ReplyMate logoReplyMate

ReplyMate Privacy Policy

Effective Date: 26 August 2025
Last Updated: 26 August 2025

1. Who We Are

ReplyMate ("we", "us", "our") provides a missed-call SMS automation service for small business service providers in Australia. We respect your privacy and are committed to protecting personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

We collect different types of personal information depending on how you interact with ReplyMate:

From our customers (small businesses / service providers):

  • Name
  • Business name
  • Phone number
  • Email address
  • Payment details (for billing)
  • Account preferences

From callers (people trying to reach a business):

  • Phone number (automatically captured from call data)
  • Name (if included in your SMS reply)
  • Service/job details (if included in your SMS reply)
  • Call metadata (such as timestamp and duration, where available)
  • SMS response content (the full text of any reply you send)

From website visitors:

  • IP address
  • Browser type
  • Device information
  • Usage data (via cookies and analytics tools)

From waitlist sign-ups:

  • Name
  • Email
  • Phone number
  • Consent preferences (e.g., whether you agree to receive updates from us)

Information is collected through our sign-up form, powered by Tally.so (a European-based form provider).

3. How We Use Personal Information

We use personal information only for the purposes for which it was collected:

  • Connecting callers and our customers — including sending automated SMS replies when a call is missed, forwarding caller details (name, phone number, message) to the relevant business, and facilitating return communication between the caller and the business.
  • Operating ReplyMate — to provide, maintain, and improve the service. This includes maintaining limited records needed for operational continuity (e.g., troubleshooting, delivery confirmation).
  • Customer communications (service providers only): if you join our waitlist or sign up as a customer, we may use your contact details to send you updates, news, or offers with your consent. You can opt out at any time.
  • Website analytics: to understand how people use our website and improve functionality.
  • Compliance and security: to meet legal obligations, prevent misuse, and maintain security.

We do not use caller information (from people trying to reach a business) for marketing or unrelated purposes.

4. Legal Basis for Collection

  • Implied consent when callers initiate contact with a business phone number
  • Legitimate business purpose to facilitate the requested communication
  • Industry-standard practice for missed-call services
  • Reasonable expectations of callers seeking business contact

5. Marketing & Your Choices

  • We only send marketing communications to small business customers and waitlist subscribers who have opted in.
  • Every email or SMS includes a clear unsubscribe or STOP option.
  • STOP requests on SMS are processed immediately for automated flows; manual unsubscribes are completed within 5 business days.
  • You can opt out at any time.

SMS Service Compliance:

  • SMS replies to callers operate on the basis of implied consent (when a caller initiates contact with a business number).
  • All SMS messages clearly identify ReplyMate and the business.
  • STOP instructions are included in each SMS flow, allowing immediate opt-out.
  • We do not use caller SMS information for marketing or unrelated purposes.

6. Disclosure to Third Parties

We may share personal information with trusted service providers:

  • Amazon Web Services (AWS): cloud hosting in Australia (Sydney/Melbourne)… Data processed includes customer and caller information.
  • Twilio: SMS delivery platform… Data processed includes caller and customer phone numbers, SMS message content, and delivery metadata.
  • Analytics providers (e.g., Google Analytics): to measure website traffic and usage patterns.
  • Tally.so: Online form provider used for waitlist sign-ups.

We do not sell or rent personal information to marketers or unrelated third parties.

7. Overseas Data Transfers (APP 8)

Some personal information may be processed or stored outside Australia:

  • AWS: hosted in AU; backups may be stored in other regions.
  • Twilio: AU1 region preferred; some transit may occur internationally.
  • Google Analytics: processed in the United States and other regions.
  • Tally.so: processed in the EU (Belgium).

We take reasonable steps to ensure overseas providers protect data consistently with Australian privacy law (contracts, certifications, AU regions where available, limited retention, compliance monitoring).

8. Security of Information (APP 11)

We take reasonable steps to protect personal information against misuse, interference, and loss, including MFA, encryption, RBAC, timely access revocation, and deletion/anonymisation when no longer needed.

9. Data Retention

  • Caller SMS interactions: deleted within 30 days after the business responds, or within 90 days if no response.
  • STOP requests: suppress further messages immediately.
  • Customer account records: retained for the relationship plus up to 7 years (legal/tax).
  • Payment information: retained for at least 5 years (tax law).
  • Website analytics: aggregated up to 2 years; user-level up to 13 months.
  • Minimal records may be kept for legal/billing/audit.

10. SMS Service Limitations

Delivery depends on carrier/device; international numbers may not always receive SMS; length limits apply; delays can occur; some carriers may block automated or unregistered Sender ID messages.

11. Sender ID in Australia

Each customer is issued a dedicated Twilio number (numeric). Alphanumeric Sender IDs require registration; from 15 Dec 2025, ACMA's national Sender ID Register makes this mandatory (may incur fees).

12. Data Breaches

If a data breach likely to cause serious harm is suspected, we will assess immediately (within 30 days) and, if eligible, notify OAIC and affected individuals as soon as practicable. If direct notification isn't possible, we may publish a statement on our website. We will also contain and remediate the breach.

13. Access & Correction

You may request access/correction via privacy@replymate.com.au. We respond within 30 days; requests are free unless unusually complex. Lawful refusals will include reasons.

14. Complaints

Contact privacy@replymate.com.au. If unresolved, you can contact the OAIC at oaic.gov.au.

15. Customer Privacy Obligations

Many customers may be under the $3m threshold; regardless, ReplyMate operates under full Privacy Act compliance and handles caller info per the APPs.

16. Changes to This Policy

We may update this Privacy Policy; updates will be posted with the effective date.