Privacy Policy

1. Introduction

Aussie AI Agency Pty Ltd (ABN XX XXX XXX XXX) ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, AI receptionist services, dashboard, and related products (collectively, the "Services").

We comply with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable state and territory privacy legislation.

2. Information We Collect

We may collect the following types of personal information:

2.1 Information You Provide

• Contact details: name, email address, phone number, business name, and postal address
• Account information: login credentials and billing details
• Business information: industry, services offered, operating hours, and call handling preferences
• Communications: messages, feedback, and support requests you send to us

2.2 Information Collected via Our Services

• Call data: recordings, transcripts, caller phone numbers, call duration, and call outcomes
• Lead information: details captured during calls including names, phone numbers, email addresses, and enquiry details
• Appointment data: bookings made through our AI receptionist integrated with your calendar systems

2.3 Information Collected Automatically

• Device and browser information: IP address, browser type, operating system, and device identifiers
• Usage data: pages visited, features used, click patterns, and session duration
• Cookies and tracking technologies: as described in Section 7

3. How We Use Your Information

We use your personal information to:

• Provide, operate, and improve our AI receptionist services
• Process and manage your account, billing, and subscriptions
• Configure, train, and optimise your AI receptionist based on your business requirements
• Generate call transcripts, summaries, and analytics for your dashboard
• Communicate with you about your account, service updates, and support enquiries
• Send marketing communications where you have opted in to receive them
• Comply with legal obligations and resolve disputes
• Detect, prevent, and address fraud, abuse, and security issues

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service providers: hosting providers, payment processors, analytics tools, and CRM platforms that help us deliver our Services, all of whom are contractually bound to protect your data
• Integration partners: calendar, CRM, and communication tools you choose to connect, receiving only the data needed for integration
• Professional advisers: lawyers, accountants, and auditors where necessary
• Law enforcement: where required by law, court order, or government request
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to the acquiring party agreeing to equivalent privacy protections

5. Data Storage and Security

All data is stored on servers located in Australia to comply with local data sovereignty requirements. We employ industry-standard security measures including:

• Encryption in transit using TLS 1.3
• Encryption at rest using AES-256
• Regular security audits and penetration testing
• Role-based access controls and multi-factor authentication
• SOC 2 Type II compliance
• Automated backup and disaster recovery procedures

While we take all reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our Services. Specifically:

• Account data is retained for the duration of your subscription plus 30 days after cancellation
• Call recordings and transcripts are retained for 12 months unless you request earlier deletion or configure a different retention period
• Billing records are retained for 7 years to comply with Australian tax law
• Analytics data is retained in aggregated, de-identified form indefinitely

You can request deletion of your data at any time by contacting us. We will process deletion requests within 30 days, subject to our legal obligations.

7. Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience on our website. These include:

• Essential cookies: required for the website to function properly (session management, security)
• Analytics cookies: help us understand how visitors use our website (Google Analytics)
• Marketing cookies: used to deliver relevant advertisements and track campaign performance

You can control cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

8. Your Rights

Under Australian privacy law, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information (subject to legal obligations)
• Opt out of marketing communications at any time
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at privacy@aussieaiagency.com.au. We will respond to your request within 30 days.

9. Third-Party Links

Our website and Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

10. Google Calendar Integration & Third-Party API Data

Our Services allow you to connect third-party accounts, including Google Calendar, to enable features such as automated appointment booking by your AI receptionist.

10.1 Google Calendar

When you connect your Google Calendar, our application requests access to the calendar.events scope, which allows us to view and create events on your calendars. We use this access solely to:

• Create calendar events when a caller requests an appointment during an AI-handled phone call
• Check existing event times to avoid scheduling conflicts and double-bookings

What we store: We store only an encrypted OAuth refresh token that allows our system to create events on your behalf. We do not store, read, or export your calendar data, event details, attendee lists, or any other Google user data.

What we do not do:

• We do not share your Google data with any third party
• We do not use your Google data for advertising, profiling, or any purpose other than appointment booking
• We do not transfer your Google data to any AI model for training purposes

Revoking access: You can disconnect Google Calendar at any time from your Aussie AI Agency dashboard under Settings. You can also revoke access directly from your Google Account permissions page. Upon revocation, we immediately delete the stored refresh token.

Aussie AI Agency's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

10.2 Other Third-Party Integrations

We may offer integrations with other third-party services (e.g. CRM platforms, communication tools). For each integration, we only request the minimum permissions necessary and only access data required to provide the connected feature. You can disconnect any integration at any time from your dashboard.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and, where appropriate, via email. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy.