Legal

Privacy policy.

Last updated: April 2026

Draft — under legal review. This document is a plain-English draft of the Hey Cooee Privacy Policy prepared by the Hey Cooee team. It reflects how we intend to handle personal information under the Australian Privacy Act 1988 and the 13 Australian Privacy Principles, but it has not yet been reviewed by Australian privacy counsel. The final reviewed version will be published here ahead of general availability. For privacy enquiries in the meantime, email hello@heycooee.au.

1. Introduction

This Privacy Policy explains how Hey Cooee ("Hey Cooee", "we", "us") — Sebastian Piotrowski trading as Hey Cooee, ABN 77 817 490 068 — collects, uses, stores, and discloses personal information. It applies to our website (heycooee.au), the Hey Cooee portal (app.heycooee.au), and the AI voice reception service itself.

We comply with the Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs). Where a term is used in a specific way in that Act — for example, "personal information" or "sensitive information" — we use it the same way.

2. What we collect

From you as a subscriber: your name, business name, email address, phone number, the plan and add-ons you've chosen, and basic technical information about how you use the Portal (sign-in times, device, browser).

From callers to your Hey Cooee line: a recording of the call, a transcript of what was said, the caller's phone number (where provided by the carrier), and any personal information the caller shares during the conversation — typically their name, contact number, and details relevant to the booking such as address or the service they're asking about.

Payment information: we don't see or store your credit card details. Payments are processed by Stripe Payments Australia Pty Ltd. We receive a Stripe customer identifier and the billing status back from Stripe — that's it.

Sensitive information: we try not to collect it. If a caller discloses health information (for example, when booking with a medical or allied-health tenant), it's captured in the call recording and transcript as part of the booking record. Tenants operating in regulated industries are responsible for configuring their Hey Cooee service in line with the sector rules that apply to them.

3. How we use personal information

To provide the Service: to answer calls, conduct the booking conversation, deliver the booking or message back to you, send SMS confirmations and reminders to callers, and keep the Portal running.

To communicate with you: to send you transactional email (booking notifications, payment receipts, renewal reminders, service updates), and — with your permission — occasional product and marketing updates, which you can unsubscribe from at any time.

To improve the Service: to understand how the Portal is used in aggregate, to troubleshoot issues, and to improve conversation quality. We do not use your Tenant Data or your callers' personal information to train third-party AI models.

To meet our legal obligations: tax, regulatory, and any lawful request we're required to comply with.

5. Who we share information with

We do not sell personal information to anyone, ever.

We share information only with service providers we use to run the platform: our cloud infrastructure provider (in Sydney), the telephony carrier that carries your inbound calls, the AI provider that generates the conversational responses, Stripe for payments, and email/SMS delivery providers.

Where we share information with service providers, we do so under written agreements that restrict what they can do with that information and require them to protect it with security measures comparable to ours.

We may disclose information if we're required to by law — for example, in response to a subpoena, a lawful request from a regulator, or where disclosure is necessary to protect someone from serious harm.

6. Where your data is stored

Hey Cooee runs entirely on Australian infrastructure in the Sydney region. Call recordings, transcripts, bookings, and Portal content are stored in Australia and do not leave the country.

The one cross-border transfer is conversation text sent to our AI provider for response generation. That text is transmitted securely, with phone numbers redacted before transmission, is not retained by the AI provider for training, and is returned to us in Australia. We treat this as the minimum necessary cross-border flow to provide the Service, and it's disclosed at the start of every call.

7. How long we keep information

Call recordings: retained for 30 days by default, then deleted automatically. Tenants on plans with extended recording retention may hold recordings for longer if enabled.

Call transcripts, booking records, and Portal content: retained for the life of your subscription and for 30 days after cancellation, then personal information is deleted from active systems. Anonymised aggregate statistics may be retained for service-improvement purposes.

Account and billing records: retained for at least seven years after the end of the subscription to meet our Australian tax and record-keeping obligations.

Support correspondence: retained for two years after the issue is closed.

Backups: encrypted backups may hold information for up to 90 days after the primary record has been deleted, on a rolling-window basis.

8. Security

We use standard industry controls to protect personal information: encryption in transit (TLS) and at rest, role-based access control inside Hey Cooee, least-privilege service accounts, logged administrative access, and regular backups.

Hey Cooee staff can access tenant data only for support or operational reasons, and all such access is logged. We do not read call transcripts except where investigating a specific issue you've raised with us, or where required by law.

No system can be guaranteed perfectly secure. If we become aware of a data breach that's likely to result in serious harm, we'll notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.

9. Your rights — access, correction & complaints

You have the right to ask what personal information we hold about you, to request a copy of it, and to ask us to correct anything that's wrong or out of date. To make a request, email hello@heycooee.au.

We'll acknowledge your request within seven days and aim to fulfil it within 30 days. If we can't give you access to certain information (for example, because it would reveal commercially sensitive information or another person's information), we'll explain why.

If you're unhappy with how we've handled your personal information, tell us first — email hello@heycooee.au with the detail and we'll aim to resolve it within 30 days. If you're still not satisfied, you can complain to the OAIC at oaic.gov.au.

10. Cookies & website analytics

Our marketing site (heycooee.au) uses privacy-friendly analytics and does not set tracking or advertising cookies. We do not share browsing information with advertising networks.

The Portal (app.heycooee.au) uses strictly necessary cookies to keep you signed in and to remember your preferences. These are not used for tracking or advertising.

11. Children

The Service is intended for use by Australian businesses. We don't knowingly collect personal information from anyone under 16. If you become aware that a child has contacted your Hey Cooee line and you'd like the associated recording and transcript deleted, email us and we'll action it.

12. Changes to this policy

We may update this Privacy Policy as the Service evolves or the law changes. Material changes will be notified to subscribers by email at least 30 days before they take effect. The latest version is always published at heycooee.au/privacy with the "last updated" date at the top.

13. Contact us

Privacy enquiries, access and correction requests, and complaints: email hello@heycooee.au.

Hey Cooee (ABN 77 817 490 068) — Canberra, Australia.

← Back to heycooee.au