This Privacy Policy (“Policy”) describes how Jubilee Voice Pty Ltd (ACN 683 925 019) ("we", "us", "our" or the “Company”) collects, stores, uses, discloses, and manages personal information in connection with the provision of our Artificial Intelligence (AI)-powered voice assistant services. These services include, without limitation, automated phone answering, call transcription, calendar integration, client data capture, prompt generation based on input, and diary and Customer Relationship Management (CRM) automation across cloud-based systems that may be hosted inside or outside Australia (“Services”).

This Policy is intended to comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and, where applicable, international data protection frameworks such as the General Data Protection Regulation (GDPR) for European Economic Area (EEA) users. It is also intended to comply, where applicable, with relevant State and Territory-based health privacy laws. We note that these are subject to change from time to time.

This Policy applies to all users of our platform, including those accessing our free trial or using our services under commercial subscription agreements.

1. WHAT WE DO

1.1 We provide cloud-based conversational AI solutions to enterprises. Our services are designed to assist businesses in managing inbound and outbound phone traffic, capturing structured data, and automating calendar appointments. Where requested by, the platform can also manage two-way WhatsApp communications via approved Application Programming Interface (API), subject to configuration and applicable usage policies. Clients can configure our voice assistant to interact with callers based on pre-set prompts, guide them through decision trees, and integrate outcomes with CRMs or scheduling software (including Cliniko for health professionals such as physiotherapists and chiropractors).

1.2 Our integrated AI voice solutions including, but are not limited to:

(a) Automated call handling;

(b) Structured data capture;

(d) Interactive voice navigation; and

(e) CRM and third-party system integrations.

2. SCOPE OF THIS POLICY

2.1 This Policy applies to personal information and sensitive information we collect or receive from:

(a) End users who interact with our AI assistant on behalf of our customers;

(b) Business representatives visiting our website or contacting us; and

2.2 This Policy does not apply where we act strictly as a data processor under your instructions. For example, when you upload a contact list to enable outbound calls or messages via our platform, you remain the data controllers and is responsible for its own privacy policies. In such cases, we process data solely on your behalf.

2.3 Where practicable, individuals may interact with us anonymously or using a pseudonym, unless we are required or authorised by law to identify them.

3. SINGLE SIGN-ON

3.1 Our platform supports Google Single Sign-On (SSO), including integrations with identity providers such as Google. SSO enables secure and seamless access, and we endeavour to comply with the identity provider’s policies and regularly monitor our implementation to address any potential operational issues.

3.2 If user encounters difficulties using SSO due to compliance alerts or account restrictions, we will:

(a) Promptly investigate the issue to ensure our implementation adheres to identity provider’s requirements;

(b) Provide alternative sign-up or sign-in options to prevent disruption in accessing our services; and

4. TYPES OF INFORMATION COLLECTED

4.1 Personal information we collect may include:

(a) Caller identification details: name, phone number, email, job title, and other contact information;

(b) Communication records: voice data, transcriptions, prompts selected by callers, and follow-up messages;

(d) Technical and usage data: IP addresses, cookies, browser type, device identifiers, access logs;

(e) Business-specific data: CRM tags, client intake notes, matter type descriptions, and practice area identifiers; and

(f) Other information provided by the caller or user, including sensitive personal data where lawfully permitted and with consent.

4.2 We may also collect de-identified, anonymised, or aggregate data for analytics, statistical, and product development purposes.

4.3 The Privacy Act permits the overseas transfer and storage of sensitive information only if:

(a) The individual has given informed consent;

(b) Reasonable steps are taken to ensure the overseas recipient complies with equivalent privacy obligations; and

We do not intentionally collect or store health or financial records unless directed by the client and subject to lawful basis and appropriate contractual controls.

4.4 If we receive unsolicited personal or sensitive information, we will assess whether it is necessary for our functions. If not, we will de-identify or destroy the information with and without prior notice.

4.5 Where applicable, we recommend that you implement an upfront audio disclaimer at the beginning of each outbound call, notifying the recipient that the call me be conducted by an AI system and may be recorded or processed for business purposes.

5. METHODS OF COLLECTION

5.1 We collect information through:

(a) Direct caller interaction with our AI system;

(b) Client submissions through our portal, web forms, email, or calendar integration;

(d) Communications with support or implementation teams; and

(e) Third-party platforms linked by the user or client (e.g., Microsoft 365, Google Calendar, Twilio, Retell AI, Make.com, OpenAI).

6. COOKIES AND TRACKING TECHNOLOGIES

6.1We use cookies, session tokens, and analytics technologies to:

(a) Authenticate users;

(b) Track interactions and usage patterns;

(d) Serve tailored advertising through provider like Google.

6.2 Clients who wish to disable or opt out of the collection or retention of sensitive data must notify us in writing at contactus@jubileevoice.ai or cynthia@jubileevoice.ai. We will then manually configure platform settings to reflect this preference. Adjusting browser settings will not affect data processing on our system.

