Privacy Policy

Last updated: 9 February 2026

1. About This Policy

This Privacy Policy explains how C.T. Agency (ABN 48 077 292 249) (“we”, “us”, “our”) collects, holds, uses, and discloses your personal information when you use Emma, our AI-powered virtual receptionist service, and related websites, applications, and services (collectively, the “Service”).

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy applies to all users of our Service, including business clients (“Clients”) and individuals who interact with Emma via phone calls (“Callers”).

2. What Personal Information We Collect

The types of personal information we may collect depend on how you interact with us:

Account Information (Clients)

  • Full name, email address, and phone number
  • Business name, industry, and address
  • Login credentials (passwords are encrypted and never stored in plain text)

Call Data

  • Audio recordings of phone calls handled by Emma
  • Transcripts generated from those recordings
  • Caller phone number (caller ID), call duration, and timestamps
  • Call summaries and action items identified by the AI

Appointment and Calendar Data

  • Appointment details (date, time, customer name, reason for visit)
  • Google Calendar data accessed via our integration, if connected

Payment Information

  • Payment details are processed securely by our third-party payment processor, Stripe. We do not store your full credit card number, CVV, or other sensitive payment data on our servers.
  • We may retain billing records such as invoice amounts and payment dates.

Usage and Technical Data

  • IP address, browser type, operating system, and device information
  • Pages visited, features used, and interaction patterns
  • Cookies and similar tracking technologies (see Section 10)

3. How We Collect Information

We collect personal information in the following ways:

  • Directly from you — when you register an account, update your settings, contact us, or submit information through our website.
  • Automatically via the Service — when Emma handles phone calls on your behalf, including recording and transcribing those calls.
  • From third-party services — from integrated services such as Vapi (voice AI processing), Google Calendar, and Stripe.

4. Why We Collect It (Purposes)

We collect and use your personal information for the following purposes:

  • To provide, operate, and improve the Emma Service
  • To process and manage appointments booked through Emma
  • To process payments and manage your subscription
  • To communicate with you about your account, service updates, and support
  • To analyse usage patterns and improve our AI and service quality
  • To comply with legal obligations, including telecommunications regulations
  • To protect against fraud, abuse, and security threats

5. Disclosure to Third Parties

We may share your personal information with the following third-party service providers who assist us in delivering the Service:

  • Vapi — voice AI processing and call recording (United States)
  • Deepgram — speech-to-text transcription, accessed via Vapi (United States)
  • Google — calendar integration for appointment scheduling (United States)
  • Stripe — secure payment processing (United States)
  • Vercel — website and application hosting (United States)

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

6. Cross-Border Data Transfers

As outlined above, some of our third-party service providers are located in the United States. This means your personal information may be transferred to, stored, and processed in the US. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient complies with the Australian Privacy Principles, or that you consent to the transfer, or that the transfer is otherwise permitted under the Privacy Act.

7. Data Security

We take the security of your personal information seriously and implement reasonable technical and organisational measures to protect it from misuse, interference, loss, unauthorised access, modification, and disclosure. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and role-based permissions
  • Secure authentication with hashed passwords
  • Regular review of our security practices

While we strive to protect your personal information, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When your account is terminated:

  • Call recordings and transcripts are retained for a reasonable period (typically 90 days) before being permanently deleted, unless a longer retention period is required by law.
  • Account information is deleted or de-identified within a reasonable timeframe after account closure.
  • Payment records may be retained for up to 7 years to comply with Australian tax and financial reporting obligations.

9. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you. You may request a copy of your information by contacting us.
  • Correction of any personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
  • Complain if you believe we have breached your privacy. We will investigate and respond to your complaint in accordance with our Complaints Policy.

If you are not satisfied with our response to a complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

10. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to enhance your experience, analyse usage patterns, and improve our Service. Cookies are small text files stored on your device. You can manage your cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain features.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or want to make a complaint, please contact us: