PRIVACY POLICY

Last updated: 25 April 2026

1. About this Policy

This is the Privacy Policy of My AI Sidekick (ABN 74 392 276 062), operated by Amanda Joy Coldwell ("My AI Sidekick", "we", "us", "our"). The terms "you" and "your" refer to anyone whose personal information we collect, including website visitors, prospects, paying clients, and individuals who interact with the AI systems we configure for our clients.

My AI Sidekick respects your privacy and is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains what personal information we collect, how we use and disclose it, how we keep it secure, and how you can access, correct, or complain about how we handle it.

A copy of the Australian Privacy Principles is available from the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

We may update this policy from time to time. The current version will always be available at myaisidekick.com.au/privacy-policy, and the date will be updated when material changes are made. We encourage you to review this policy periodically.

2. What We Do

My AI Sidekick designs, configures, and supports AI-powered business automation systems for small businesses — primarily Australian trade and service operators. Our systems are built on the GoHighLevel platform and may include AI phone answering, AI chat agents, automated lead capture and follow-up, customer relationship management (CRM) tools, online booking, online payments, and reputation management.

When you engage us as a client, we act as the operator and configurator of your business systems. When customers of our clients interact with those systems (for example, by phoning a number answered by an AI receptionist), we are processing their information on behalf of our client. In that arrangement, our client remains the entity responsible for their own customer relationships and is required to provide their own privacy notice to their customers.

3. Information We Collect

The personal information we collect depends on how you interact with us.

3.1 From website visitors and prospects

When you visit myaisidekick.com.au, contact us, book a discovery call, complete a form, or download a resource, we may collect:

name, business name, email address, phone number, and postcode or service area;
the content of your enquiry, the services you are interested in, and the size and type of your business;
IP address, device and browser information, pages visited, referring sites, and similar usage data;
responses to surveys, audits, or quizzes hosted on our website.

3.2 From paying clients

If you become a client, we will additionally collect:

billing details, including ABN/ACN and bank or card information processed via a third-party payment processor (for example, Stripe);
account credentials, login details, and authentication tokens you provide so that we can configure systems on your behalf;
business operating information you share with us during onboarding (for example, opening hours, service area, pricing, FAQs, staff contact details);
ongoing support, configuration, and communication history.

3.3 From end customers of our clients

When we operate AI systems on behalf of a client, those systems may collect personal information from the client's customers and prospective customers. This may include:

name, phone number, email address, and physical address;
voice recordings and transcripts of phone calls handled by AI phone-answering systems;
chat transcripts and form submissions;
booking history, quote requests, and service preferences;
CRM notes, tags, and behavioural data.

We collect and process this information as a service provider on behalf of our client. The client is the data controller for that information and is responsible for the privacy notice and lawful basis for collection it provides to its customers. We process this information only as needed to deliver the contracted services.

3.4 Sensitive information

We do not actively seek out sensitive information (as defined in the Privacy Act, including health information, racial or ethnic origin, political or religious beliefs, sexual orientation, and similar categories). If sensitive information is collected — for example, health-related information that a customer voluntarily shares while booking a service — we will only use or disclose it for the purpose for which it was provided, with consent, or as required or authorised by law.

4. Voice Recording Notice

Phone calls answered by our AI phone-answering systems may be recorded and transcribed for the purposes of delivering the service, training and improving the system, and providing the call record to the business that owns the system.

Where we configure call recording on behalf of a client, we ensure the system provides a clear notice to callers at the start of the call. By continuing the call after that notice, callers consent to being recorded. If a caller does not wish to be recorded, they may end the call and contact the business through another channel.

Recording is conducted in accordance with the Privacy Act 1988 (Cth) and the surveillance and listening-device legislation applicable in the relevant Australian state or territory, including the Invasion of Privacy Act 1971 (Qld).

5. How We Collect Information

We collect personal information:

directly from you when you contact us, complete a form, attend a discovery call, or sign up to our services;
automatically when you use our website or interact with our AI systems (via cookies, pixels, server logs, and similar tracking technologies — see section 10);
from third-party service providers who help us operate our business (for example, calendar booking, payment processing, email and SMS service providers);
from publicly available sources, such as business registries, professional directories, and social media.

Where reasonable and practicable, we collect personal information directly from you.

6. Why We Collect It

We collect, use, and disclose your personal information for purposes including:

responding to your enquiries and providing quotes;
delivering our services, including configuring, operating, and supporting AI systems for clients;
billing, invoicing, and payment processing;
communicating with you about your account, our services, and important changes;
training, validating, and improving our AI systems and processes (see section 7);
protecting against fraud, misuse, security incidents, and legal claims;
sending marketing communications (newsletters, updates, offers) where you have subscribed or otherwise opted in;
meeting our legal, regulatory, and tax obligations.

