Privacy Policy

This policy explains how GovForms AI Receptionist (“we”, “us”, “our”) handles personal information when you use our website, customer dashboard, embeddable widget, and telephony services.

Last updated: 3 July 2026

1. Who we are

GovForms AI Receptionist is a multi-tenant software service for Australian small businesses. We help businesses build a structured knowledge base from their website and documents, and use artificial intelligence to answer customer enquiries via web chat, browser voice, and phone.

For privacy enquiries, contact us at privacy@govforms.ai.

2. Who this policy applies to

This policy applies to:

  • Business customers who register for an account, configure the service, and manage their knowledge base.
  • End users who interact with a business through our chat widget, voice simulator, or live phone answering service.
  • Website visitors who browse our marketing site.

Each business customer is responsible for informing their own customers how they use AI receptionist services and for collecting any consents required under applicable law.

3. Information we collect

Depending on how you use the service, we may collect:

  • Account information: business name, email address, password (stored using industry-standard hashing), website URL, and account preferences.
  • Business content: website pages we crawl, documents you upload (for example PDF, Word, or text files), and knowledge you add or edit in the dashboard.
  • Conversation data: chat messages, voice transcripts, call metadata (such as caller number, called number, duration), and AI-generated responses.
  • Billing information: subscription status and Stripe customer identifiers. Payment card details are collected and processed by Stripe, not stored on our servers.
  • Technical data: IP address, browser or device type, cookies used for authentication, and service logs needed for security and reliability.

4. How we use information

We use personal information to:

  • provide, operate, and improve the AI receptionist service;
  • crawl websites and process uploaded documents to build and maintain each business knowledge base;
  • generate grounded AI responses using verified business facts, not unconstrained guesswork;
  • provision phone numbers and route live calls when subscribed;
  • process payments and manage subscriptions through Stripe;
  • monitor usage, diagnose errors, prevent abuse, and protect the security of our platform;
  • comply with legal obligations and respond to lawful requests.

We do not sell personal information. We do not use end-user conversation content to train public foundation models.

5. Artificial intelligence and automated processing

Our service uses speech-to-text, large language models, and text-to-speech providers (such as Ollama in development and AWS managed AI services in production) to understand questions and generate responses.

AI responses are grounded in each business structured knowledge ontology. When the system cannot find verified information, it is designed to say so rather than invent facts. Scraped website content is treated as untrusted input and is filtered before being loaded as confident business facts.

You may review, edit, and delete knowledge in your dashboard. User edits take precedence over automatically extracted content.

6. When we disclose information

We may disclose information to:

  • Infrastructure and AI providers that host or process data on our behalf (for example cloud hosting, databases, object storage, speech and language services), under contractual obligations to protect it;
  • Stripe for payment processing;
  • Telephony providers for SIP/DID provisioning and call routing when you use live phone answering;
  • Professional advisers where reasonably necessary;
  • Regulators or law enforcement when required by Australian law or a valid legal process.

Some service providers may process data outside Australia. Where this occurs, we take reasonable steps to ensure overseas recipients handle information in a manner consistent with the Australian Privacy Principles.

7. Storage and security

We store relational account data in PostgreSQL, unstructured crawl and document text in MongoDB, knowledge graphs in a triplestore, uploaded files in object storage, and session authentication data using httpOnly cookies.

We use access controls, tenant isolation (each business can only access its own data), encryption in transit, and industry-standard operational practices. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

8. Retention

We retain information for as long as your account is active and as needed to provide the service, meet legal obligations, resolve disputes, and enforce our agreements.

When you delete your account, we delete or de-identify associated business data within a reasonable period, except where retention is required by law or for legitimate backup and security purposes.

9. Your rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you may have the right to:

  • request access to personal information we hold about you;
  • request correction of inaccurate information;
  • make a complaint if you believe we have mishandled your information.

To exercise these rights, email privacy@govforms.ai. We will respond within a reasonable time.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Cookies

We use essential cookies to keep you signed in to the dashboard. We do not use third-party advertising cookies on the customer application. Our marketing site may use basic analytics in future; if we introduce non-essential cookies, we will update this policy and provide appropriate notice.

11. Children

Our service is intended for businesses and is not directed at children under 16. We do not knowingly collect personal information from children.

12. Changes to this policy

We may update this policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may also be communicated by email or in-product notice where appropriate.

13. Contact

Questions about this policy: privacy@govforms.ai. See also our Terms of Service.