VoxReach is an Australian-owned AI voice agent platform operating from Sydney, NSW 2000. This policy explains what personal information we collect when you visit voxreach.com.au, sign up as a tenant, place a call on the platform, or are called by a tenant's AI agent, how we use that information, who we share it with, and how you can exercise your rights under Australian privacy law.
1. Who we are (APP 1)
VoxReach (the "platform", "we", "us") is the operator of the software-as-a-service described at voxreach.com.au. For the purposes of this policy:
- We are the data controller for information collected directly by us (marketing site visitors, tenant account holders, billing information).
- We are a data processor for information collected from end callers by tenants using our platform. The tenant is the controller of that caller data.
Our APP privacy officer can be reached at privacy@voxreach.com.au.
2. What personal information we collect (APP 3)
From tenant account holders: full name, business name, business email, phone number, ABN, billing address, payment card data (tokenised through Stripe — we never see or store raw card numbers), and any free-text information you submit through onboarding forms.
From end callers (collected on behalf of tenants): the caller's phone number (CLID), call audio recording, real-time transcript, detected intent, outcome classification, any information the caller voluntarily provides during the conversation (name, address, email, service requested, financial details relevant to the tenant's business, and similar).
From website visitors: IP address, approximate geolocation derived from IP, browser user-agent, session cookie identifiers, privacy-preserving page-view analytics (Plausible, no cookies, no personal identifiers), referring URL, pages viewed, time on page.
From partners and applicants: information submitted on /apply and /contact forms including name, agency name, business size, and the free-text of your message.
We do not intentionally collect sensitive information (health, political opinions, religion, union membership, sexual orientation, criminal history, biometric data) under APP 3.3. If you share such information with a tenant's AI agent during a call, the tenant is responsible for its handling under its own privacy policy.
3. How we collect it (APP 3.5, 3.6)
- Directly from you when you fill a form, sign up, call a tenant number, or contact us.
- Automatically from your browser when you visit voxreach.com.au (server access logs, privacy-preserving analytics).
- From tenants when they import a lead list. You warrant on each upload that you have a lawful basis (consent, existing business relationship, or a statutory exception) to contact the people on the list.
- From our sub-processors (Twilio for CLID, Deepgram for transcripts, Vapi for call metadata) — these are agents acting on our behalf.
4. Why we collect it (APP 3, 6)
- Provide the service: route calls, generate transcripts, provide dashboards, meter usage against prepaid credits, issue invoices, send transactional notifications (call summaries, low-balance alerts, receipts, security alerts).
- Improve the service: measure platform quality, train internal classifiers (on aggregated, de-identified data only — no tenant content is used to train the external LLMs we license).
- Security and abuse prevention: rate-limit suspicious activity, investigate DNCR complaints, defend against fraud, cooperate with lawful requests.
- Billing and accounting: GST invoicing, BAS records, retaining records for the seven-year period required by the ATO.
- Direct marketing to tenants (APP 7): only with your consent. You can opt out any time via the unsubscribe link or by emailing privacy@voxreach.com.au.
We do not sell personal information to anyone for any purpose.
5. Who we share it with (APP 6, 8)
We share personal information with the following categories of sub-processor, each bound by a written contract and each offering a documented data processing agreement on request:
- Telephony: Twilio Inc (US), for carriage of calls and SMS. Processes caller number, audio stream metadata.
- Voice orchestration: Vapi (US), for turn-by-turn voice loop. Processes transcript chunks and audio while a call is in progress; does not retain content for training.
- Language model: Anthropic PBC (US), provider of the Claude model family used for agent reasoning. Zero data retention configured where available; no training on tenant content.
- Text-to-speech: ElevenLabs Inc (US) and Cartesia (US), for synthetic voice. Processes text-to-speech text in real time; does not retain.
- Transcription: Deepgram Inc (US), for speech-to-text. Real-time, no retention.
- Payments: Stripe Payments Australia Pty Ltd, for card processing. PCI-DSS Level 1.
- Email: Google Workspace (Australia + US), for transactional and marketing email.
- Analytics: Plausible Insights (EU) — privacy-preserving, no cookies, aggregated, no personal identifiers.
- Hosting + storage: Australian-based infrastructure for tenant databases, recordings, and transcripts.
Some of the above are based outside Australia. Under APP 8 we take reasonable steps to ensure each overseas recipient holds personal information consistently with the APPs, by way of contract (including standard contractual terms where applicable) and sub-processor due diligence. A full current list of sub-processors is maintained on the Data processing page and we notify tenants by email at least 30 days before adding a new sub-processor that materially changes the data flow.
6. Where it is stored, and for how long (APP 11)
Tenant databases, call recordings, and transcripts are hosted on Australian infrastructure. Encrypted in transit with TLS 1.2 or higher; encrypted at rest with AES-256.
Retention defaults (configurable per tenant contract):
- Call recordings: 90 days, then deleted.
- Call transcripts: 24 months, then deleted.
- Billing records: seven years (ATO requirement).
- Account data: retained for the life of the account, deleted within 30 days of account closure except where we are required to retain for law or billing.
- Support correspondence: 24 months from last message.
7. Your rights (APP 12, 13)
Under Australian law you have the right to:
- Access the personal information we hold about you.
- Correct information that is inaccurate, out of date, or incomplete.
- Request deletion where we no longer have a lawful basis to retain it.
- Opt out of direct marketing at any time.
- Withdraw consent where our processing is based on consent.
- Complain to us first, and if unresolved, to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Email privacy@voxreach.com.au with your request. We respond within 30 calendar days. There is no charge for access requests.
8. Call recording and disclosure
Tenants are responsible for complying with state-by-state recording-disclosure law (Surveillance Devices legislation differs between states). Every default VoxReach agent script includes a recording-disclosure line at the opening of the call (for example: "This call may be recorded for quality and training purposes"). Tenants can edit that script but remain legally responsible for whatever they choose to disclose or not disclose.
If you received a call from a VoxReach tenant and wish to access the recording of your own call, contact the tenant directly — they are the controller of that recording. If you cannot identify the tenant, email abuse@voxreach.com.au with the date, time, and inbound number and we will route you to the right party within 24 business hours.
9. Data breach notification
We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. Any eligible data breach will be notified to the OAIC and affected individuals as soon as practicable, in any event within the 30-day statutory window.
10. Cookies and tracking
voxreach.com.au uses privacy-preserving analytics (Plausible) that does not set cookies or track individuals. Our application at app.voxreach.com.au uses a first-party session cookie strictly necessary for authentication (no analytics, no ad tech). See the cookies page for detail.
11. Children
VoxReach is a business tool and not directed at anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided information through a tenant's AI agent, contact us and we will work with the tenant to delete it.
12. Changes to this policy
We update this policy as the platform evolves. Material changes are emailed to tenant account holders at least 14 days before they take effect. The "Last updated" date at the top of the page always reflects the current version.
13. Contact
Privacy enquiries: privacy@voxreach.com.au
General: hello@voxreach.com.au
Postal: VoxReach Privacy Officer, Sydney NSW 2000, Australia
OAIC: oaic.gov.au | 1300 363 992