🔒 PRIVACY POLICY

1. Introduction

StaffHub.AI (“we,” “us,” “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the IRIS Service or visit our websites. It also outlines your rights under the Privacy Act 1988 (Cth), the GDPR, and other applicable laws.

2. Information We Collect

Category Examples
Information you provide Name, business name, phone number, email address, billing details, voice prompts, chat messages
Call & Interaction Data Incoming/outgoing phone numbers, call audio, AI‑generated transcripts, appointment details
Usage & Device Data Log files, IP address, browser type, device identifiers, pages viewed, time spent
Payment Data Cardholder name, partial card numbers, billing address (processed by Stripe—never stored in full by us)
Third‑Party Integrations Calendar events, CRM identifiers, contact lists (only with your explicit permission)

3. How We Use Your Information

  1. Deliver & maintain the Service (answer calls, schedule appointments, send messages).

  2. Improve & train our AI models (using de‑identified transcripts where feasible).

  3. Process payments & manage subscriptions.

  4. Provide customer support & service notifications.

  5. Marketing (with consent)—e.g., product updates, promotions.

  6. Compliance & legal obligations.

4. Legal Bases for Processing (GDPR)

  • Contractual necessity – to provide the Service you request.

  • Legitimate interests – e.g., improving Service security and quality.

  • Consent – for marketing emails or optional integrations.

  • Legal obligation – to comply with laws, subpoenas, or court orders.

5. Sharing Your Information

We share data only as necessary:

  • Service Providers – Twilio (telephony), OpenAI (AI processing), Stripe (payments), hosting, analytics.

  • Business Transfers – in the event of a merger or acquisition.

  • Legal & Compliance – to regulators or law enforcement where required. We never sell your personal information.

6. International Data Transfers

Your data may be processed in countries outside Australia. We use appropriate safeguards, such as Standard Contractual Clauses (SCCs) and ISO‑27001‑certified data centres, to protect international transfers.

7. Data Retention

Call recordings and transcripts default to 30 days retention, unless you adjust settings or delete them sooner. Billing records are kept for 7 years to meet statutory requirements.

8. Security Measures

  • AES‑256 encryption at rest, TLS 1.2+ in transit.

  • Role‑based access controls, MFA for staff.

  • Regular penetration testing and security audits.

9. Cookies & Tracking

We use essential cookies for authentication and analytics cookies (e.g., Google Analytics) to improve performance. You can manage cookies in your browser settings.

10. Your Rights

  • Access & Correction – request a copy or correction of your data.

  • Deletion – request we delete personal data (subject to legal exceptions).

  • Portability – obtain a machine‑readable copy.

  • Withdraw Consent – opt‑out of marketing at any time.

  • Complain – to the OAIC (Australia) or your local supervisory authority.

11. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect data from minors. If you believe a child has provided us data, contact us for deletion.

12. Changes to This Policy

We may update this Privacy Policy. If changes are material, we will provide 14 days’ notice via email or in‑app banner.

13. Contact

For privacy questions or requests, email privacy@staffhub.ai or write to: Privacy Officer, StaffHub.AI, PO Box 66, Yorkeys Knob, Cairns QLD 4870, Australia.

Copyright © 2024 - 2025 StaffHub.AI | All rights reserved

Terms of Service | Privacy Policy | Fulfilment and Refund Policy | Cookie Policy | Customer Support and Complaints | Data Deletion Requests

Scroll to Top