Privacy Policy

Last updated: 13 March 2026

1. Overview

CallMate Pty Ltd (ABN pending) ("we", "us", "our") operates the CallMate AI phone assistant service. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

This policy covers two categories of individuals:

  • Subscribers — business owners who use CallMate to manage their calls and appointments
  • Callers — customers of Subscribers who interact with the AI assistant via phone, SMS, or web chat

2. Information We Collect

From Subscribers

  • Account information: name, email address, password (hashed), business name, industry, address, phone number
  • Billing information: processed and stored by Stripe — we do not store credit card numbers
  • Business configuration: availability schedules, appointment types, service descriptions, AI greeting messages, voice preferences
  • Usage data: login activity, feature usage, dashboard interactions

From Callers

  • Contact information: name, phone number, email address (as provided during calls or SMS)
  • Call recordings: audio recordings of phone conversations with the AI assistant
  • Call transcripts: text transcriptions of phone conversations
  • SMS messages: content of SMS conversations with the AI assistant
  • Chat messages: content of web chat conversations with the AI assistant
  • Appointment data: booking details including date, time, service type, and notes

Automatically Collected

  • Device and browser information: IP address, browser type, operating system (for web dashboard users)
  • Analytics data: page views, feature usage, session duration (via Google Analytics)
  • Caller ID: phone number of incoming callers (provided by the telecommunications network)

3. How We Use Your Information

We use collected information to:

  • Provide the Service: answer calls, book appointments, send SMS confirmations, manage your business communications
  • Process payments: manage subscriptions and usage-based billing via Stripe
  • Improve the Service: analyse usage patterns, fix bugs, develop new features
  • Communicate with you: send service notifications, billing alerts, trial reminders, and support responses
  • Ensure security: detect fraud, abuse, and unauthorised access
  • Comply with law: meet legal obligations, respond to lawful requests from authorities

We do not use your data to train AI models. Call recordings and transcripts are used solely to provide the Service to you.

4. Third-Party Service Providers

We share data with the following third-party providers, solely to operate the Service:

Provider Purpose Data Shared
Twilio Phone number provisioning, voice calls, SMS delivery Phone numbers, call audio, SMS content
VAPI AI voice assistant processing Call audio, business configuration, appointment data
Stripe Payment processing, subscription management Business name, email, payment method (card details stored by Stripe only)
Google Calendar integration (optional) Appointment data (when calendar sync is enabled by Subscriber)
Resend Transactional email delivery Email addresses, notification content
Google Analytics Website and dashboard analytics Anonymised usage data, page views

Each provider operates under their own privacy policy and data processing agreements. We select providers that comply with applicable data protection standards.

5. Data Storage and Security

Storage location: Your data is stored on secure cloud servers. Some data may be processed or stored outside Australia by our third-party providers (Twilio, VAPI, and Stripe operate servers in the United States). By using the Service, you consent to this transfer.

Security measures:

  • All data transmitted between your browser and our servers is encrypted using TLS/SSL
  • Passwords are hashed using bcrypt and never stored in plain text
  • Database access is restricted and monitored
  • Payment card data is handled exclusively by Stripe (PCI DSS compliant) and never touches our servers
  • API authentication uses token-based access controls

While we implement reasonable security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Call Recording

Phone calls handled by the AI assistant are recorded and transcribed. These recordings are:

  • Accessible to the Subscriber via the CallMate dashboard
  • Used to provide call transcripts and conversation history
  • Stored securely and retained for the duration of the Subscriber's account
  • Not shared with any party other than the Subscriber and our telephony provider (Twilio/VAPI)

Subscribers are responsible for informing callers that calls are recorded, in compliance with applicable recording consent laws. The default AI greeting includes a recording disclosure.

7. Data Retention

  • Active accounts: Data is retained for the duration of your subscription
  • After cancellation: Data is retained for 90 days, then permanently deleted
  • Call recordings: Retained for the duration of the subscription, deleted 90 days after cancellation
  • Billing records: Retained for 7 years as required by Australian tax law
  • Server logs: Retained for up to 90 days for security and debugging purposes

You may request earlier deletion of your data by contacting us (see Section 11).

8. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct any inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Privacy Act

To exercise these rights, contact us at hello@callmate.au. We will respond within 30 days.

9. Cookies and Tracking

Our marketing website and dashboard use cookies for:

  • Essential cookies: authentication tokens, session management (required for the Service to function)
  • Analytics cookies: Google Analytics to understand how visitors use our website (can be blocked by your browser)

We do not use cookies for advertising or cross-site tracking.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Service dashboard at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

CallMate Pty Ltd
Email: hello@callmate.au

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.