Privacy Policy

CoreSentia ("we," "our," or "us") is committed to protecting your privacy and the privacy of your customers. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our services.

1. Information We Collect

1.1 Information You Provide

When you sign up for CoreSentia, we collect:

• Business Information: Business name, ABN, contact details, services offered, pricing
• Account Information: Name, email address, phone number, payment details
• Setup Information: Business hours, service area, availability preferences

1.2 Customer Data (Your Customers)

When your customers interact with our AI services, we collect:

• Contact Information: Phone numbers (SMS), names, email addresses (if provided)
• Conversation Data: SMS messages, web chat messages, appointment details
• Appointment Information: Booking times, service requested, notes

1.3 Automatically Collected Information

• Usage Data: Dashboard interactions, login times, feature usage
• Technical Data: IP addresses, browser type, device information
• Cookies: Essential cookies for authentication and session management

2. How We Use Your Information

We use collected information to:

• Provide Services: Operate the AI chat, SMS responses, booking system, and dashboard
• Improve Services: Analyze usage patterns, improve AI accuracy, develop new features
• Communication: Send service updates, support messages, billing notices
• Compliance: Meet legal obligations, prevent fraud, enforce our terms
• Support: Respond to your questions and troubleshoot issues

3. How We Share Your Information

3.1 Service Providers

We share data with trusted third-party providers who help us deliver our services:

• Twilio: SMS messaging infrastructure (USA-based, privacy compliant)
• Anthropic: AI processing (Claude AI, privacy-focused)
• Supabase: Secure database hosting (Australia/Singapore data centers)
• Vercel: Web hosting and infrastructure

All service providers are contractually required to protect your data and use it only for providing services to us.

3.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

3.3 Business Transfers

If CoreSentia is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and subject to a different privacy policy.

3.4 What We Don't Do

• We never sell your data or your customers' data to third parties
• We never use your data for advertising or marketing outside of CoreSentia
• We never share conversation data with other CoreSentia customers

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Limited access to sensitive data, role-based permissions
• Monitoring: Regular security audits and monitoring for suspicious activity
• Backups: Regular encrypted backups for data recovery

While we strive to protect your data, no internet transmission or storage system is 100% secure. You use the service at your own risk.

5. Data Retention

• Active Accounts: We retain data for as long as your account is active
• Closed Accounts: Data retained for 12 months after account closure for legal and support purposes
• Conversation Data: Retained for AI improvement unless you request deletion
• Billing Data: Retained for 7 years as required by Australian tax law

6. Your Rights

Under Australian Privacy Principles (APPs), you have the right to:

• Access: Request a copy of your data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal requirements)
• Portability: Request your data in a portable format
• Objection: Object to processing of your data for certain purposes
• Withdraw Consent: Withdraw consent for data processing (may affect service availability)

To exercise these rights, contact us at info@coresentia.com. We will respond within 30 days.

7. Customer Data (Your Customers' Rights)

You are the data controller for your customers' information. We process this data on your behalf. Your customers can exercise their privacy rights by contacting you directly. You are responsible for responding to their requests and ensuring compliance with privacy laws.

8. Cookies and Tracking

We use cookies for:

• Essential Cookies: Authentication, session management (required)
• Analytics Cookies: Understanding how you use our services (optional)

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

9. Third-Party Links

Our services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. Please review their privacy policies before providing any information.

10. Children's Privacy

CoreSentia is not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

11. International Data Transfers

Some of our service providers (Twilio, Anthropic) are based outside Australia. Data transferred to these providers is protected by contractual safeguards and compliance with international data protection standards (GDPR-equivalent).

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

13. Complaints

If you have concerns about how we handle your data, please contact us first at info@coresentia.com. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

14. Contact Us

For questions or concerns about this Privacy Policy, contact us at:
Email: info@coresentia.com
ABN: 69 267 271 132
Location: Brisbane, Queensland, Australia