Privacy Policy
Effective date: 23 March 2026
1. Overview
Calltana is operated by Cohen / Media Pty Ltd ABN [to be inserted] ("we", "us", "our"). We are committed to protecting the privacy of our clients ("you") and their customers who interact through our services. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
This policy covers all Calltana communication channels: AI phone receptionist, WhatsApp AI assistant, website chatbot, and email AI assistant.
2. Information We Collect
From Business Clients (You)
- Account information: business name, contact name, email address, phone number
- Business details: industry, services offered, hours of operation, pricing, FAQs
- Payment information: processed and stored securely by Stripe; we do not store card numbers or bank account details on our servers
- Usage data: call volumes, minutes used, dashboard activity, login history
From Callers (People Who Call Your Business)
- Call data: phone number (caller ID), call duration, date and time
- Call content: audio recordings, AI-generated transcripts, call summaries
- Information provided during calls: name, contact details, booking requests, enquiry details
From WhatsApp Conversations
- Contact data: phone number, WhatsApp profile name
- Message content: text messages, media files shared during conversations
- Conversation metadata: timestamps, message status, conversation duration
- Information provided: name, booking details, enquiry details shared in messages
From Website Chat (Chatbot Widget)
- Visitor data: name and email (if provided via pre-chat form), page URL, browser user agent
- Chat content: text messages exchanged with the AI chatbot
- Session data: session identifiers, timestamps, IP address (used for rate limiting only)
From Email Interactions
- Email data: sender email address, sender name, subject lines
- Email content: message body (text and HTML), attachments metadata
- Thread data: email thread identifiers, reply chains
- OAuth data: if you connect your Gmail or Outlook, we store encrypted access tokens to read and send email on your behalf. We do not store your email password.
Automatically Collected
- Website analytics: pages visited, browser type, device type, IP address (anonymised)
- Service logs: API requests, error logs, performance metrics
3. How We Use Information
| Purpose | Data used | Legal basis |
|---|
| Provide the AI receptionist service (phone, WhatsApp, chat, email) | Business details, call/message data | Contract performance |
| Send notifications and summaries | Call/chat/email content, contact email | Contract performance |
| Process payments and billing | Payment info, usage data | Contract performance |
| Generate AI responses across all channels | Conversation history, business details | Contract performance |
| Improve AI accuracy and service quality | Anonymised conversation data | Legitimate interest |
| Provide customer support | Account info, conversation data | Contract performance |
| Website analytics | Anonymised browsing data | Legitimate interest |
| Marketing communications | Contact email | Consent (opt-in) |
4. Call Recording and Conversation Logging
All calls handled by Calltana's AI receptionist are recorded and transcribed. Our AI agent informs callers at the start of each call that the call may be recorded.
All WhatsApp messages, website chat conversations, and email exchanges processed by our AI are logged and stored to provide the service, enable staff review, and improve AI quality.
Your responsibilities: Australian recording laws vary by state. In some jurisdictions, all parties must consent to recording. It is your responsibility to ensure your use of call recording complies with the laws of your state or territory. For WhatsApp and chat, the AI greeting message informs customers they are communicating with an AI assistant.
5. Data Sharing
We do not sell personal information. We share data only with:
- Service providers necessary to deliver the Service:
- Retell AI — voice AI processing and call handling
- Anthropic (Claude) — AI language model for WhatsApp, chat, and email responses
- Twilio — telephony and WhatsApp Business API messaging
- Stripe — payment processing
- Supabase — database hosting (servers in Australia/US)
- Resend — email delivery for notifications and AI email responses
- Google / Microsoft — OAuth email integration (Gmail and Outlook, where connected by you)
- Vercel — website and API hosting
- SevenRooms / booking platforms — reservation integration (where configured)
- Law enforcement — where required by law, court order, or regulatory obligation
- Business transfers — in the event of a sale, merger, or acquisition (with notice)
All service providers are bound by data processing agreements and are required to protect your data.
6. Data Storage and Security
Storage: Data is stored on servers managed by Supabase and Vercel. While we prioritise Australian-hosted infrastructure where available, some data may be processed in the United States through our service providers.
Security measures:
- Encryption in transit (TLS/HTTPS) and at rest
- Row-level security on all database tables
- Access controls with role-based permissions
- Regular security reviews and updates
- Stripe PCI-DSS compliance for payment data
Incident response: In the event of a data breach that poses a risk of serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.
7. Data Retention
- Call recordings and transcripts: Retained for 12 months from the call date, then automatically deleted
- WhatsApp and chat conversations: Retained for 12 months from the last message, then automatically deleted
- Email conversations: Retained for 12 months from the last email, then automatically deleted
- OAuth tokens: Encrypted and retained while your email integration is active; deleted immediately upon disconnection
- Account data: Retained while your account is active and for 30 days after cancellation
- Billing records: Retained for 7 years as required by Australian tax law
- Anonymised analytics: Retained indefinitely for service improvement
You may request early deletion of call data at any time by contacting us.
8. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate or outdated information
- Request deletion of your personal information (subject to legal retention requirements)
- Export your call data in a standard format
- Withdraw consent for marketing communications at any time
- Complain to the OAIC if you believe your privacy has been breached
To exercise any of these rights, contact support@calltana.com. We will respond within 30 days.
9. Cookies and Analytics
Our website uses:
- Essential cookies for authentication and session management
- Analytics (Google Analytics) to understand website usage — data is anonymised
You can control cookies through your browser settings. Disabling cookies may affect website functionality.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to read their privacy policies.
11. Children's Privacy
The Service is designed for businesses and is not directed at individuals under 18. We do not knowingly collect personal information from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or dashboard notice. The "effective date" at the top of this page indicates when it was last revised.
13. Contact Us
For privacy-related questions, data access requests, or complaints:
Calltana (Cohen / Media Pty Ltd)
Privacy Officer
Email: support@calltana.com
Web: calltana.com
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.