PRIVACY POLICY

This is the privacy policy of Sophiie AI Pty Ltd ACN 679 849 453 (Sophiie AI) and our related entities.

In this document, the expressions “we”, “us” and “our” are a reference to Sophiie AI. The term “you” and “your” refers to the party who this policy will relate to, the website user or reader of this document.

The purpose of this policy is to clearly express an up-to-date policy about our management of information.

Your Rights in Relation to Privacy

Sophiie AI understands the importance of protecting the privacy of an individual’s personal information and adopts the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Act).

This Privacy Policy sets out how we collect, use and disclose information about you, how we aim to protect the privacy of your personal information and your rights in relation to your personal information.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, sending you a direct notification from time to time. Any changes to our Privacy Policy will be published on our website. We encourage you to regularly review this Privacy Policy to stay informed about how we manage your personal information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

Kinds of Personal Information

During the provision of our services or through your use of our website and AI systems, Sophiie AI may collect your personal information. Personal information is information or an opinion about an identified, or reasonably identifiable, individual, whether or not the information or opinion is true and whether or not it is recorded in a material form. This includes information generated, collected, or inferred through your interactions with our AI systems.

If you’re a client (or potential client), it is highly likely that you will share, or we will collect, some personal information. This includes, but is not limited to:

contact details such as your name, business or personal addresses, email addresses, phone and fax numbers;
your employment or professional details;
details of your company’s ABN and/or ACN;
financial information including bank account and credit card details;
usage data and interaction patterns with our AI systems;
feedback and responses provided to our AI systems;
voice recordings and transcripts from voice interactions;
behavioural patterns and preferences derived from your service usage; and
technical data such as API keys, authentication tokens, and system logs.

Sensitive Information
Sensitive information is defined in the Act to include information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
We don’t usually collect sensitive personal information like marital status, religion or sexual orientation. If Sophiie AI does collect sensitive information, we will only use and disclose it for the following purposes:

for the primary purpose for which it was obtained;
for a secondary purpose that is directly related to the primary purpose;
with your consent; or
where required or authorised by law.

Please notify us as soon as you can of any changes to the information provided to us or if you are aware of any inaccurate, out of date, misleading or false information.

Collection of Personal Information

Generally, Sophiie AI will collect your personal information through:

direct contact with you, whether in person or over the phone, email, or mail;
the completion of online contact forms or booking forms on our website; or
information services providers, including social media, or publicly available information.

When you use our website, the following information may be logged for statistical purposes and for the purposes of marketing and advertising to you:

the date and time of your visit to our website;
your IP address;
pages that you accessed and documents downloaded; and
the type of browser you were using.

Sophiie AI may collect information about you through your use of our services, which includes data and metadata obtained from calls made to or from our systems. This information helps us improve service quality, enhance user experience, and ensure the effective management of our communications.

We also automatically collect certain information about your interaction with our website (Usage Data). To do this, we may use cookies, pixels and similar technologies (Tracking Technologies). Usage Data may include information about how you access and use our website and your account (if applicable), including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services. You can manage your preferences regarding these Tracking Technologies through your browser settings.

Purpose of Collection

Sophiie AI may need your personal information for the following reasons, including AI-related purposes:

to respond to your enquiries or consultation request via our website;
so that we or our related entities can provide you with goods or services;
for accounting, billing and other internal administrative purposes;
to add you to our mailing list where you have subscribed to our newsletter; or
any other legal requirements;
to train, improve and validate our AI models and algorithms;
to personalise and enhance your experience with our services;
to develop new AI features and capabilities;
to detect and prevent fraud, security incidents, and abuse of our services;
to conduct research and development activities; and
to comply with relevant AI and automated decision-making regulations.

Sophiie AI may also use and disclose your personal information in order to inform you of products and/or services that may be of interest to you. In the event you do not wish to receive such communications, you may, at any time, request not to receive direct marketing communications from us or use any opt-out mechanism provided.

Disclosure of Personal Information

Generally, Sophiie AI and associated entities will only disclose your personal information for the purpose of providing goods or services. This may include disclosing your personal information to third parties engaged to perform administrative or other business management services, such as third party billing services, cloud storage providers, data analytics services, or other essential business services. All such disclosures are made on a confidential basis under appropriate data protection agreements and in accordance with applicable law.

Sophiie AI may also disclose your personal information with your consent or if disclosure is required or authorised by law.

Third Parties
Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information about you from third parties, such as:

service providers who assist us in operating our business;
business partners with whom we collaborate;
professional advisers or consultants; or
publicly available sources.

In such cases, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. This may include notifying you at the time of collection, in our privacy communications, or through other appropriate means. Where required by law, we will seek your consent before collecting information about you from third parties.
Overseas Disclosure

We will not disclose your personal information outside Australia unless:

you expressly consent;
the disclosure is required by law; or
the disclosure is to service providers who are subject to privacy protections substantially similar to the Australian Privacy Principles and privacy law.

