Privacy Policy
Last updated: April 2026
Amily AI (ABN: 86 758 863 858)
A sole-trader business registered in Victoria, Australia.
Contact: [email protected]
Website: https://amily.ai
Our registered business details (including the name of the sole trader and principal place of business) are publicly available on the Australian Business Register.
Amily AI is committed to protecting your personal information. This privacy policy explains how we collect, use, disclose, and store your personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Privacy and Other Legislation Amendment Act 2024.
1. What Personal Information We Collect (APP 1, APP 3)
We collect the following types of personal information depending on how you interact with us:
When you contact us or submit a form
- Name
- Email address
- Phone number
- Business name and type
- Details about your inquiry or the service you are interested in
When you call a business that uses our AI receptionist service
- Voice recordings of the call
- Transcripts of the call generated by our AI system
- Phone number you called from
- Date, time, and duration of the call
- Information you provide during the call (such as your name, contact details, and reason for calling)
When you use a business that uses our review management service
- Your Google Business Profile review content
- Your publicly visible name associated with the review
- Sentiment and keywords extracted from your review by our AI system
When you visit our website
- Standard web analytics data (pages visited, time on site, referral source)
- Information you submit through forms on our website
When you become a client
- Business registration details (ABN, business name)
- Billing information processed through Stripe (we do not store your full card details)
- Google Business Profile account data (for review management clients)
- Service configuration preferences
2. How We Collect Your Information (APP 3, APP 5)
We collect personal information:
- Directly from you -- when you fill out a form on our website, call us, email us, or sign up for a service
- From callers to our clients' AI receptionist -- when you call a business that uses our AI phone answering service, we collect call recordings and transcripts through our AI platform
- From publicly available sources -- we access Google Business Profile reviews that are publicly visible, on behalf of our clients
- From third-party service providers -- Stripe (payment processing), Tally.so (form submissions), and Google (Business Profile data)
We notify you at or before the time of collection. For phone calls handled by our AI receptionist, callers are informed at the start of each call that the call may be recorded and processed by an AI system.
3. Why We Collect Your Information (APP 6)
We collect and use your personal information for the following purposes:
- To provide our AI receptionist, review management, and consulting services
- To respond to your inquiries and communicate with you
- To process payments and manage billing
- To route and handle phone calls on behalf of our clients
- To generate AI-drafted responses to Google reviews on behalf of our clients
- To schedule appointments and manage bookings
- To improve our services and develop new features
- To comply with legal obligations
We do not sell your personal information to third parties. We do not use your personal information for direct marketing to unrelated third parties.
4. Anonymity and Pseudonymity (APP 2)
Where it is lawful and practical, you may interact with us without identifying yourself or by using a pseudonym. However, if you choose not to provide certain personal information, we may not be able to provide you with the services you have requested.
For callers to our AI receptionist service, we collect the phone number automatically through the telephone network. You are not required to provide your name during the call, although doing so may be necessary for booking or callback purposes.
5. Voice Recordings and Transcripts
This section is important -- please read it carefully.
When you call a business that uses our AI receptionist service, your call is handled by an artificial intelligence system, not a human receptionist. The AI system is powered by ElevenLabs Conversational AI's voice platform.
What happens during a call
- You are informed at the start of the call that the call may be recorded and processed by AI
- The call is recorded and transcribed in real time
- The AI system makes decisions about how to handle your call (such as booking an appointment, providing information, or escalating to a human)
- A summary of the call is sent to the business owner
How recordings are stored
- Call recordings and transcripts are stored securely on ElevenLabs Conversational AI's platform (located in the United States -- see Section 8 on cross-border transfers)
- Recordings are accessible to the business owner who subscribes to our service
- Recordings are retained for the period described in Section 11 (Data Retention)
Your rights regarding recordings
- You may request access to your call recording or transcript
- You may request deletion of your recording
- You may request that future calls not be recorded (the business may then need to handle your call manually)
To make any of these requests, contact us at the details listed at the top of this policy.
6. Automated Decision-Making Disclosure
This section is provided in accordance with the Privacy and Other Legislation Amendment Act 2024.
Australian privacy law requires us to disclose when we use automated systems that make or assist in making decisions that may affect you. This disclosure requirement takes full effect by December 2026.
We use AI systems that make, or substantially assist in making, decisions that may affect the services you receive. These automated processes include:
- Call routing and response decisions -- Our AI receptionist determines how to handle your call based on what you say. This includes deciding whether to book an appointment, provide information, take a message, or escalate to a human operator.
- Review response drafting -- Our AI system analyses Google Business Profile reviews and generates draft responses based on the content and sentiment of each review. These drafts are reviewed and approved by the business owner before being posted.
- Appointment scheduling and availability decisions -- Our AI system checks calendar availability and books appointments based on the business owner's configured preferences and schedules.
- Call classification and prioritisation -- Our AI system classifies calls by intent (standard booking, emergency, general inquiry, lead capture) and prioritises them accordingly.
Your right to human review: You have the right to request human review of any decision made by, or with the assistance of, our automated systems. To request human review, contact us using the details at the top of this policy. We will respond to your request within 14 days.
7. Disclosure of Your Information (APP 6)
We may disclose your personal information to:
- Our clients (the businesses that subscribe to our services) -- call summaries, transcripts, booking details, and review management data are shared with the business that engaged our service on their behalf
- ElevenLabs Conversational AI (USA) -- processes voice calls, stores recordings and transcripts
- OpenAI (USA) -- processes text for AI-generated responses, call handling logic, and review drafting
- Twilio (USA) -- provides telephone infrastructure and SMS services for Australian phone numbers
- Stripe (USA/Australia) -- processes payments and manages subscriptions
- Google (USA) -- provides Google Business Profile data and review posting capabilities
- Tally.so -- processes form submissions from our website
- Cal.com -- manages appointment scheduling and calendar integration
We do not disclose your personal information to any party for the purpose of direct marketing by that party.
