Effective Date: 5 October 2025
1. Introduction
TradeFlowAI (“we,” “our,” “us”) respects your privacy and is committed to protecting personal information in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the EU GDPR and UK GDPR (where applicable), and other relevant global frameworks.
By using our website, funnels, systems, or services — or by clicking “I Agree,” checking a consent box, or continuing to use our platform — you confirm that you have read and accepted this Privacy Policy.
2. Key Definitions
Personal Information means information or an opinion that can identify an individual, whether true or not.
Sensitive Information includes health data, ethnicity, beliefs, or similar information (we do not intentionally collect this).
Usage Information refers to technical and behavioural data automatically collected via cookies, pixels, and analytics.
Client Data means information your business uploads or generates inside our connected systems (for example, GHL sub-accounts or AI caller logs).
Third-Party Providers are trusted partners that power payments, AI, CRM, analytics, ads, or hosting.
3. Who We Are
Business Name: TradeFlowAI
ABN: 76615904791
Type: Digital Marketing & AI Automation Agency
Head Office: Perth, Western Australia
Contact: [email protected]
We provide AI-driven lead systems, CRM setup, and automation tools primarily for trade and service businesses.
4. Scope and Roles
TradeFlowAI acts as a data controller for our own leads, prospects, and website visitors. We act as a data processor and service provider for our business clients, processing Client Data under their instructions through GoHighLevel (GHL), Synthflow, and related integrations. Each client retains ownership of their end-customer data stored inside their GHL sub-account.
5. Information We Collect
(a) Personal Information
We may collect your name, business name, email, phone, address, job role, communication preferences, and onboarding form details.
(b) Payment Information
Billing details are handled securely via Stripe or equivalent payment processors. We never store full card or bank details.
(c) Usage and Analytics Data
We collect data such as device type, browser, IP address, pages visited, session time, and engagement behaviour through Meta Pixel, Google Analytics, Tag Manager, GoHighLevel tracking, cookies, SDKs, and UTM parameters.
(d) Communication and Support
We may collect emails, chat logs, or recorded support calls for training and quality assurance purposes.
(e) AI Caller and Telephony Data
When using Synthflow or GHL’s Twilio telephony, we collect call logs (numbers, timestamps, duration), call recordings and transcripts (with notice where legally required), and missed-call text-backs or booking confirmations. These are stored securely and retained for up to 12 months or shorter on request.
(f) Client Data from Sub-Accounts
We process information belonging to your end customers such as leads, contact forms, call records, calendar bookings, and automation data. This data is processed strictly to deliver your CRM, automation, and AI services. We do not use or sell Client Data for our own marketing.
6. How We Use Information
We use collected information to deliver, manage, and support digital marketing, CRM, and AI services; process payments and subscriptions; provide onboarding, technical assistance, and training; improve service reliability and automation quality; send transactional or marketing communications (where consented); monitor compliance, security, and fraud prevention; and fulfil legal or tax obligations.
7. Disclosure of Information
We share information only when necessary with our trusted service providers such as GoHighLevel (CRM and automations), Synthflow and Twilio (AI calling and telephony), Stripe (payment processing), Meta and Google (advertising and analytics), AWS and Cloudflare (hosting and performance), and OpenAI API or similar providers (AI processing).
All third parties are bound by confidentiality and data-processing agreements consistent with the APPs and GDPR.
We may also disclose data to comply with lawful requests or court orders, to protect our rights and property, or in the event of a merger, acquisition, or business sale (with notice). We never sell personal data.
8. International Transfers
Data may be processed in the United States, European Union, United Kingdom, or Asia-Pacific regions through our infrastructure partners. We implement appropriate safeguards, including Standard Contractual Clauses, and ensure comparable protection under APP 8.
9. Data Security
We use encryption in transit and at rest, role-based access control, multi-factor authentication, network monitoring, intrusion detection, and regular vulnerability testing. While no system is entirely immune to risk, we act quickly to contain and report any incident.
10. Data Breach Notification
If a breach is likely to result in serious harm under the Notifiable Data Breaches Scheme or risk individual rights under GDPR, we will notify affected parties and authorities promptly.
11. Your Rights
You may request access to or correction of your information, request deletion (subject to legal retention obligations), withdraw marketing consent, request data portability, or object to or restrict certain processing.
To exercise these rights, email [email protected]. We respond within 30 days.
12. Data Retention
Billing and tax records are retained for seven years.
AI call recordings and transcripts are retained for up to 12 months (configurable).
CRM contact data is retained for the duration of an active contract plus 90 days.
Marketing leads are kept for up to 24 months after last interaction.
Security logs are kept for 12 months on a rolling basis.
After expiry, data is securely deleted or anonymised.
13. Cookies and Pixels
We use cookies, Meta Pixel, and Google Analytics to support site performance, conversion tracking, and ad optimisation, including social media retargeting.
Where required by law (such as for EU/UK users), we present a consent banner allowing you to Accept, Reject, or Manage Preferences. You can also disable cookies in your browser settings.
14. Consent and Checkbox Agreements
By ticking an “I Agree” or “Accept Terms” box, submitting a form, or continuing to use our Services, you consent to this Privacy Policy and our Terms of Service, the use of cookies and analytics tools, the collection of call data and AI interactions, and receiving transactional communications (and marketing if opted in).
You may withdraw consent anytime by emailing [email protected] or unsubscribing from emails.
15. Third-Party Platforms and Integrations
Our services integrate with systems including GoHighLevel (CRM and automations), Synthflow and Twilio (AI calling and telephony), Meta (Facebook and Instagram ads), and Google or YouTube (advertising and analytics).
Each service has its own privacy policy. We only share or receive the minimum data needed to provide the requested functionality.
16. AI and Automated Processing
Our AI systems may process call content, messages, or booking requests to assist with scheduling and customer engagement. We do not make legally binding decisions using automated processing alone, and human review is available upon request.
17. Children
We do not knowingly collect information from anyone under 18 years of age. If such data is discovered, it will be deleted immediately.
18. Direct Marketing and Spam Compliance
We comply with the Spam Act 2003 (Cth). Marketing emails and SMS messages are sent only with consent and include clear unsubscribe options. We also comply with the Do Not Call Register requirements.
19. Complaints and Escalation
If you have privacy concerns or wish to make a complaint, contact [email protected]. We aim to resolve issues within 30 business days.
If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
20. Updates to This Policy
We may update this Privacy Policy periodically. The Effective Date at the top reflects the latest version. Significant updates will be communicated via email or in-platform notice.
21. Contact Us
TradeFlowAI
Perth, Western Australia
Email: [email protected]
ABN: 76615904791