BUILURE SERVICES PTY LTD – PRIVACY POLICY

Builure Services Pty Ltd (ABN 43 666 640 900) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you.

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect about you include:

• Identity Data including your name, age, profession and gender.
• Contact Data including your telephone number, address and email.
• Financial Data including bank account and payment card details.
• Background Verification Data including your government-issued identification details requested as part of our onboarding process to comply with our due diligence obligations, anti-money laundering laws and related ongoing monitoring commitments.
• Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
• Technical and Usage Data when you access any of our websites or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies or analytics), and communications with our website.
• Profile Data including your username and password for our platform and support requests you have made.
• Interaction Data including voice recordings and call data, with your consent, and information you provide to us when you participate in any interactive features, including surveys, contests, promotions, activities or events.
• Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
• Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.

Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. In the course of doing business with you, we may collect, or come across such sensitive information.

How we collect personal information

We collect personal information in a variety of ways, including:

• when you provide it directly to us, including when you are using our large language model, face-to-face, over the phone, over email, or online;
• when you complete a form, such as registering for any events or newsletters, or responding to surveys;
• when you use any website we operate (including from any analytics and cookie providers or marketing providers);
• from third parties; or
• from publicly available sources.

Why we collect, hold, use and disclose personal information

Personal information: We collect, hold, use and disclose your personal information for the following purposes:

• where you provide your consent, to train our large language model (this does not apply to Meta Platform Data, which is never used to train any model — see “Meta Platform Data” below);
• to enable you to access and use our platform, including to provide you with a login;
• to assess whether to take you on as a new client, including to perform anti-money laundering, anti-terrorism, sanction screening, fraud and other background checks on you;
• to do business with you;
• to contact and communicate with you about our business;
• for internal record keeping, administrative, invoicing and billing purposes;
• for analytics, market research and business development;
• for advertising and marketing (Meta Platform Data is excluded from this purpose — see “Meta Platform Data” below);
• to run promotions, competitions and/or offer additional benefits to you;
• to comply with our legal obligations.

Sensitive information: We only collect, hold, use and disclose sensitive information for purposes you consent to, or as required by law.

Meta Platform Data

Where our clients connect their Meta business assets (Facebook Pages, Instagram professional accounts, or WhatsApp Business numbers) to FrontDesk through Facebook Login for Business, we receive data from Meta’s Platform on behalf of our client (“Meta Platform Data”). This includes:

• Page or account metadata (Page or account ID, name, profile picture);
• Messages sent to the client’s Page, Instagram account or WhatsApp number by end customers, and our client’s replies;
• Basic engagement data necessary to route conversations (e.g. message timestamps, conversation IDs);
• Profile information about end customers that Meta shares with the Page (e.g. name and profile picture) where the end customer has interacted with the Page.

We process Meta Platform Data solely to provide the FrontDesk virtual receptionist service on behalf of the client whose business asset the data originated from. This includes responding to inbound messages with our AI, capturing leads, scheduling appointments, escalating complex queries to the client’s team, and producing analytics for that client.

What we do not do with Meta Platform Data:

• We do not use Meta Platform Data for advertising or marketing, ours or anyone else’s;
• We do not use Meta Platform Data to train, fine-tune, or evaluate machine-learning or large-language models;
• We do not sell, license, rent or transfer Meta Platform Data to any third party, except to the subprocessors listed below who process it on our written instructions;
• We do not use Meta Platform Data from one client for the benefit of any other client. Each client’s data is logically isolated by tenant identifier and access is enforced on every request.

Retention and deletion: We retain Meta Platform Data only for as long as the client maintains an active connection and an active FrontDesk subscription. When a client disconnects their Meta business asset (through FrontDesk or through Meta Business Settings), or when their FrontDesk subscription ends, we delete the associated Meta Platform Data within 90 days as part of our normal data retention cycle, except where a longer period is required to comply with legal obligations (for example, taxation records). End customers (the people who messaged the client’s Page) may request deletion of their data at any time by emailing contact@builure.com.au; we acknowledge such requests within 5 business days and complete confirmed deletion requests within 30 days.

Data Deletion Request: To request deletion of data we hold about you that was obtained from Meta, email contact@builure.com.au with the subject “Meta Data Deletion Request” and the Facebook user ID, Instagram handle, or WhatsApp number the request relates to. We acknowledge such requests within 5 business days and complete confirmed deletion within 30 days.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

Subprocessors

We engage trusted third-party service providers to help deliver our service. Each subprocessor is bound by a written agreement that limits their processing of personal information (including, where applicable, Meta Platform Data) to the purposes for which we engage them.

Categories of subprocessors we use include:

• Cloud infrastructure, hosting, and identity providers (primarily Australian regions);
• Managed database providers (Australian regions);
• Content delivery, DDoS protection, and web application firewall providers;
• Generative AI / large language model providers, used to power AI responses;
• Object storage providers for voice-message audio (Australian regions);
• Payment processing providers;
• Transactional email delivery providers;
• Appointment scheduling integration partners, where enabled by the client.

A current named list of our subprocessors is available to customers on request at contact@builure.com.au. We give customers reasonable advance notice of material changes to this list where required by contract.

Data retention

We retain personal information only for as long as necessary for the purposes set out in this policy, including to meet legal, accounting or reporting requirements. Indicative retention periods:

• Meta Platform Data: duration of the active connection, then deleted within 90 days of disconnect or subscription end (or within 30 days of a verified deletion request from the end customer);
• Chat conversations and lead records: duration of the client’s subscription, then deleted within 90 days of subscription end;
• Billing and tax records: 7 years (as required by Australian taxation law);
• Security and audit logs: 90 days for operational logs, 7 years for billing-related audit logs;
• Marketing contact data: until you unsubscribe or request deletion.

Your rights

Under the Australian Privacy Act 1988 (and, where applicable, the EU GDPR or UK GDPR), you have the right to:

• request access to the personal information we hold about you;
• request correction of inaccurate or incomplete information;
• request deletion of your personal information, subject to legal retention obligations;
• object to or restrict certain processing;
• withdraw consent at any time where processing relies on consent;
• lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or your local supervisory authority.

To exercise any of these rights, email contact@builure.com.au. We will respond within 30 days.

Contact Us

For any questions or notices, please contact us at:

Builure Services Pty Ltd (ABN 43 666 640 900)
Email: contact@builure.com.au