Privacy Policy

This Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It covers the personal information of our customers, website visitors, and the individuals our customers’ AI voice agents interact with (“call participants”).

1. The personal information we collect

Some call data may include sensitive information (as defined in the Privacy Act) if a call participant volunteers it. We ask customers not to configure agents to solicit sensitive information without a lawful basis and consent.

2. How we collect it

We collect information directly from customers, from website interactions, and — for call participants — through calls made or received by the Service on a customer’s behalf. Where we collect personal information about an individual from our customer, the customer is responsible for having a lawful basis to provide it to us.

3. Why we use it (purposes)

4. Our role: controller and processor

For account, billing, and website data we act as the entity that decides how the information is handled. For lead and call data processed on a customer’s behalf, the customer determines the purposes and we act as a processor under our Data Processing Agreement; call participants should direct requests about that data to the relevant customer.

5. Disclosure and sub-processors

We disclose personal information to service providers who help us run the Service, including voice/AI processing, telephony, cloud hosting, and analytics vendors, bound by confidentiality and data-protection obligations. A current list of sub-processors is available at [sub-processors URL / on request]. We may also disclose information where required by law.

6. Overseas disclosure (APP 8)

We aim to host and process data in Australia. Some sub-processors may store or process data overseas in [countries]. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it consistently with the APPs.

7. Security and retention

We take reasonable steps to protect personal information using access controls, encryption in transit, and role-based permissions. No system is completely secure. We retain personal information only as long as needed for the purposes above or as required by law, then delete or de-identify it. Customers can configure do-not-call and data-deletion controls in-product.

8. Access, correction, and complaints (APP 12 & 13)

You may request access to, or correction of, the personal information we hold about you by contacting us. We will respond within a reasonable period. If you have a complaint about how we handle personal information, contact our Privacy Officer at [privacy email]. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

9. Cookies

Our website uses cookies and similar technologies for essential functionality, preferences (such as light/dark theme), and analytics. You can control cookies through your browser settings; disabling some may affect functionality.

10. Data breaches

We maintain a data breach response plan and will notify affected individuals and the OAIC where required under the Notifiable Data Breaches scheme.

11. Changes to this Policy

We may update this Policy from time to time. The current version is always available on our website with its effective date.

12. Contact us

Privacy Officer, [Company legal name][privacy email], [postal address].