’ AI voice agents interact with (“call participants”).
1. The personal information we collect
- Account & billing: name, business name, email, phone, and billing details of customer users.
- Lead & contact data: the names, phone numbers, emails, and enquiry details our customers upload or receive.
- Call data: call audio recordings, transcripts, call metadata (time, duration, outcome), and information provided during a call.
- Usage & technical: log data, device/browser information, and cookies (see clause 9).
Some call data may include sensitive information (as defined in the Privacy Act) if a call participant volunteers it. We ask customers not to configure agents to solicit sensitive information without a lawful basis and consent.
2. How we collect it
We collect information directly from customers, from website interactions, and — for call participants — through calls made or received by the Service on a customer’s behalf. Where we collect personal information about an individual from our customer, the customer is responsible for having a lawful basis to provide it to us.
3. Why we use it (purposes)
- to provide, operate, secure, and support the Service;
- to place and handle calls, generate transcripts, scores, bookings, and analytics for the relevant customer;
- to bill, prevent fraud and misuse, and meet legal obligations; and
- to improve the Service. We do not sell personal information.
4. Our role: controller and processor
For account, billing, and website data we act as the entity that decides how the information is handled. For lead and call data processed on a customer’s behalf, the customer determines the purposes and we act as a processor under our Data Processing Agreement; call participants should direct requests about that data to the relevant customer.
5. Disclosure and sub-processors
We disclose personal information to service providers who help us run the Service, including voice/AI processing, telephony, cloud hosting, and analytics vendors, bound by confidentiality and data-protection obligations. A current list of sub-processors is available at [sub-processors URL / on request]. We may also disclose information where required by law.
6. Overseas disclosure (APP 8)
We aim to host and process data in Australia. Some sub-processors may store or process data overseas in [countries]. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it consistently with the APPs.
7. Security and retention
We take reasonable steps to protect personal information using access controls, encryption in transit, and role-based permissions. No system is completely secure. We retain personal information only as long as needed for the purposes above or as required by law, then delete or de-identify it. Customers can configure do-not-call and data-deletion controls in-product.
8. Access, correction, and complaints (APP 12 & 13)
You may request access to, or correction of, the personal information we hold about you by contacting us. We will respond within a reasonable period. If you have a complaint about how we handle personal information, contact our Privacy Officer at [privacy email]. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
9. Cookies
Our website uses cookies and similar technologies for essential functionality, preferences (such as light/dark theme), and analytics. You can control cookies through your browser settings; disabling some may affect functionality.
10. Data breaches
We maintain a data breach response plan and will notify affected individuals and the OAIC where required under the Notifiable Data Breaches scheme.
11. Changes to this Policy
We may update this Policy from time to time. The current version is always available on our website with its effective date.
12. Contact us
Privacy Officer, [Company legal name] — [privacy email], [postal address].