6.3 Users may control or disable cookies via browser settings, but doing so may affect service functionality.

7. PURPOSES FOR COLLECTION AND USE

7.1 You consent to us collecting and using your personal information for the following purposes:

(e) To answer and process phone calls, generate responses, or schedule meetings using calendar availability;

(f) To populate or update client records in CRMs or other integrated systems;

(g) To verify identity and assist in onboarding new users or clients;

(h) To operate, monitor, and improve service functionality and accuracy;

(i) To store communications and activity logs for internal training and service optimisation;

(j) To comply with legal, regulatory, and contractual obligations;

(k) To respond to legal requests, court orders, or requests from authorities;

(l) To notify you about updates, system outages, or product offerings; and

(m) To manage billing and payments, where applicable.

7.2 We may also process anonymised or de-identified data for statistical, research and development purposes.

7.3 You may opt out of receiving marketing communications from us at any time by using the unsubscribe link provided in the message or by contacting our Privacy Officer.

8. SHARING AND DISCLOSURE OF PERSONAL INFORMATION

8.1 You are fully aware and consent that we may disclose personal information and sensitive information:

(a) To clients where we act as their data processor;

(b) To (cloud) service providers, such as cloud hosting partners, transcription vendors, calendar integrations, call tracking tools, and CRM systems;

(d) To Courts, regulatory authorities, or law enforcement as required by law;

(e) To third parties as part of a merger, acquisition, financing or sale of business assets;

(f) To overseas recipients, subject to Section 16C of the Privacy Act and APP 8.1, only where:

a. The individual has provided informed consent; or

b. We have taken reasonable steps to ensure the overseas recipient complies with privacy obligations substantially similar to the APPs.

8.2 We take reasonable steps to ensure third parties uphold privacy safeguards consistent with this Policy.

8.3 We do not share mobile contact information, message originator data, or SMS opt-in details with third parties for promotional purposes.

8.4 Your are aware that overseas recipient may not comply with Australian privacy laws and we will not, unless permitted by law, be responsible for any losses arising for any breaches.

9.INTERNATIONAL DATA HANDLING

9.1 We store data in Australia and abroad, including but not limited to the United States. Where data includes sensitive health or financial details, we only transfer it with:

(a) The individual’s express and informed consent;

(b) A written contract with the overseas recipient containing substantially similar privacy obligations to those under Australian law;

(d) A lawful exemption under the Privacy Act.

9.2 For EEA users, we implement standard contractual clauses or rely on adequacy decisions where applicable.

10. DATA SECURITY, STORAGE AND RETENTION

10.1 We maintain administrative and operational safeguards, including but not limited to:

(a) Role-based access permissions and access logging;

(b) Employee training on data handling and ethical use of AI; and

10.2 We store and retain data for as long as necessary for business or legal purposes, then securely delete or de-identify it to:

(a) Deliver the Services;

(b) Comply with applicable laws;

(d) Manage backups and disaster recovery.

10.3 If deletion is not immediately possible (e.g., due to backup retention policies), we will restrict access and isolate the data until destruction becomes feasible, where technically and contractually permissible.

10.4 We apply the following safeguards:

(a) Role-based system access and audit trails;

(b) Incident response procedures and risk mitigation protocols; and

10.5 You can control and configure platform settings to opt out or disable the collection and/or retention of sensitive data (such as health or financial information). Additionally, you can also enable secure signed Uniform Resource Locators (URL) for access to data (e.g., audio playback), which will expire automatically after 24 hours after creation.

11. ACCESS AND CORRECTION RIGHTS

11.1 You may request access to the personal information we hold about you by contacting our Privacy Officer.

11.2 We will respond within a reasonable timeframe and may require verification of identity.

11.3 You have rights to:

(a) Request access or correction of your personal data;

(b) Withdraw consent where previously given;

(d) Opt out of direct marketing and advertising;

(e) Request erasure, portability, or restriction of processing where applicable; and

11.4 Where we process data solely as a service provider, we will assist the relevant customer to fulfil your rights.

12.COMPLAINTS PROCESS

12.1 If you believe your privacy has been infringed, you may lodge a complaint to our Privacy Officer. We will:

(a) Acknowledge your complaint within 3 business days;

(b) Investigate it promptly and provide a written response within 30 days; and

13.CHANGES TO THIS POLICY

13.1 We may amend this Policy from time to time by publishing the updated version on our website. The effective date will be updated accordingly.

13.2 If you do not agree with any updates to this Policy, you may not be able to continue using the Services and maybe required to close your account.

14.CONTACT DETAILS

Privacy Officer

Jubilee Voice Pty Ltd (ACN 683 925 019)

of c/- Kensington Tax & Accounting Services

123B Colin Street, West Perth WA 6005

Email: contactus@jubileevocie.ai

cynthia@jubileevoice.ai

Phone: 0450950630

© 2025 Jubilee Voice