Privacy Policy

We collect personal information necessary to provide and improve our services.

a. Personal Information:

• Full name
• Email address
• Phone number
• Business/company details
• Billing and payment information

b. Usage & Technical Data:

• IP address
• Device and browser information
• Log data and usage behavior within the platform
• Cookies and tracking technologies

c. Customer Data (CRM Data):

As a CRM provider, we process and store data that you upload, including:

• Customer names and contact details
• Communication history (SMS, email, notes)
• Sales and interaction records

You are responsible for ensuring that you have the legal right to collect and use your customers' data.

We use collected data to:

• Provide, operate, and maintain our services
• Process transactions and manage accounts
• Send service-related communications
• Improve platform performance and user experience
• Comply with legal and regulatory obligations

By using Sydney CRM Solutions, you consent to receive communications via SMS and email, including account-related notifications, security alerts, service updates, and customer support responses. You can opt out of non-essential communications at any time.

We ensure consent is obtained before sending marketing messages, easy opt-out/unsubscribe options are provided, and compliance with applicable anti-spam laws including the Spam Act 2003.

We use cookies and similar technologies to enhance user experience, analyze traffic and usage patterns, and improve platform functionality.

a. Categories of cookies we use:

• Strictly necessary cookies — required for the site and platform to function (login, security, session continuity). These cannot be disabled.
• Analytics cookies — help us understand how visitors use our site so we can improve it.
• Functional cookies — remember preferences and settings.
• Marketing cookies — only set with your consent, used to measure the performance of advertising and remarketing.

b. Your choices and consent:

Where required by Australian Privacy Principles or applicable law, we request your consent before setting non-essential cookies via a cookie consent banner on first visit. You can change your preferences at any time through the cookie settings link in the website footer or by clearing your browser cookies. You can also block or delete cookies directly through your browser settings, although doing so may affect site functionality.

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption (data in transit and at rest)
• Secure cloud infrastructure
• Role-based access controls
• Regular security monitoring and updates

Despite our efforts, no system is completely secure. Users are responsible for maintaining the confidentiality of their login credentials.

We are committed to handling personal information securely and to complying with our obligations under the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

• Promptly contain the breach and conduct an assessment within 30 days, as required by the NDB scheme
• Notify the Office of the Australian Information Commissioner (OAIC)
• Notify affected individuals as soon as practicable, with a description of the breach, the kinds of information involved, and the steps they can take to protect themselves
• Where direct notification is not practicable, publish a notice on our website and take reasonable steps to publicise it

If you believe your data has been compromised, please contact us immediately using the details in Section 14.

We do not sell or rent personal information. We may disclose information only:

• To trusted service providers under contractual confidentiality and data protection obligations
• Where required by law, regulation, or a lawful request from a regulatory authority
• To protect our legal rights or to prevent fraud, abuse, or security threats
• With your consent or at your direction (for example, when you connect a third-party integration to your account)

Key data processors we use:

We engage the following categories of providers to operate the Service. These providers process personal information only on our instructions and under appropriate contractual safeguards:

• CRM platform infrastructure — hosts the core CRM, automations, calendar, and unified inbox
• Stripe — payment processing and billing
• Twilio — SMS delivery, voice routing, and missed-call text-back
• Mailgun — transactional and marketing email delivery
• Cloud hosting and analytics providers — site hosting, performance monitoring, and aggregated usage analytics

This list is current as at the effective date above and may change from time to time as we improve the Service. We will keep this Privacy Policy up to date with material changes to our key processors.

Where personal information is transferred outside Australia, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, in accordance with APP 8 (cross-border disclosure).

We retain personal information only for as long as necessary for the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes and enforce our agreements. Specific retention periods are:

• Account and Customer Data — retained while your account is active and deleted within 30 days of account termination, unless retention is required by law or you have requested an export
• Billing, invoicing, and tax records — retained for 7 years after the relevant transaction, in accordance with Australian Taxation Office (ATO) record-keeping requirements
• Communication logs (SMS, email, call metadata) — retained for up to 2 years from the date of communication, unless required for an active dispute, investigation, or legal hold
• Website analytics and server logs — retained for up to 24 months in identifiable form before being aggregated or deleted
• Marketing contact data — retained until you unsubscribe or request deletion, after which we keep a minimal suppression record to honour your opt-out
• Backups — backup copies may persist for up to 90 days after deletion before being purged in line with our standard backup cycle

You may request deletion of your data at any time, subject to the legal retention obligations above. After the relevant retention period, we will either delete or de-identify the information.

Under the Australian Privacy Principles, you have the right to:

• Access personal information we hold about you
• Request corrections to inaccurate or outdated data
• Request deletion (where legally permitted)
• Make a complaint about how your data is handled

Requests can be made via the contact details below.

Our platform may integrate with third-party services (e.g., payment processors, email/SMS gateways). These providers have their own privacy policies, and we encourage you to review them. We are not responsible for third-party practices.

Parts of the Service use artificial intelligence (AI) to draft replies, classify enquiries, route conversations, and assist with bookings and follow-ups. To deliver these features, the relevant message content and associated context may be processed by AI systems we operate or license, including third-party large language model providers.

• AI processing is carried out only to provide and improve the Service for you
• Customer Data submitted to AI features will not be used to train public foundation models without your explicit consent
• We use providers that contractually agree to confidentiality, security, and data-handling obligations consistent with this Privacy Policy
• AI outputs may be inaccurate or incomplete; you remain responsible for reviewing customer-facing communications where appropriate

If you do not want certain interactions to be processed by AI features, you can disable the relevant features in your account settings or contact us for assistance.

The Service is not directed to, intended for, or designed to be used by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us using the details in Section 14 and we will take reasonable steps to delete that information.

We may update this Privacy Policy periodically. Updates will be posted on this page with a revised effective date. Where changes are material, we will take reasonable steps to notify you, for example via email or in-app notice. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

Sydney CRM Solutions Pty Ltd

Email: info@sydneycrmsolutions.com

Phone: +61 489 265 666

You also have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been breached. The OAIC can be contacted at www.oaic.gov.au or on 1300 363 992.