ZoeyAI← Back to home

Legal

Privacy Policy

Last updated: April 2026

ZoeyAI Pty Ltd (“ZoeyAI”, “we”, “us”, or “our”) operates the ZoeyAI platform at https://www.zoeyai.com.au. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our services. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using ZoeyAI, you agree to the practices described in this policy. If you are a business customer, this policy also applies to personal information collected through your deployed chat widget on behalf of your end users.

1. Information We Collect

Account & Billing Information

  • Name and email address (when you sign up)
  • Company name and contact details
  • Billing information processed securely by Stripe (we do not store card numbers)
  • OAuth profile data if you sign in with Google (name, email, avatar)

Chat & Lead Data (via your widget)

  • Conversation transcripts between your website visitors and the AI
  • Lead information submitted by visitors (name, phone, email, and custom fields you configure)
  • Visitor IP addresses (for rate limiting — not stored long-term)
  • Page URLs where conversations occur

Usage & Technical Data

  • Browser type, device type, and operating system
  • Log data including API request timestamps and error events
  • Feature usage patterns within the admin dashboard

2. How We Use Your Information

  • Providing the service: Processing conversations, storing leads, and powering the admin dashboard.
  • AI processing: Conversation transcripts are sent to Anthropic's Claude API to generate responses. Anthropic does not use your data to train models (see Anthropic's privacy policy).
  • Email notifications: Sending lead alerts and weekly digest reports to email addresses you configure.
  • Billing: Processing payments, managing subscriptions, and enforcing plan limits.
  • Security & fraud prevention: Monitoring for abuse, rate limiting, and protecting platform integrity.
  • Product improvement: Analysing aggregate usage patterns to improve features. We do not sell your data.
  • Legal compliance: Complying with applicable laws and responding to lawful requests.

3. Data Sharing & Third Parties

We do not sell your personal information. We share data only with the following trusted service providers who process data on our behalf:

ProviderPurposeData sent
Anthropic (Claude API)AI response generationConversation messages
SupabaseDatabase & authenticationAll platform data
StripePayment processingBilling details only
ResendTransactional emailEmail address, lead details
VercelHosting & CDNRequest logs
SentryError trackingAnonymised error events

All providers are bound by data processing agreements and are required to protect your data. Some providers (including Anthropic and Vercel) may store data in the United States. By using ZoeyAI, you consent to this cross-border transfer.

4. Data Retention

  • Conversations & messages: Retained for the life of your account. Archived conversations are automatically deleted after 90 days of archival.
  • Lead information: Retained until you delete it or close your account.
  • Notifications: Read notifications are automatically purged after 30 days.
  • Audit logs: Retained for 180 days.
  • Account data: Retained until account deletion. Upon closure we delete your data within 30 days, except where legally required to retain it.

5. Cookies

We use the following cookies:

  • Essential cookies: Required for authentication and session management (Supabase session cookies). Cannot be disabled.
  • Analytics cookies: Used to understand how users interact with the dashboard (if you accept analytics). These are first-party only and not shared with advertisers.

You can manage cookie preferences via the banner shown on first visit or by clearing your browser cookies.

6. Your Rights

Under the Australian Privacy Act and applicable laws, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or outdated information
  • Request deletion of your account and associated data
  • Opt out of marketing communications
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, email us at privacy@zoeyai.com.au. We respond to all requests within 30 days.

7. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest (via Supabase), row-level security policies, and regular security audits. However, no method of transmission over the internet is 100% secure.

8. Children's Privacy

ZoeyAI is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. We will notify account holders of material changes via email at least 14 days before they take effect. Continued use of ZoeyAI after the effective date constitutes acceptance.

10. Contact Us

For privacy questions, access requests, or complaints:

ZoeyAI Pty Ltd

ABN: 20 643 625 003

Email: privacy@zoeyai.com.au

Website: https://www.zoeyai.com.au

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).