Privacy Policy

IzzyOps Pty Ltd ("IzzyOps", "we", "us") provides AI-powered voice and workflow services to businesses. This Privacy Policy explains what personal information we collect, how we use it, and the choices you have. It applies to our website, dashboards, APIs, and the voice-agent calls run through our platform.

This policy is written to comply with the Australian Privacy Act 1988 (APPs), the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy laws. Where regional law gives you more rights, those rights take precedence.

We collect three categories of information:

• Account information. Name, work email, company, role, password hash, billing address, payment method (tokenised by our payment processor — we never store raw card data).
• Call data. Inbound/outbound call audio, transcripts, caller phone numbers (ANI), call metadata (duration, timestamps), intent/outcome labels assigned by the AI.
• Usage data. IP address, browser, device, pages viewed, feature interactions, error logs. Used to operate and improve the product.

You decide what data your AI persona captures during calls (e.g. appointment details, insurance information). We process it on your behalf as the data controller for your end-customer interactions.

We use the information we collect to:

• Operate the IzzyOps platform — route calls, generate responses, sync with your integrations.
• Bill you and prevent fraud.
• Improve our models. We do not train foundation models on customer call data. Aggregate, de-identified statistics may be used to improve persona templates with your prior agreement.
• Provide support, send service notifications, and (with consent) marketing communications.
• Comply with legal obligations and respond to lawful requests.

We share information only with:

• Subprocessors that help us run the service (cloud hosting, speech-to-text, telephony, payments). A current list is at izzyops.com/subprocessors.
• Your integrations at your instruction — HubSpot, Salesforce, your PMS/DMS, etc.
• Redial BPO agents performing live handoff under our exclusive partnership arrangement, subject to the same confidentiality and security controls.
• Legal authorities when compelled by a subpoena, court order, or applicable law.

We do not sell personal information. We do not share personal information with advertisers.

Call recordings and transcripts are retained for the period you configure (default: 90 days; configurable from 7 days to 7 years). Account information is retained while your account is active and for 12 months after closure for tax and audit purposes.

You can request deletion at any time via the dashboard or by emailing privacy@izzyops.com.

Depending on your jurisdiction, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your information (subject to legal retention requirements).
• Restrict or object to certain processing.
• Receive a portable copy of your data.
• Withdraw consent for marketing communications at any time.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact privacy@izzyops.com. We respond within 30 days.

We protect your information with industry-standard controls: AES-256 encryption at rest, TLS 1.3 in transit, SOC 2 Type II audited operations, role-based access, MFA enforcement, and continuous monitoring. See the Security & Compliance page for the full architecture.

No system is perfectly secure. If a breach affecting your data occurs, we will notify you without undue delay and in any case within the timeframe required by applicable law.

IzzyOps operates from Sydney, Australia, with data centres in Australia, the United States, the European Union, and Singapore. We use Standard Contractual Clauses (SCCs) for EEA/UK transfers and equivalent mechanisms for other jurisdictions. You can choose your data residency region during setup.

IzzyOps is a B2B service. We do not knowingly collect personal information from children under 16. If you believe we have, contact us and we will delete it.

We will update this policy as needed. Material changes will be notified via email and dashboard banner at least 30 days before they take effect. The "last updated" date at the top reflects the most recent revision.

Questions? Reach our Privacy team at privacy@izzyops.com or by post: IzzyOps Pty Ltd, Attn: Privacy Officer, Level 4, 123 Pitt Street, Sydney NSW 2000, Australia.

EU/UK representative: appointed under Art. 27 GDPR — contact details on request.