Privacy Policy

Privacy Policy

How we collect, use, store and protect your information.

Effective date: 25 February 2026

Last updated: 25 February 2026

1. Introduction

Vootery ("we", "us", "our") is an Australian company that provides an AI-powered sales call analysis platform. This Privacy Policy explains how we collect, use, disclose and protect your personal information when you use our website, platform and related services (collectively, the "Service").

This policy applies to all users of the Service, including account holders, team members, managers and administrators within an organisation. It covers information we collect directly from you, information collected automatically when you use the Service, and information provided by your organisation.

We are committed to complying with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the European Union General Data Protection Regulation (GDPR) where applicable. We handle your personal information with care and transparency.

2. Information We Collect

2.1 Account Information

When you create an account or are invited to an organisation, we collect:

  • Your name and email address
  • Your organisation name
  • Your role within the organisation (e.g. master, manager, agent)
  • Authentication credentials (passwords are hashed and never stored in plain text)

2.2 Call Recordings and Transcripts

Your organisation uploads call recordings (MP3, WAV, M4A files) to the Service for transcription and analysis. These recordings are uploaded by authorised users within your organisation. We process these recordings to produce transcripts, analysis outputs, compliance results and coaching insights.

Call recordings may contain personal information of the individuals on the call. Your organisation is responsible for ensuring it has the appropriate consent or legal basis to record and upload these calls.

2.3 Usage Data

We collect basic usage data to understand how the Service is used and to improve it. This includes page visits, feature usage, browser type and IP address. We do not use third-party tracking or advertising cookies.

2.4 Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV or full card details on our servers. Stripe may collect and store payment information in accordance with their own privacy policy. We receive only a record of the transaction, including the last four digits of your card, for billing purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and operate the Service -- authenticate users, manage organisations, and deliver platform features
  • Process and analyse call recordings -- transcribe audio, run AI-powered analysis, generate compliance results, scores and insights
  • Generate reports and coaching outputs -- produce compliance reports, coaching reports, meeting agendas and performance summaries
  • Send transactional emails -- account verification, team invitations, password resets and service notifications
  • Improve the Service -- understand usage patterns, diagnose issues and develop new features
  • Ensure security -- detect and prevent unauthorised access, fraud or abuse

We do not send marketing emails without your explicit consent. You can opt out of any non-essential communications at any time.

4. Third-Party Services (Subprocessors)

We use the following third-party services to operate the platform. Each provider is selected for their security practices and, where possible, data residency options:

Provider Purpose Data Shared
Supabase Database and file storage (Sydney region) Account data, call recordings, transcripts, analysis outputs
Deepgram Audio transcription Call audio files for transcription
Anthropic (Claude) AI-powered call analysis Call transcripts for analysis. Data is not used for model training.
Render.com Application hosting Application code and runtime data
Stripe Payment processing Payment and billing information
Resend Transactional email delivery Email addresses and email content
ElevenLabs Sales simulator voice (when feature enabled) Simulator conversation data

We review our subprocessors regularly and will update this list if providers change. A current list is available on request.

5. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it:

  • Australian data residency -- our primary database and file storage are hosted in the Sydney region (via Supabase) where possible
  • Encryption at rest -- all stored data, including call recordings, transcripts and analysis outputs, is encrypted at rest
  • Encryption in transit -- all data transmitted between your browser and our servers is encrypted using TLS
  • Role-based access control -- access to data within the platform is restricted based on user role (master, manager, agent)
  • Multi-tenant isolation -- each organisation's data is logically separated. Organisations cannot see, access or query another organisation's data
  • Secure authentication -- passwords are hashed using industry-standard algorithms. Sessions use HttpOnly cookies with automatic expiry

No system is completely secure. If we become aware of a security breach that affects your personal information, we will notify you and the relevant authorities in accordance with applicable law.

6. Data Retention

  • Account data -- retained while your account is active and for a reasonable period afterwards to fulfil legal and operational requirements
  • Call recordings and analysis -- retained in accordance with your subscription plan and any retention settings configured by your organisation
  • After account closure -- your data will be available for export for 30 days following account closure
  • Deletion requests -- deleted data is permanently removed from our systems within 90 days of a deletion request, including from backups

If your organisation has specific retention requirements, contact us and we will work with you to accommodate them.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access -- request a copy of the personal information we hold about you
  • Export -- receive your data in a structured, commonly used and machine-readable format
  • Deletion -- request that we delete your personal information, subject to legal obligations
  • Correction -- request correction of any inaccurate or incomplete personal information
  • Withdraw consent -- where processing is based on consent, you may withdraw it at any time
  • Restrict processing -- request that we limit how we use your data in certain circumstances
  • Object -- object to processing of your personal information in certain circumstances

To exercise any of these rights, contact us at privacy@vootery.com. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or, if applicable, your local data protection authority.

8. Cookies and Tracking

We use cookies strictly for essential functionality:

  • Session cookies -- used for authentication and maintaining your logged-in session. These are essential for the Service to function and do not require separate consent.
  • No third-party tracking cookies -- we do not use cookies from third-party analytics, advertising or social media platforms
  • No advertising cookies -- we do not serve ads and do not use cookies for advertising purposes

Because we only use essential cookies required for the Service to operate, no cookie consent banner is necessary.

9. Children's Privacy

The Service is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly.

10. International Data Transfers

While our primary data storage is in Australia, some of our subprocessors operate in other countries (including the United States). When your data is transferred outside Australia, we ensure that appropriate safeguards are in place, including:

  • Contractual obligations requiring subprocessors to protect your data to a standard comparable to Australian privacy law
  • Selecting providers that comply with recognised data protection frameworks
  • Minimising the data shared with each subprocessor to only what is necessary for their specific function

For users in the European Economic Area, transfers are made in accordance with GDPR requirements, including the use of Standard Contractual Clauses where applicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make changes:

  • We will update the "Last updated" date at the top of this page
  • For material changes, we will notify you by email to the address associated with your account
  • Continued use of the Service after changes take effect constitutes acceptance of the updated policy

We encourage you to review this page periodically.

12. Contact

If you have questions about this Privacy Policy, your personal information, or wish to exercise any of your rights, you can contact us at:

We aim to respond to all privacy-related enquiries within 30 days.

See also: Trust overview, Security, Privacy, and Data Hosting.

Want to see how Vootery flags compliance misses and deal killers in under a minute?

Bring a call sample, your scripts or non-negotiables, and your current QA process.

Book a Demo