Privacy Policy

1. Who we are

PulseForge Pty Ltd is a Melbourne-based Australian AI automation agency. We build AI voice agents, missed-call recovery, lead capture automation, quote follow-up sequences, review collection workflows, CRM setup, AI visibility and digital workflow systems for Australian service businesses.

This Privacy Policy applies to: visitors to our website (pulseforge.com.au), people who request a Revenue Leak Audit, prospective and current clients, and end-customers of clients whose data flows through systems we configure on their behalf.

2. Information we collect

We collect personal information that is reasonably necessary for our business activities. Categories include:

From website visitors and audit requesters

• Name, business name, email, phone number
• Website URL, suburb/city, industry
• Approximate call volume and biggest revenue leak (free text)
• Existing tools / CRM / job software you mention
• Anything you write in the message field
• Technical data: IP address, browser type, device type, pages viewed

From clients during onboarding and service delivery

• Business details (services, pricing, service area, hours, FAQs, after-hours rules)
• Account/login credentials to third-party tools (where you grant access)
• CRM/job software data (contacts, leads, quotes, jobs — depending on integration)
• Approved scripts, brand assets and configuration settings
• Billing details (handled via Stripe or bank transfer — we don't store full card numbers)

From end-customers of clients (data we process on a client's behalf)

• Caller phone number, name, address, suburb, postcode
• Call recordings and AI-generated transcripts
• Enquiry details (service requested, urgency, preferred time)
• SMS and email message content within configured workflows
• Review feedback (private or public, where collected)

When we process end-customer data on behalf of a client, we act as a data processor; the client is the data controller responsible for lawful collection.

3. How we collect it

We collect information in the following ways:

• Directly from you via website forms, email, phone, and onboarding documents
• Automatically via website analytics and server logs
• From integrations you authorise (e.g. ServiceM8, Xero, HubSpot)
• From AI voice and SMS systems we configure for you, which collect data from your end-customers
• From publicly available information (your website, Google Business Profile, social profiles) during audits

4. How we use your information

We use personal information for:

• Service delivery — configuring, running and optimising AI voice, automation, CRM and lead capture systems for you
• Audit work — reviewing your public business information to prepare your Revenue Leak Audit
• Communications — responding to enquiries, sending audit reports, providing updates about your systems, sending invoices
• Improvement — analysing system performance, debugging, monitoring usage trends
• Legal & compliance — meeting our legal obligations, responding to lawful requests, protecting our rights

We do not sell personal information. We do not use end-customer data for marketing outside the workflows configured by their business.

5. When we disclose your information

We disclose personal information only when needed to deliver our services or as required by law. This includes:

• Service providers and sub-processors — including the integration tools and AI infrastructure listed in Section 6 below
• Your authorised third parties — for example, the CRM and job software you ask us to connect
• Legal authorities — when required by Australian law or a valid legal process
• Business transfers — if PulseForge is sold or merged, personal information may transfer to the new owner, subject to the same protections

We do not share personal information with advertising networks or data brokers.

6. Third-party tools we use

We rely on a number of third-party tools to deliver our services. Each tool has its own privacy practices, and data flowing through these tools is subject to their terms. Typical tools include:

• AI voice infrastructure: Vapi, Bland, Twilio
• Automation & workflow: n8n, Zapier (where used)
• CRM & job software: HubSpot, Pipedrive, ServiceM8, Jobber, Simpro, AroFlo, Tradify, GoHighLevel
• Accounting: Xero, MYOB, Stripe
• Messaging: Twilio (SMS), Gmail, Outlook
• Calendar & productivity: Google Workspace, Google Calendar
• Web infrastructure: hosting, CDN, analytics

We can provide a full sub-processor list on request and notify clients of material changes where reasonably possible.

7. AI tools and call/transcript data

AI voice and AI text systems process calls, messages and enquiries to generate transcripts, summaries and follow-up actions. Key points:

• AI systems are configured for intake, FAQs, booking, follow-up and admin support only
• AI does not provide legal, medical, financial, credit, migration or regulated professional advice
• Callers are informed they are speaking with an AI assistant where required by Australian best practice
• Transcripts and recordings may be retained by the underlying AI provider for short periods to deliver and improve the service — see provider terms
• Where supported, we configure providers to minimise data retention and disable training on your data
• Critical or sensitive matters escalate to humans via SMS alert with the caller's details and recording

8. Storage, security and data location

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Measures include:

• Access controls — only authorised PulseForge staff and contractors with a legitimate need can access client data
• Encryption in transit (TLS) for data moving between systems
• Secure password and authentication practices, including multi-factor authentication where supported
• Regular reviews of tool configuration, integrations and access permissions
• Vendor due diligence on critical sub-processors

Data location. The physical location of data depends on the specific tools and integrations selected for your build. Many of our sub-processors are international (typically US-based) and may store data outside Australia. Where Australian-hosted storage is available within a chosen tool, we will configure it where this is practical and within scope.

We do not claim that all customer data is stored in Australia. We document where data is processed for each engagement and can discuss compliance requirements during onboarding.

9. Cookies and analytics

Our website uses cookies and third-party analytics services to understand how visitors interact with the site. Specifically:

• Google Analytics 4 (GA4) — measures aggregate traffic, traffic sources, page views and conversion events (e.g. audit form submissions). IP addresses are anonymised. Google's privacy practices are available at policies.google.com/privacy.
• Microsoft Clarity — records anonymised session replays and aggregated heatmaps so we can see where the site is confusing or broken. Sensitive form fields (name, email, phone) are automatically masked. Microsoft's privacy practices are available at privacy.microsoft.com.

We do not currently use advertising trackers, remarketing pixels or cross-site tracking. If we add advertising scripts in future, we will update this policy and provide opt-out controls where required by law.

You can disable cookies in your browser settings, install browser extensions that block analytics scripts, or use the Google Analytics opt-out add-on. Disabling cookies may affect some site functionality.

10. Retention

We retain personal information for as long as needed to provide our services and meet legal, accounting and tax obligations. Typical retention:

• Audit request data — kept for 24 months unless you ask us to delete it earlier
• Client business data — retained for the duration of our engagement plus 7 years for tax and contract record obligations
• Call recordings and transcripts — retained per client configuration and underlying provider settings, typically 30–365 days
• Marketing communications — until you unsubscribe

11. Your rights — access, correction, deletion

Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or out-of-date information
• Request deletion of your personal information, subject to legal retention obligations
• Withdraw consent for marketing communications at any time
• Make a complaint about how we handle your information

To exercise these rights, email [email protected]. We aim to respond within 30 days. If you are unhappy with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Children's privacy

Our services are not directed at children under 16. We do not knowingly collect information from children. If you believe a child's information has been collected, contact us and we will delete it.

13. Cross-border transfers

Many of our sub-processors are located outside Australia. By using our services, you acknowledge that personal information may be transferred to and processed in countries with different data protection laws. We take reasonable steps to ensure overseas recipients handle your information consistent with the Australian Privacy Principles.

14. Updates to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to active clients and posted on this page with a new "Effective" date. Continued use of our services after an update constitutes acceptance of the revised policy.

15. Contact us

For privacy questions, access requests, corrections, deletions, or complaints:

PulseForge Pty Ltd
Office 4453, Ground Floor
470 St Kilda Road
Melbourne VIC 3004, Australia
Email: [email protected]
ABN 14 698 027 913

This policy does not constitute legal advice. It is provided as a clear summary of our practices. For specific legal questions about Australian privacy obligations, consult a qualified legal professional.