Where we use your information for marketing, you can unsubscribe at any time using the unsubscribe link in our emails, replying STOP to SMS messages where supported, or by contacting us using the details below.

7. AI Processing and Model Training

Some of our services involve AI models, including third-party large language models (such as those provided by OpenAI, Anthropic, and similar providers) and the AI tools native to the GoHighLevel platform. We may use AI to:

draft and review communications;
transcribe and summarise calls and chats;
generate suggested responses to customer enquiries;
analyse usage data and improve service quality.

We do not knowingly submit identifying personal information of our clients or their customers to third-party public AI models for the purpose of training those models. Where AI is used to deliver a service, we apply controls to limit data exposure, including using providers that offer enterprise data-processing terms and that contractually exclude submitted data from being used to train their general-purpose models.

8. Disclosure to Third Parties

We disclose personal information only when reasonably required to operate our business, with your consent, or as required or authorised by law. Categories of recipients include:

GoHighLevel — the platform on which our services are built. Data is hosted in the United States and other locations operated by HighLevel Inc.;
Payment processors (such as Stripe) for billing and subscription management;
Email and SMS service providers for transactional and marketing communications;
Cloud storage and analytics providers;
Google services (such as Google Workspace, Calendar, and Analytics). Where we use Google APIs, our use and transfer of information received from those APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements;
Meta and other advertising platforms for measurement and remarketing where you have interacted with our content;
Professional advisers (lawyers, accountants, insurers) under confidentiality;
Law enforcement, regulators, and courts where required or authorised by law.

We require all service providers to handle personal information consistently with the Australian Privacy Principles and contractual obligations.

9. Overseas Disclosure

Some of our service providers — including GoHighLevel and certain AI providers — store and process data outside Australia, primarily in the United States. By engaging us or using our services, you acknowledge that your personal information may be transferred to and processed in countries that may have different privacy protections than Australia.

Before disclosing personal information overseas, we take reasonable steps to ensure the recipient is bound by privacy protections substantially similar to the Australian Privacy Principles, or that another exception under APP 8 applies.

10. Cookies and Tracking Technologies

Our website uses cookies, pixels, and similar tracking technologies to:

remember your preferences;
understand how visitors use our website;
measure the effectiveness of our marketing;
provide retargeting and remarketing advertising on third-party platforms.

You can manage cookies through your browser settings. Disabling cookies may affect the functionality of our website.

11. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include:

encryption of data in transit, and at rest where supported by our platforms;
access controls and authentication requirements for any staff and contractors;
secure cloud infrastructure provided by reputable enterprise platforms;
regular review of access permissions and security practices;
contractual obligations with all third-party service providers.

No system is perfectly secure. While we work hard to protect your information, we cannot guarantee absolute security.

12. Data Retention

We keep personal information only for as long as we need it for the purposes described in this policy or as required by law. In general:

we retain client account and billing information for at least 7 years to comply with Australian tax and corporate record-keeping obligations;
we retain marketing contact information until you unsubscribe or request deletion;
voice recordings and transcripts are retained for the period agreed with the client whose system handled the call, after which they are deleted or de-identified;
we delete or de-identify information when it is no longer needed and we are not required by law to keep it.

13. Data Breaches

If we become aware of, or suspect, a data breach that may amount to an eligible data breach as defined in section 26WE of the Privacy Act, we will conduct a reasonable and expeditious assessment within 30 days. Where required, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme.

Any actual or suspected data breach may also be reported by you to us at [email protected], and we will investigate promptly.

14. Your Rights — Access and Correction

Under the Privacy Act, you have the right to:

request access to the personal information we hold about you;
request correction of personal information that is inaccurate, out-of-date, or incomplete;
request deletion of personal information where we are not required to retain it;
ask questions about how your information is being handled;
make a complaint about our handling of your personal information.

To exercise any of these rights, contact our Privacy Officer at [email protected]. We will require you to verify your identity before providing access to ensure information is only released to the correct individual. We may charge a reasonable administrative fee only for the actual cost of providing access; we will tell you in advance if a fee applies.

If we decline a request to access or correct your information, we will provide written reasons within 30 days and explain how you can complain.

15. Complaints

If you have a privacy complaint, please contact our Privacy Officer first at [email protected]. We will acknowledge your complaint and aim to investigate and resolve it within 30 days.

If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner:

Website: www.oaic.gov.au
Phone: 1300 363 992

16. Children

Our services are not directed at children under 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information about a child, please contact us at [email protected] so we can investigate and delete it.

17. Contact Us

For privacy-specific requests — including data access, correction, deletion, and complaints to the Privacy Officer — please use the privacy and account support address below.

My AI Sidekick (ABN 74 392 276 062)
Attention: Privacy Officer

General enquiries: [email protected]
Privacy and account support: [email protected]
Website: myaisidekick.com.au