Before disclosing any personal information to an overseas recipient, Sophiie AI will take reasonable steps to ensure that the overseas recipient complies with a similar privacy scheme, but cannot guarantee or make any warranties that they will.

Security of Your Personal Information

We will always do our best to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. We implement industry-standard security measures including encryption, access controls, secure cloud infrastructure, regular security audits, penetration testing, and employee security training. We use multi-factor authentication, advanced threat detection systems, and maintain alignment with ISO 27001 compliance standards. For our AI systems, we apply additional safeguards including data anonymisation, access logging, and model-specific security controls to further protect your information.

Sophiie AI will typically hold your personal information electronically, but when it absolutely can’t be avoided, we may from time to time hold your information in paper form also.

Sophiie AI will securely destroy or de-identify your personal information when it is no longer required for any legitimate business purpose or legal obligation. Generally, we retain personal information for a minimum of 7 years where required by Australian tax and corporate laws. We will notify you if we need to retain your information for longer periods due to specific legal, business, or technical requirements. When your personal information is no longer needed, we will take reasonable steps to securely destroy or permanently de-identify it.
The method of destruction or de-identification will depend on the nature of the information and how it is stored. Methods may include secure shredding of physical documents and permanent deletion of electronic records from our systems with appropriate technical safeguards to prevent unauthorised access during this process.
Data breaches

All staff are responsible for protecting the confidentiality of client information and business information. Any actual or suspected data breaches must be immediately reported to our designated Privacy Officer and Data Protection team through our incident response system. This enables us to comply with our obligations under the Notifiable Data Breaches scheme and take prompt remedial action.

What is an eligible data breach?

An eligible data breach, defined in s 26WE(2) of the Act, is when:

both of the following conditions are satisfied:
there is unauthorised access to, or unauthorised disclosure of, the information;
a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
the information is lost in circumstances where:
unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

If there is a suspicion of a breach

If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within thirty (30) days.

If we believe or have reasonable grounds to believe there has been a breach, then a statement will be prepared setting out:

the business’s details;
a description of the breach;
the kind or kinds of information concerned; and
recommendations about the steps that we will take in response to it.

If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.

Any eligible data breach notification will be submitted to the OAIC in accordance with the Notifiable Data Breaches scheme under the Act.

Exception to reporting

Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.

Disclosure

Sophiie AI’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. For more information about these requirements, please visit https://developers.google.com/terms/api-services-user-data-policy.

Maintaining the Quality of Your Personal Information
It is important to us that your personal information is accurate, complete, and up-to-date. We take reasonable steps to ensure the personal information we collect, use, or disclose is accurate, complete, and current.
We encourage you to help us maintain the accuracy of your personal information by:

notifying us promptly of any changes to your personal details (such as address, phone number, or email);
informing us if you notice any errors or inaccuracies in the information we hold about you; and
responding to our requests for verification of information

When you notify us of changes or inaccuracies, we will promptly update our records. If we identify inaccuracies through our own processes, we will take reasonable steps to correct the information. Where appropriate, we may contact you to verify the changes before updating our records.
How You May Access Your Personal Information

Under the Act, you have a right to access and seek correction of your personal information that is collected and held by Sophiie AI.

If at any time you would like to access or correct the personal information that Sophiie AI holds about you, please contact our privacy officer at support@sophiie.ai.

To obtain access to your personal information:

you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
you will need to be reasonably specific about the information you require; and
Sophiie AI will not charge you any fee for making an access request. We may charge a reasonable administration fee only for the actual cost of providing access to your information, and we will notify you in advance of any fee for accessing your personal information.

If Sophiie AI refuses your request to access or correct your personal information, we will provide you with written reasons for the refusal within thirty (30) days, explain how you can make a complaint, and outline other mechanisms available to you under the Act and information about how you can make a complaint about the refusal.

Complaints

Please direct all privacy complaints to our privacy officer. We will take any privacy complaints seriously and deal with them in a prompt and confidential manner.

You will be informed of the outcome of your complaint following completion of the investigation, which will take no more than 30 days. For complaints involving automated systems or AI processing, we will provide meaningful information about the logic involved in the automated decision-making process and its significance for you, in accordance with the Act and any applicable AI-specific regulations. This includes explaining how your personal information is used in automated decision-making, while maintaining appropriate protection of our intellectual property rights and system security.

In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to OAIC. Contact details for the OAIC can be found at www.oaic.gov.au.
For privacy enquiries or complaints, please contact us at:

Sophiie AI Pty Ltd
Email: support@sophiie.ai
Phone: 0451807251

Version control

Policy version: 1.0
Policy date: 27 June 2025