Privacy Policy

1. About This Policy

This Privacy Policy explains how Talk2Quote Pty Ltd (ABN 78 694 279 126) collects, uses, stores, and protects your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). We are committed to protecting your privacy and handling your data responsibly.

This policy applies to all users of the Talk2Quote platform, including account owners and team members.

2. What Information We Collect

2.1 Account Information

Name, email address, phone number, password (hashed), and business role.

2.2 Business Information

Business name, ABN, licence numbers, business address, logo, bank details (BSB, account number, PayID) for display on invoices, and trade categories.

2.3 Client Data

Client names, addresses, phone numbers, email addresses, and job history that you enter into the platform. You are the data controller for your client data.

2.4 Audio and Voice Data

Voice recordings submitted for quote generation (temporarily processed, not permanently stored), Talk2Me call recordings (stored for your configured retention period), and voicemail messages and transcriptions.

2.5 Financial and Billing Data

Subscription payment information (processed by Stripe — we do not store full card details), quote and invoice amounts, and payment history.

2.7 Location Data

When GPS tracking is enabled: real-time location coordinates during work hours, geofence entry/exit timestamps, route and travel data, and job site presence verification.

2.8 Usage and Device Data

Device type, operating system, app version, feature usage patterns, login times and IP addresses, and crash reports and performance data.

3. How We Use Your Information

3.1 Service Delivery

To provide and improve the Talk2Quote platform, process audio recordings into transcripts and business documents, generate quotes, invoices, and other documents, provide phone and call recording services (Talk2Me), and track GPS location for workforce management.

3.2 Communication

To send transactional emails (quote notifications, invoice receipts, payment confirmations), service announcements and important updates, and customer support responses.

3.3 Legal and Compliance

To comply with ATO reporting requirements (STP), meet record-keeping obligations under Fair Work Act and tax legislation, respond to lawful requests from government agencies, and detect and prevent fraud or abuse.

3.4 What We Do NOT Do

• We do not sell your personal information to third parties
• We do not use your data for targeted advertising
• We do not use your business data to train AI models
• We do not share your data with other Talk2Quote users
• We do not access your data except as necessary to provide the Service or as required by law

4. Data Storage and Security

Your data is stored securely in Google Firebase’s Sydney data centre (australia-southeast1). Security measures include:

• Encryption at rest (AES-256) and in transit (TLS 1.3)
• Firebase Authentication with optional multi-factor authentication
• Firestore security rules enforcing per-user data isolation
• Regular automated backups with point-in-time recovery
• Access logging and anomaly detection
• Regular security audits and penetration testing
• PCI DSS compliant payment processing via Stripe

Audio recordings submitted for quote generation are processed in memory and deleted immediately after transcription. They are not permanently stored on our servers.

5. Third-Party Service Providers

We share data with the following service providers who assist in delivering our Service:

Before disclosing your data to overseas providers (primarily US-based), we take reasonable steps to ensure the recipient handles your information in accordance with Australian privacy standards. All providers are contractually bound to maintain appropriate security measures.

6. Call Recording and Talk2Me

When you enable Talk2Me, call recordings are stored securely and accessible only to authorised users on your account. Recordings are retained for your configured period (default 90 days). AI transcriptions are generated automatically and linked to relevant records. You are responsible for complying with call recording laws in your jurisdiction. We recommend enabling the automated recording notification announcement.

8. GPS and Location Data

GPS tracking is an optional feature. When enabled by an account owner:

• Location data is collected only during configured work hours
• Employees must be informed and provide consent before tracking begins
• Location data is used for timekeeping, job site verification, and route optimisation
• Data is retained for 12 months, then aggregated and anonymised
• Employees can view their own location history at any time

Account owners using GPS tracking must comply with applicable workplace surveillance laws (e.g., Workplace Surveillance Act 2005 (NSW)).

9. Data Retention

After account deletion, data is purged within 30 days except where longer retention is required by law (e.g., 7-year ATO record-keeping requirements).

10. Your Rights Under the Privacy Act 1988

Under the Australian Privacy Principles, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate, incomplete, or outdated information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Export: Export your quotes, invoices, client data, and payroll records in standard formats
• Restrict processing: Request that we limit how we use your data
• Complaint: Lodge a complaint with us or directly with the OAIC

To exercise any of these rights, contact privacy@talk2quote.com.au. We will respond within 30 days.

11. Cookies and App Analytics

We use essential cookies for authentication and session management. We may use analytics to understand how users interact with the Service, including feature usage patterns and performance metrics. We do not use advertising cookies or tracking pixels. We do not sell your data to advertisers or use it for targeted advertising.

12. Children’s Privacy

The Service is intended for business use by adults aged 18 and over. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

13. Data Breach Notification

In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme, we will:

• Assess the breach and its likely impact within 72 hours
• Notify the Office of the Australian Information Commissioner (OAIC) as required
• Notify affected individuals with clear information about what data was involved, what happened, and recommended actions
• Take immediate steps to contain the breach and prevent further unauthorised access
• Conduct a post-incident review and implement preventive measures

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email and in-app notification at least 14 days before taking effect. Continued use of the Service after changes constitutes acceptance of the updated policy. The “Last updated” date at the bottom of this page indicates when the policy was last revised.

15. Contact and Complaints

For privacy-related enquiries, to exercise your rights, or to make a complaint:

• Privacy Officer: privacy@talk2quote.com.au
• General support: support@talk2quote.com.au
• Legal enquiries: legal@talk2quote.com.au

We aim to resolve all complaints within 30 days. If you are not satisfied with our response, you can lodge a complaint with:

• Office of the Australian Information Commissioner (OAIC)
• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001