AFCB (trading name of Kamalee Pty Ltd, ABN 481 757 841 29) is committed to protecting your privacy.

Effective date: 1 February 2026
Last updated: 1 February 2026

This Privacy Policy explains how we collect, hold, use and disclose personal information, and how you can access and correct your information or make a complaint, in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1) Who we are

Legal entity: Kamalee Pty Ltd (ABN 481 757 841 29)
Trading name: AFCB
Address: 70 Southbank Boulevard, Southbank VIC 3006, Australia
Email: [email protected]

2) What this policy covers

This policy applies to personal information we handle:

·         via our website(s), forms, surveys and audits

·         when you contact us (phone, SMS, email, social media)

·         when we deliver our services (including AI call answering, outbound follow-ups, and messaging workflows)

When we act for client businesses: In many cases we process personal information on behalf of a business client (for example, when an end-customer calls a cleaning business and an AI answers). The client business decides what is collected and why. We still apply safeguards to the information we handle.

3) The personal information we collect and hold

Depending on how you interact with us, we may collect:

A) If you enquire with us (prospects/partners)

·         name, business name, role

·         phone number, email address

·         messages you send us (and attachments)

·         meeting notes and call summaries

·         your preferences related to our services

B) If you interact with an AI agent we deploy for a client business (end-customers)

This depends on the client’s configuration, and may include:

·         name and contact details (phone/email)

·         address/suburb and service details

·         booking details (date/time), job details, questions and responses

·         conversation history across phone/SMS/email/DMs

·         call recordings, and transcripts/summaries (where enabled)

C) Website and device data

·         IP address, browser type, device identifiers

·         pages visited, time on site, referral sources

·         cookies and similar technologies (see section 6)

We try to avoid collecting sensitive information (e.g., health information). If we receive it, we handle it with additional care and only as permitted by law.

4) How we collect personal information

We collect personal information when you:

·         submit a form, request a quote, or complete an audit

·         call, text, email, or message us

·         interact with an AI agent we operate for a client business

·         visit our website (via cookies/analytics)

·         are referred to us by a partner or a client business (where appropriate)

5) Why we collect, hold, use and disclose personal information

We use personal information to:

·         provide and operate our services (answering enquiries, booking jobs, outbound follow-ups, confirmations)

·         provide support and respond to requests

·         quality assurance, training, troubleshooting and service improvement (including reviewing recordings/transcripts)

·         prevent misuse/fraud and maintain security

·         send service communications (confirmations, updates, reminders)

·         send marketing communications (you can opt out anytime)

·         comply with legal obligations and enforce agreements

These are the core matters a privacy policy must cover under APP 1.4.

6) Cookies, analytics, and tracking

We may use cookies and similar technologies to:

·         keep the site functioning (security, preferences)

·         understand usage and improve performance

·         measure marketing effectiveness

You can control cookies via your browser settings. Disabling cookies may affect site functionality.

7) Call recording and voice AI (inbound + outbound)

All inbound and outbound calls are recorded. Recordings may also be transcribed and summarised where enabled.

·         We use recordings/transcripts to deliver services, support requests, quality assurance, training, dispute handling, and compliance.

·         Where required, we provide notice at the start of a call and obtain consent as appropriate.

·         We do not publish recordings publicly.

Recording and handling of private conversations is regulated, including in Victoria.

Brutal truth: if you record everything but don’t have a clear notice/consent script and a deletion routine, you’re building legal and reputational risk on purpose.

8) Where we store data

We primarily store operational data (including call recordings, transcripts, messages, and related records) in:

·         GoHighLevel (GHL), and

·         Google Drive (for file storage/backups and operational access)

Data may be stored or processed in Australia and/or overseas depending on the infrastructure of these providers and their subcontractors.

9) Payments

If payments are enabled, payment processing is handled through Stripe.

·         We generally do not store full card details.

·         We may store payment status, transaction references, invoices, and reconciliation records for accounting and dispute handling.

10) Who we disclose personal information to

We may disclose personal information to:

·         the client business (where you contacted the client and we provide the AI service)

·         our contractors and service providers who help us operate (communications, hosting, analytics, automation, support)

·         payment providers (if payments are enabled)

·         professional advisers (lawyers/accountants) where necessary

·         regulators, courts, law enforcement where required or authorised by law

·         a buyer/successor in a merger/acquisition/asset sale (with appropriate safeguards)

We do not sell personal information.

11) Overseas disclosures

If we disclose personal information to an overseas recipient (including where our providers or their subcontractors are overseas), we take reasonable steps to ensure they handle the information in a way consistent with the APPs, where required.

12) Security

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Controls may include:

·         role-based access and least-privilege permissions

·         encryption in transit where supported

·         audit logs and monitoring

·         confidentiality obligations for staff/contractors

·         internal procedures for handling recordings and exports

No system is 100% secure. If you believe your information has been compromised, contact us immediately.

13) Data retention (12 months)

We retain call recordings, transcripts, messages, and related records for 12 months from the date of the interaction, unless:

·         a longer period is required by law, or

·         it is reasonably necessary for disputes, enforcement, or ongoing service delivery, or

·         a client business requires a different retention period under its agreement with us.

After the retention period, we take reasonable steps to delete or de-identify the information.

My take on “12 months is fine”: yes — if you can justify it (disputes + training + operational continuity) and you actually delete at 12 months. If you don’t have automated deletion across GHL + Drive, your real retention becomes “forever”, which is sloppy and risky.

14) Accessing and correcting your personal information

You can request access to personal information we hold about you and request corrections if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

Email [email protected] with:

·         your full name

·         what you want access to (or corrected)

·         how you interacted with us (e.g., call date/time, phone number used, or the client business name)

Privacy policies must explain access and correction pathways.

15) Marketing preferences

You can opt out of marketing at any time by:

·         using the unsubscribe link (where provided), or

·         replying “STOP” to SMS (where available), or

·         emailing [email protected]

16) Complaints

To make a privacy complaint, email [email protected] with details and any relevant dates/interactions. We will acknowledge and investigate your complaint and respond within a reasonable timeframe.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner.

17) Updates to this policy

We may update this policy to reflect changes in our practices, technology, or legal requirements. The updated version will be published with a revised “Last updated” date.