8. Cross-Border Data Transfer (APP 8)
Some of your personal information is processed and stored outside Australia.
We use AI and technology services operated by companies based in the United States. By using our services (or calling a business that uses our services), you consent to your personal information being transferred to, and processed in, the United States by the following providers:
| Provider | Country | What They Process |
|---|---|---|
| ElevenLabs Conversational AI | United States | Voice recordings, call transcripts, call routing |
| OpenAI | United States | Text processing for AI responses, call handling, review drafting |
| Twilio | United States | Telephone call routing, SMS delivery |
| Stripe | United States / Australia | Payment processing, subscription management |
| United States | Google Business Profile data, review content |
We have taken reasonable steps to ensure that these overseas recipients handle your personal information in accordance with the Australian Privacy Principles, as required by APP 8. These steps include:
- Using services that maintain industry-standard security certifications (SOC 2, ISO 27001, or equivalent)
- Ensuring data is transmitted using encryption (TLS/SSL)
- Reviewing the privacy policies and data handling practices of each provider
- Using API-based integrations only (we do not input personal information into publicly available AI chat interfaces, in accordance with OAIC guidance dated October 2024)
If you do not consent to your personal information being transferred overseas, please contact us before using our services. Note that if you do not consent, we may not be able to provide certain services to you.
9. Google Business Profile Data
If you are a client using our review management service, we access your Google Business Profile data through the Google Business Profile API. This includes:
- Reviews posted on your Google Business Profile (reviewer name, rating, review text, date)
- Your business listing information (name, address, phone, category, hours)
How we use this data
- To monitor new reviews and alert you
- To generate AI-drafted review responses for your approval
- To send review request SMS messages to your customers (with your authorisation)
What we do not do
- We do not post review responses without the business owner's explicit approval
- We do not share your Google Business Profile data with other clients or third parties
- We do not use review data to train AI models
Google Business Profile reviews are publicly visible. Our service processes this public data on your behalf to save you time. Your customers' review content remains publicly visible on Google regardless of our service.
10. Data Security (APP 11)
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure.
Our security measures include:
- All data transmitted between our systems uses encryption (TLS/SSL)
- Access to client data is restricted to authorised personnel only (currently the sole-trader business owner)
- Third-party services we use (ElevenLabs Conversational AI, OpenAI, Stripe, Twilio) maintain their own security certifications and practices
- Call recordings are stored in ElevenLabs Conversational AI's secure platform, not on local devices or personal computers
- Payment information is handled entirely by Stripe and is never stored on our systems
- We use API-based integrations exclusively, in accordance with OAIC guidance on commercial AI products
We regularly review our security practices and update them as needed. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
11. Data Retention
We retain personal information only for as long as it is needed for the purposes described in this policy, or as required by law.
| Data Type | Retention Period | Stored Where |
|---|---|---|
| Contact form submissions | 24 months from submission | Tally.so |
| Call recordings | 90 days from the date of the call | ElevenLabs Conversational AI (US) |
| Call transcripts and summaries | 12 months from the date of the call | ElevenLabs Conversational AI (US) |
| Google review data | Duration of the client's subscription plus 30 days | Our review management system |
| Payment and billing records | 7 years (as required by Australian tax law) | Stripe |
| Client account information | Duration of the service agreement plus 12 months | Our internal records |
| Website analytics | 26 months | Framer analytics |
When personal information is no longer needed, we take reasonable steps to destroy or de-identify it. For data held by third-party providers, destruction is subject to the provider's own data retention and deletion policies.
You may request earlier deletion of your personal information at any time by contacting us. We will action deletion requests within 30 days, except where retention is required by law.
12. Access and Correction (APP 12, APP 13)
You have the right to:
- Access your personal information that we hold
- Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading
To make an access or correction request, contact us using the details at the top of this policy. We will respond to your request within 30 days.
We will not charge you for making an access request. If your request requires significant effort to fulfil (for example, retrieving archived call recordings), we will let you know before proceeding and provide an estimate of any reasonable costs.
If we refuse your request for access or correction, we will provide you with written reasons and information about how to complain.
13. Complaints
If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may lodge a complaint with us by:
- Emailing us at [email protected]
- Writing to us at our postal address listed at the top of this policy
We will acknowledge your complaint within 7 days and aim to resolve it within 30 days. We will keep you informed of the progress of your complaint.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: [email protected]
- Post: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001
The OAIC can investigate your complaint and make determinations about whether a breach of the Australian Privacy Principles has occurred.
14. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this policy.
For significant changes (such as new categories of data collection or new cross-border transfers), we will take reasonable steps to notify you, such as posting a notice on our website.
We encourage you to review this policy periodically.
15. Definitions
- AI receptionist -- Our automated phone answering service that uses artificial intelligence to handle incoming calls on behalf of a business
- Automated decision-making -- A decision made by a computer system without human involvement, or where a computer system substantially assists a human in making a decision
- Client -- A business that subscribes to one or more of our services
- Caller -- A person who calls a business that uses our AI receptionist service
- Personal information -- Information or an opinion about an identified individual, or an individual who is reasonably identifiable, as defined in the Privacy Act 1988 (Cth)
- APP -- Australian Privacy Principle, as set out in Schedule 1 of the Privacy Act 1988 (Cth)