Privacy Policy
Last updated: 7 March 2026
This Privacy Policy explains how Kaitek Pty Ltd (ABN pending) (“we”, “us”, “our”, “/kaitek”) collects, uses, stores, and discloses personal information in connection with the /kaitek AI Business Agent platform (“Service”).
We are committed to protecting your privacy and complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy applies to:
- Business owners and operators who use our Service (“Clients”)
- Individuals who call businesses using our Service (“Callers”)
- Visitors to our website (“Visitors”)
1. Information We Collect
From Clients
- Full name and contact details (email address, phone number)
- Business name, ABN, and business address
- Business information for knowledge base setup (services, pricing, FAQs, service areas, business hours)
- Payment and billing information (processed by our payment provider - we do not store credit card details)
- Communication history with /kaitek (emails, support requests)
From Callers
- Phone number (captured automatically via telephony)
- Name (if provided during the call)
- Suburb or location (if provided during the call)
- Job or service details discussed during the call
- Booking preferences (dates, times, urgency)
- Call audio recordings and transcripts
- SMS delivery records
From Website Visitors
- Information submitted through contact forms (name, email, phone, message)
- Information submitted through email capture forms (email address)
- Website usage data collected through cookies and analytics tools (IP address, browser type, pages visited, time on site)
Information collected automatically
- Call metadata (date, time, duration, phone numbers)
- SMS delivery status
- Service usage data and logs
2. How We Use Your Information
We use personal information to:
- Provide and operate the AI Business Agent Service
- Answer calls, capture bookings, and send notifications on behalf of our Clients
- Send SMS confirmations to Callers
- Send email notifications with booking details to Clients
- Build and maintain custom knowledge bases for each Client
- Generate weekly call reports for Clients
- Process payments and manage billing
- Communicate with Clients about their account and the Service
- Improve and develop the Service
- Comply with legal obligations
We do NOT use personal information to:
- Sell or rent personal information to third parties
- Send unsolicited marketing communications to Callers
- Train AI models on individual call data (see Section 5 for details on third-party AI providers)
- Profile or track Callers beyond the scope of providing the Service
3. How We Share Your Information
We share personal information with the following categories of third-party service providers, solely for the purpose of operating the Service:
Voice AI and Telephony
| Provider | Purpose | Location | Compliance |
|---|---|---|---|
| ElevenLabs | Voice AI conversation processing (speech-to-text, text-to-speech, dialogue management) | USA/EU | SOC 2 Type II, HIPAA-eligible on Business plan |
| OpenAI | Large language model processing for conversation intelligence | USA | API data not used for model training under business terms |
| Twilio | Telephony infrastructure, phone numbers, SMS delivery | USA (with Australian edge infrastructure) | SOC 2, GDPR compliant |
Workflow and Data
| Provider | Purpose | Location | Compliance |
|---|---|---|---|
| n8n Cloud | Post-call workflow automation (SMS sending, email notifications, data routing) | EU (Germany) | GDPR compliant, SOC 2 |
| Google (Gmail, Sheets) | Email notifications to Clients, temporary data storage (migrating to Supabase) | USA | SOC 2, ISO 27001 |
| Vercel | Website hosting | USA | SOC 2 |
Planned Providers
| Provider | Purpose | Location | Compliance |
|---|---|---|---|
| Supabase Sydney | Database for call logs, bookings, client configuration | Australia | Full Australian data sovereignty |
| AWS Sydney | Future production infrastructure | Australia | HIPAA-eligible, IRAP assessed |
| Stripe | Payment processing | USA | PCI DSS Level 1, SOC 2 |
We require all third-party providers to handle personal information in accordance with their privacy obligations and applicable law.
4. Cross-Border Data Transfers
Some of our service providers are located outside Australia, primarily in the United States and European Union. Under Australian Privacy Principle 8, we take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs.
These steps include:
- Selecting providers with strong privacy and security certifications (SOC 2, GDPR, HIPAA-eligible)
- Using providers whose terms contractually require data protection standards comparable to Australian law
- Ensuring API data is transmitted using TLS encryption
- Reviewing provider privacy practices and data handling policies
- Planning migration of core data storage to Australian-hosted infrastructure (Supabase Sydney, AWS Sydney ap-southeast-2)
5. AI and Call Recording
Call Recording and Transcription
All calls handled by the /kaitek AI Business Agent are recorded and transcribed for the purpose of:
- Providing accurate booking and enquiry information to Clients
- Generating call summaries and reports
- Quality assurance and Service improvement
- Resolving disputes if they arise
Callers are informed at the beginning of each call that they are interacting with an AI agent and that the call may be recorded.
AI Processing
Call audio and transcripts are processed by:
- ElevenLabs - for real-time voice conversation (speech-to-text and text-to-speech)
- OpenAI - for language understanding and response generation
Under our business agreements with these providers:
- OpenAI does not use API data for model training
- ElevenLabs processes audio data for the purpose of providing the service only
- No individual call data is used to train general-purpose AI models
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Call recordings and transcripts | 12 months from call date, then permanently deleted |
| Booking and enquiry data | Duration of Client's subscription plus 30 days |
| Client account information | Duration of subscription plus 30 days, then permanently deleted |
| Payment records | 7 years (as required by Australian tax law) |
| Website analytics data | 26 months |
| Contact form submissions | 12 months |
After the retention period, data is permanently deleted from our systems and, where possible, from third-party provider systems.
7. Data Security
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:
- Encryption in transit (TLS/HTTPS) for all data transmission
- Access controls limiting who can access personal information
- Secure authentication for all platform components
- Regular review of third-party provider security practices
- Separation of client data using unique identifiers (multi-tenant isolation)
No method of electronic transmission or storage is 100% secure. While we strive to protect personal information, we cannot guarantee absolute security.
8. Cookies and Website Tracking
Our website uses:
- Essential cookies - required for website functionality
- Analytics cookies - to understand how visitors use our website (e.g. Vercel Analytics)
We do not use advertising cookies or tracking pixels. We do not sell website visitor data.
You can control cookies through your browser settings. Disabling cookies may affect website functionality.
9. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access - request access to the personal information we hold about you
- Correction - request correction of inaccurate, incomplete, or out-of-date personal information
- Complaint - lodge a complaint if you believe we have breached the APPs
For Clients
You can access your call data and booking information through your email reports. To request a full export of your data, contact us at the email address below.
For Callers
If you have called a business that uses /kaitek and wish to access, correct, or delete your personal information, please contact us at the email address below. We will respond within 30 days.
Complaints
If you believe we have breached the Australian Privacy Principles, please contact us first so we can investigate and resolve your complaint. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
10. SMS Communications
We send SMS messages to Callers solely for the purpose of confirming bookings and providing information discussed during the call. These are transactional messages, not marketing communications.
We comply with the Spam Act 2003 (Cth). We do not send unsolicited commercial electronic messages.
Callers cannot opt out of transactional SMS confirmations as they are a core part of the Service. If a Caller does not wish to receive SMS, they should advise the AI agent during the call.
11. Children's Privacy
Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify Clients of material changes via email. The updated policy will be posted on our website with a revised “Last updated” date.
13. Contact Us
For questions, access requests, corrections, or complaints regarding this Privacy Policy or our handling of personal information, contact us at:
Email: hello@kaitek.com.au
Privacy Officer: Kaitek Pty Ltd
You may also contact the Office of the Australian Information Commissioner:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
/kaitek — Built in Australia