1. Information We Collect
We may collect business contact details, account details, website URLs, phone numbers, signup notes, selected plans, support requests, technical logs and usage records.
When configured by a customer, Vonics may process call audio, call metadata, SMS, emails, chats, recordings, transcripts, summaries, sentiment, action items, workflow events, alarm events, booking data, invoice data, CRM records and integration payloads.
2. How We Use Information
We use information to create and manage tenants, verify signups, provide trials and paid services, operate workflows, connect third-party systems, send confirmations, detect abuse, support customers, improve reliability, prepare invoices, comply with law and protect Vonics, customers and service providers.
3. AI, Recording and Transcription Data
Customers decide what calls, messages, recordings and connected data are sent through Vonics workflows. Customers must provide recording notices, obtain required consent and avoid sending data that they are not allowed to process.
AI providers and speech services may process data to produce transcripts, summaries, actions, classifications, sentiment or recommendations. Outputs may be wrong or incomplete and should be reviewed before reliance.
4. Third-Party Providers and Subprocessors
Vonics may use or connect to telephony carriers, Vonics Billing, Twilio, Microsoft, Google, Xero, Dialogflow, OpenAI, cloud hosting, email, payment, analytics, support, monitoring and security providers. Data may be processed by those providers where needed to deliver the requested service.
Third-party providers are governed by their own contracts, privacy practices, security controls, locations, retention settings and outage risks. Customers are responsible for choosing and configuring integrations appropriate for their business.
5. Security Measures
Vonics uses reasonable administrative, technical and organisational controls, which may include access controls, credential protection, audit logs, encryption in transit, segmented tenant records, provider configuration controls, logging, backup practices and operational monitoring.
No online service, AI provider, carrier, integration, browser, customer system or cloud platform can be guaranteed completely secure. Vonics does not warrant that unauthorised access, malware, interception, credential compromise, misdelivery, provider incidents or data loss will never occur.
6. Customer Security Responsibilities
Customers must manage users, passwords, API keys, OAuth grants, webhooks, carrier credentials, billing access, connected app permissions, data retention settings, call recording notices, role access, staff training, endpoint security and incident response for their own environment.
Customers must promptly notify Vonics of suspected unauthorised access, compromised credentials, misdirected workflows, wrong recipient messaging, suspicious usage, unlawful content or data that should not have been processed.
7. Sensitive, Health and Regulated Data
Customers working with health, medical, allied health, finance, security monitoring, children, employment, government or other regulated data must ensure they have the right consent, notices, retention rules, contracts and safeguards before using Vonics.
Vonics is not a clinical record system, emergency response service, financial advice service, legal advice service or substitute for regulated professional judgement unless a specific written agreement says otherwise.
8. Data Breaches
If Vonics becomes aware of a suspected security incident involving personal information in systems it operates, Vonics will assess the incident and, where required by applicable law, notify affected customers, individuals, regulators or authorities.
Customers remain responsible for assessing and notifying incidents involving their own systems, users, customers, integrations, credentials, misconfigurations, connected apps, exported data or instructions.
9. Retention
We retain account, billing, audit, support, operational and workflow data for as long as reasonably needed to provide services, comply with law, resolve disputes, enforce terms, prevent abuse and maintain security. Retention periods may vary by feature, provider and customer configuration.
Customers should avoid sending unnecessary personal or sensitive information and should request deletion or export where appropriate, subject to legal, security, billing and backup limitations.
10. Overseas Processing
Vonics and its providers may process data in Australia and other countries where service providers operate. Customers must ensure that using those providers is suitable for their data, contracts and legal obligations.
11. Access, Correction and Requests
Australian privacy law may give individuals rights to access or correct personal information. Requests can be sent to Vonics, but customers remain the primary contact for data they control inside their own tenant, connected systems and end-customer records.
12. Contact
Privacy and security questions can be sent through the Vonics contact form.