Reps AI Privacy Policy

Reps AI Pty Ltd ("Reps AI", "we", "our", or "us") respects your privacy and is committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our websites, use our products, or interact with our services. It is written to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy is designed to be clear and comprehensive for Australian users, while accommodating our global operations. If additional rights apply to you under other laws (e.g., EU/UK GDPR), see Appendix A.

1. Who we are and scope

This Privacy Policy applies to personal information collected by Reps AI in connection with the following (collectively, the Services):

• Websites (including https://www.dothereps.ai and related subdomains)
• Software products (including the Reps AI Engine), web applications (e.g., AI Sales Coach/browser extension), and mobile applications
• Integrations with third‑party platforms (e.g., CRM, dialers, analytics, and communications tools)
• Customer support, sales, and marketing activities (including demos, events, and webinars)

This Policy does not apply to personal information we handle solely as a service provider on your documented instructions where you are the APP entity responsible for notices and consents (for example, where you upload or connect your own data sources). In those cases, we handle personal information in accordance with our agreement and your directions.

2. Key definitions (plain‑English)

Personal information:

Information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Sensitive information:

A special category of personal information (e.g., health information, biometric templates for identification, racial or ethnic origin, political opinions) that generally requires your consent to collect/use, unless an exception applies.

Customer, User, Prospect:

For clarity of purposes, we group information we handle into three practical categories:

• Customer Information: Personal information contained in data we host or process on behalf of our business customers as part of the Services (e.g., call recordings and transcripts, CRM records, chat logs, files and metadata).
• User Information: Personal information about users who access the Services on behalf of a Customer (e.g., account admins, end users, billing contacts, authorised signatories).
• Prospect & Website Information: Personal information relating to visitors to our sites, webinar attendees, trial sign‑ups, and other prospective customers/partners.

3. What we collect

We collect personal information reasonably necessary for our functions and activities. The information we collect depends on how you interact with us:

3.1 Information you provide to us

• Account details (name, email, password, company, role)
• Contact details (phone, address)
• Support and feedback (tickets, emails, chat transcripts)
• Billing and payments (billing contact and transaction details; actual card/bank data is handled by our PCI‑compliant payment processor)
• Content you upload or connect (CRM records, contact lists, notes, messages, recordings)
• Consents and preferences (marketing preferences, cookie choices)

3.2 Information we collect automatically when you use the Services

• Service telemetry (usage events, device/browser type, IP address, timestamps)
• Cookies, SDKs and similar technologies for session management, analytics, and feature performance
• Product artefacts generated by the Services (e.g., call recordings and transcripts, AI interaction logs, models' inputs/outputs, summaries, and analytics dashboards)

3.3 Information from third‑party sources you connect

Integrations you authorise (e.g., CRM, dialer/telephony, calendar, email, messaging, storage, analytics). We receive the minimum data necessary to provide the integration and the features you enable.

3.4 Sensitive information

We do not intentionally collect sensitive information unless it is reasonably necessary for our functions and you have provided consent or another APP exception applies (for example, recorded voice where used for analytics is generally not a biometric template unless used for identification). Do not include health or other sensitive information in uploads unless necessary for your use case and you have lawful grounds to do so.

4. How we use personal information (purposes)

We use personal information (and de‑identified data) for purposes including:

• Providing, operating, and securing the Services (authentication, user management, service delivery, fraud and abuse prevention)
• Recording, transcribing and analysing communications you or your organisation choose to capture (e.g., calls, meetings, messages) and surfacing insights, coaching suggestions, and performance analytics
• Configuration and integrations you enable (e.g., syncing CRM fields, associating records with calls)
• Customer support (issue diagnosis, incident response)
• Improvement of the Services (quality assurance, testing, troubleshooting, developing new features, and training our systems); see Section 5 for controls
• Business operations (billing, audits, compliance, reporting)
• Communications (service notices, product updates, security alerts; and—with your consent/where permitted—marketing communications with easy opt‑out)
• Legal and compliance (including responding to lawful requests and enforcing our agreements)

We collect, use, and disclose personal information as permitted by the APPs. Where the APPs require consent (e.g., for certain sensitive information or direct marketing), we will seek it and provide opt‑out mechanisms.

5. Your controls and choices

Access & correction:

You can access and correct certain personal information via your account or by contacting us (see Section 15). We respond within a reasonable period and may require verification.

Deletion:

You may request deletion of personal information we hold about you where the APPs permit. Where we act on a Customer's instructions, we will refer the request to the relevant Customer administrator.

Opt‑out of marketing:

You can unsubscribe at any time using the link in the email or by contacting us. We honour APP 7 requirements and the Spam Act 2003.

Cookie controls:

Manage cookies via in‑product settings (where available) and your browser/device. Some cookies are required for core functionality.

Recording consent:

Recording/monitoring features must be used in accordance with applicable laws and your organisation's policies. We provide in‑product tools to help manage consent where relevant to your jurisdiction.

