1. Introduction
360 Digital Experts (“we”, “our”, “us”) operates an advanced Artificial Intelligence (AI) voice-calling agent platform tailored for Australian small-to-medium enterprises (SMEs), medical practices, allied health providers, and corporate clients.
We are fully committed to protecting the privacy of our clients and their end-users (callers). We operate in strict adherence to:
- The Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).
- The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules (for Protected Health Information).
- State-based surveillance and recording laws within Australia (e.g., Surveillance Devices Act 1999 (Vic)).
By utilizing our services, onboarding an AI voice agent, or submitting inquiries via our Meta Ads, you explicitly acknowledge and consent to the data processing practices detailed in this policy.
2. Information We Collect
To deploy functional, dynamic AI voice interfaces, we collect and process several categories of information:
- Core Corporate Data: Full names, registered business names, Australian Business Numbers (ABNs), industries, corporate email addresses, and phone numbers.
- Conversational Media (The AI Stack Data): High-fidelity call recordings of interactions between our AI calling agents and your end-users, automated text transcripts generated in real-time, and operational meta-data (call durations, time-stamps).
- Protected Health Information (PHI) & Sensitive Data (HIPAA & APP 3): For healthcare clients, our AI processes patient intake data, full names, dates of birth, medical symptoms discussed over the phone, and appointment booking reasons.
- Automated Digital Analytics: IP addresses, cookies, and behavior maps gathered on our website or via tracking pixels deployed on Meta (Facebook/Instagram)
3. Strict Infrastructure Core Guarantees: Data Isolation & Zero Outsourcing
We enforce foundational security guarantees regarding how your data is handled:
- The Zero-Outsourcing Policy: Unlike traditional agencies that utilize offshore human contractors or manual transcriptionists to review call quality, 360 Digital Experts enforces an absolute zero-outsourcing policy. No human contractor outside our immediate, vetted engineering core ever listens to or reads your call data.
- Isolated Cloud Environments: Every client business operates inside a structurally siloed account environment. Cross-contamination of data is impossible. Your transcripts and client history cannot be viewed or accessed by any other user on our platform.
- Explicit No-Training Guarantee: We utilize strict enterprise-tier developer data-privacy agreements. No voice files, data logs, or patient answers are ever fed back into foundational public algorithms. Your data is never used to train shared, public AI models.
4. Australian Privacy Principles (APPs) Alignment
We align our service architecture directly with the 13 APPs to protect individual privacy across Australia:
- APP 1 (Transparent Management): We maintain this detailed policy and offer a dedicated privacy channel for clear inquiries.
- APP 3 & 4 (Collection Control): We gather information exclusively via transparent channels where a caller actively chooses to interact with the system.
- APP 5 (The Voice Shield Notice): To comply with Australian call recording laws, our AI agents initiate every single call with an explicit voice disclosure stating that an automated assistant is handling the call and recording it for quality/verification purposes.
- APP 6 (Permissible Use): Data is strictly used for the core execution of the business service (e.g., placing an appointment into your booking software) and is never repurposed or sold.
- APP 8 (Cross-Border Data Flows): We prioritize local Australian hosting architectures. All cloud infrastructure is bound by non-disclosure clauses that match or exceed Australian statutory protections.
5. Technical Realization of HIPAA Compliance Standards
For medical and clinical practices employing our AI calling agents, we build technical safeguards modeled precisely on HIPAA parameters:
- Data Encryption at Rest: High-grade AES-256 bit encryption applied directly to all database volumes storing call logs, text scripts, and patient data.
- Data Encryption in Transit: TLS 1.3 and SRTP (Secure Real-time Transport Protocol) cryptographic protocols applied to actively streaming audio to prevent interception.
- Role-Based Access Control (RBAC): Administrative dashboards utilize the Principle of Least Privilege. Only pre-verified personnel can access logs solely for critical troubleshooting.
- Audit Trails: Immutable, timestamped logging systems capture every single action inside the database—detailing exactly who viewed, exported, or altered a transcript entry.
6. Transparency in Automated Decision-Making (ADM)
In compliance with current Australian privacy parameters regarding Automated Decision-Making (ADM):
- The AI calling agent makes real-time conversational decisions based exclusively on the business rules and booking availabilities provided during your onboarding phase.
- The AI agent does not evaluate credit profiles, render binding legal conclusions, or make definitive medical diagnoses. It acts strictly as an operational concierge.
7. Meta Platforms (Facebook & Instagram Ads) Data Guardrails
We run lead-generation strategies via Meta Ads under strict data rules:
- We utilize the Meta Pixel and Conversions API to monitor the efficacy of our advertising campaigns.
- Data Firewall: No call recordings, patient details, client appointment inputs, or health data are ever transmitted back to Meta. Meta has zero visibility into the internal database logs generated after an AI calling agent goes live.
8. Data Retention and Deletion Scheduling
- Standard Lifecycle: All conversation logs, audio assets, and generated text files are automatically archived and securely deleted after 12 months from the call event, unless a custom retention window is requested by the client.
- Irreversible Deletion: When a deletion routine is triggered, data blocks are completely wiped using cryptographic overwrite methodologies ensuring the data cannot be reconstructed or recovered.
9. Individual Statutory Rights
Under the Privacy Act 1988, callers and business clients hold absolute rights over their records:
- Right to Access: You may request a copy of all personal profiles, transcripts, and voice logs linked to your business or number.
- Right to Correction: You have the right to modify or adjust recording records instantly if data is incorrectly captured by the speech-to-text layer.
- Right to Erasure: Individuals may request immediate removal of specific voice records by writing to us. We execute verified erasure procedures within 30 days.
10. Contact Information and Regulatory Recourse
For any questions regarding our architectural security stack or to exercise your privacy rights, please connect directly with our operational headquarters:
