Legal
Privacy Policy
Yindi AI Pty Ltd (ABN 32 697 933 672)
Effective date: 23 June 2026
Yindi AI Pty Ltd (“Yindi”, “we”, “us”, “our”) provides an AI-powered phone receptionist service to schools and businesses. This policy explains what personal information we collect when our AI assistant answers a call, why we collect it, who we share it with, where it is stored, and how you can access, correct, or complain about the handling of your information.
We handle personal information in accordance with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).
1. Our role
Yindi provides its service to client organisations: the schools and businesses whose calls our AI assistant answers. When you call one of those organisations and speak to the Yindi assistant, we collect and handle your information on that organisation’s behalf so the call can be answered, logged, and actioned.
The client organisation decides why it uses our service and what it does with the information afterwards. Yindi is responsible for operating the platform securely and for handling your information as described in this policy. If you want to know how a particular school or business uses information about you beyond what we describe here, contact that organisation directly.
2. What information we collect
When the Yindi assistant answers a call, we may collect:
- Your phone number and, if you give it, your name
- A recording and/or transcript of the call
- The reason for your call and any details you provide, for example an absence report, an enquiry, a message for staff, or a support request
- The name and details of any other person you mention, such as a student you are reporting absent
- Records of confirmation messages we send by SMS or email at the end of a call
We collect this information directly from you during the call.
3. Sensitive information
Some calls contain sensitive information as defined in the Privacy Act 1988 (Cth). The most common example is health information, such as when a parent explains that a child is absent because they are unwell or have a medical appointment.
We do not seek sensitive information beyond what you choose to tell us. Where it is captured in a call, we treat it as sensitive information: we use it only for the purpose of handling and logging your call, we do not use it for any other purpose, and it is deleted on the same retention schedule as the rest of the call record (see section 8).
4. Children's information
Our service is used by schools, so calls frequently include personal information about students who are children. This information is provided to us by the adult who calls (usually a parent or guardian) or by school staff. We do not knowingly collect personal information directly from a child.
We recognise that children’s information requires additional care. We limit our collection to what the calling adult provides for the purpose of the call, we apply the same security and retention controls described in this policy, and we do not use children’s information for any purpose other than handling and logging the call on the school’s behalf. We are monitoring the development of the OAIC’s Children’s Online Privacy Code and will update our practices to align with it.
5. How we use your information
We use the information we collect to:
- Answer and handle your call on behalf of the client organisation
- Create a record of the call so the client organisation has an accurate log of what was discussed
- Allow you or the client organisation to review what was said on the call if needed
- Send you an SMS or email confirming the outcome of the call, where applicable
- Maintain and secure the service, and meet our legal obligations
We do not sell your personal information. We do not use call recordings or transcripts to train or improve AI models.
6. Notice and consent at the start of a call
At the start of each call, the Yindi assistant tells you that the call is recorded and transcribed and why. By continuing with the call after this notice, you consent to the recording and to the handling of your information as described in this policy. If you do not consent, you can end the call and contact the organisation another way.
7. Who we share your information with
We share your information with:
- The client organisation you called (the school or business), which receives the call record and any logged details
- Service providers who help us run the platform, listed below
- Anyone you ask us to, or where we are required or authorised to disclose information by law
We use a range of service providers to deliver the service. We may change the specific providers we use from time to time, but they fall within the categories and countries set out below:
| Type of provider | Purpose | Location |
|---|---|---|
| Voice and AI conversation providers | Speech-to-text, voice synthesis, and AI handling of the call | United States, and may also process information in the European Union |
| Web infrastructure providers | DNS, content delivery, and web application firewall for our web services | United States |
| Hosting and database providers | Hosting the platform and storing call records | Australia |
| Messaging providers | Sending SMS and email confirmations | Australia |
| CRM integration providers | Logging tickets or jobs, where a client enables an integration | Australia |
If we begin using a provider located in a country not listed above, we will update this policy before doing so.
7a. Google Calendar and other connected services
If a client chooses to connect a Google account so that Yindi can book appointments, we request access to that account's Google Calendar in order to check availability and create appointment events on the calendar the client connects.
Yindi's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only access the Google Calendar that the client explicitly connects, and only to read free/busy availability and create or manage appointment events made through Yindi.
- We do not use Google Calendar data for advertising, and we do not sell it.
- We do not use Google Calendar data for any purpose other than providing and improving the appointment-booking feature the client has enabled.
- We do not allow humans to read Google Calendar data except where required for security, to comply with the law, or with the client's explicit consent.
- A client can disconnect their Google Calendar at any time from the Yindi portal, which revokes Yindi's access. Clients can also revoke access from their Google Account permissions page.
Google account credentials (refresh tokens) are stored encrypted and are used solely to maintain the connection the client authorised.
8. Overseas disclosure
Some of the providers we use to handle your call are located overseas. As set out in the table above, this means the audio and transcript of your call are processed by voice and AI conversation providers in the United States, and may also be processed in the European Union. Our web infrastructure providers are also located in the United States.
Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, including through contractual data protection terms.
The platform and database where your call records are stored are hosted on infrastructure located in Australia.
9. How we store and protect your information
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our measures include encryption of data in transit and at rest, encrypted backups, multi-factor authentication on all administrative access, role-based access controls, network firewalling with geographic restrictions, a web application firewall, and audit logging of system activity.
No method of transmission or storage is completely secure, but we work to protect your information and to respond appropriately if a data breach occurs, including meeting our obligations under the Notifiable Data Breaches scheme where it applies.
10. How long we keep your information
We retain call recordings and transcripts, and the personal information they contain, for 90 days, after which they are deleted in accordance with our data retention and destruction policy. We may retain information for longer only where we are required to by law or where it is needed to resolve a dispute or complaint.
11. Accessing and correcting your information
You can ask us for a copy of the personal information we hold about you, or ask us to correct it if it is inaccurate, out of date, incomplete, or misleading. This applies whether you are a client of Yindi or a member of the public who has called one of our clients.
To make a request, contact us using the details in section 13. We will respond within a reasonable period, normally within 30 days. There is no charge to make a request, though we may charge a reasonable cost for giving access in some cases. If we cannot give you access or make a correction, we will tell you why in writing.
Because we handle much of this information on behalf of client organisations, we may need to direct your request to the relevant school or business, or coordinate with them, to action it.
12. Complaints
If you believe we have breached the Australian Privacy Principles or mishandled your personal information, contact our Privacy Officer using the details below. We will acknowledge your complaint, investigate it, and respond to you in writing, normally within 30 days.
If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
13. Contact us
Reach our Privacy Officer using the details below.
14. Changes to this policy
We may update this policy from time to time. The current version is always available at yindi.com.au/privacy, and the effective date at the top of the policy shows when it was last changed.
Privacy Officer
Yindi AI Pty Ltd
Email: privacy@yindi.ai
Phone: 1300 094 634