6. Cookies and analytics

We use first‑party and third‑party cookies and similar technologies to operate the Services, remember preferences, measure performance, and understand usage. You can adjust your browser settings to refuse some cookies; however, certain features may not function properly without them. See also Section 5 (Cookie controls).

7. Disclosure of personal information

We may disclose personal information to:

• Service providers and sub‑processors assisting us to deliver the Services (e.g., cloud hosting, data storage, AI infrastructure, analytics, customer support, payments, email and SMS providers)
• Integration partners you choose to connect (e.g., CRM, dialer/telephony)
• Professional advisers (lawyers, auditors, insurers) under confidentiality obligations
• Related bodies corporate (if any) for legitimate business purposes consistent with this Policy
• Authorities when required or authorised by Australian law (e.g., to comply with a court order or law‑enforcement request)

We do not sell personal information.

8. Cross‑border disclosure (APP 8)

We may disclose personal information to recipients located outside Australia (for example, where our cloud, communications or AI providers host or process data). Before doing so, we take reasonable steps to ensure the overseas recipient will handle the information in accordance with the APPs, and we remain accountable for their acts or practices in relation to your information (subject to the exceptions in the Privacy Act). Likely overseas locations may include the United States, European Union/United Kingdom, and Singapore.

9. Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit and at rest (where supported), access controls, audit logging, network segregation, and staff training. No method is 100% secure; if we become aware of a data breach likely to cause serious harm, we will assess and notify in accordance with Section 12 (NDB scheme).

10. Data retention and deletion

We retain personal information for as long as reasonably necessary for the purposes described in this Policy (including legal, accounting, and reporting requirements), and then take reasonable steps to destroy or de‑identify it. Retention and deletion of Customer Information may be configurable by Customer administrators and is also governed by our agreements with Customers. Artefacts placed in long‑term libraries by a Customer may be retained subject to the Customer's settings.

11. Anonymity and pseudonymity (APP 2)

Where practicable, you may interact with us anonymously or using a pseudonym (for example, when browsing public pages). If we cannot provide requested services without identifying you, we will explain why.

12. Notifiable Data Breaches (NDB) scheme

We assess suspected data breaches and, where an eligible data breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required. We maintain a data breach response plan covering assessment, containment, and notification.

13. Direct marketing (APP 7)

We only use or disclose personal information for direct marketing where permitted by the APPs (for example, where you would reasonably expect it and a simple opt‑out is provided). We do not use sensitive information for direct marketing without your consent.

14. Government‑related identifiers (APP 9)

We do not adopt, use, or disclose government‑related identifiers (e.g., Medicare, TFN) as our own unless permitted by law.

15. Access, correction, and complaints

Access & correction requests:

Contact us using the details below. We will respond within a reasonable period. If we refuse a request (e.g., where a permitted exception applies), we will provide reasons and information on how to complain.

Complaints:

If you have a privacy complaint, contact us first. We will investigate and respond. If you are not satisfied, you may contact the OAIC (see Appendix B for contact details).

Contact our Privacy Officer:

Email: privacy@dothereps.ai

16. Children

The Services are intended for professional/business use and are not directed to children. If you believe a child's personal information has been provided to us without appropriate consent, contact us and we will take steps to delete it where required by law.

17. Changes to this Policy

We may update this Policy from time to time. The updated version will be posted on our website with a new "Last updated" date. If changes are material, we will take reasonable steps to notify you.

18. Product‑specific notes (recordings & AI features)

Recording consent and notifications:

Where you enable call or meeting recording/transcription, you are responsible for ensuring all participants are lawfully notified and any required consent is obtained. We provide configuration options to support consent management (where available).

AI model providers:

We may use reputable third‑party AI infrastructure (e.g., model hosting or processing) to provide features such as transcription, summarisation, and coaching insights. These providers act as our service providers and may process your data solely to deliver the features you enable, under confidentiality and security obligations.

Model improvement:

We do not use Customer Information to train third‑party foundation models. We may use de‑identified and aggregated data to improve our Services (e.g., accuracy, performance), unless your organisation has disabled such use or our agreement states otherwise.

Appendix A – International addendum (EU/UK where applicable)

If you are located in the EU/UK, additional rights may apply under GDPR/UK GDPR, including rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority. Where we transfer personal data outside the EU/UK, we rely on appropriate transfer mechanisms (e.g., standard contractual clauses) in addition to the APP 8 steps described above. Where we act as a processor/service provider for a Customer, that Customer is generally the controller under applicable laws.

Appendix B – OAIC contact details

Office of the Australian Information Commissioner (OAIC)

• Website: https://www.oaic.gov.au
• Phone: 1300 363 992
• Address: GPO Box 5218 Sydney NSW 2001

Appendix C – Summary of your rights under the APPs (high level)

• To know what personal information is collected and why (APP 1 & 5)
• To access and correct personal information (APP 12 & 13)
• To opt out of direct marketing (APP 7)
• To expect reasonable steps for security and cross‑border disclosures (APP 11 & 8)
• To complain and have your complaint handled fairly

If you need this Policy in a different format (accessible PDF or large print), contact privacy@dothereps.ai.