Legal

Privacy Policy

Bury Digital Pty Ltd · ABN 31 850 554 300 · Last updated: May 2026

1. About this policy

This policy explains how Bury Digital Pty Ltd ("Bury Digital", "we", "us", "our") collects, uses, stores, and discloses personal information.

It applies to:

  • Customers of our SaaS platform (the "Service")
  • People who contact, call, or message a Customer through the Service ("End Users")
  • Visitors to our website at bury-digital.com

We are committed to handling personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth), as amended by the Privacy and Other Legislation Amendment Act 2024.

2. What personal information we collect

Customer information

When you sign up for the Service, we collect:

  • Business name, ABN, and trading name
  • Your name, role, email address, and phone number
  • Billing details (handled by our payment processor; we do not store full card numbers)
  • Information about your industry, working hours, and qualification preferences

End User information (collected via Customers)

When an End User calls or messages a Customer's forwarded number, we collect:

  • The End User's phone number (caller ID)
  • Date, time, and metadata of the missed call
  • SMS content exchanged between our AI and the End User
  • Information disclosed by the End User in those messages (e.g. their name, suburb, the nature of their enquiry, and any other details they choose to provide)

For some Customers in regulated industries (such as dental, allied health, or veterinary practices), End User SMS content may include health information within the meaning of the Privacy Act. We treat health information with the additional protections required under Part IIIA of the Act, and the small business exemption does not apply to its handling.

Website visitor information

  • IP address, browser type, device type
  • Pages visited and time on page
  • Information you provide via contact forms or by booking a demo
  • Cookies (see Section 11)

3. How we collect personal information

  • Directly from you, when you sign up, contact us, or book a demo.
  • Automatically, when you use the Service or visit our website.
  • From your Customer account, when End Users interact with your forwarded number.

We do not buy personal information from third parties.

4. Why we collect personal information

We collect and use personal information to:

  • Deliver the Service (recover missed calls, qualify enquiries, deliver lead summaries)
  • Authenticate Customers and secure accounts
  • Bill Customers and process payments
  • Provide customer support
  • Send service-related communications (e.g. outages, billing, security)
  • Improve the Service through aggregated, de-identified analytics
  • Comply with our legal obligations
  • Detect and prevent fraud, spam, abuse, or unlawful use

We do not sell personal information.

We do not use Customer data or End User data to train our own or any third-party artificial intelligence models. The AI qualification feature uses the Anthropic API, which under Anthropic's commercial terms does not train models on data submitted by API customers.

5. Who we share personal information with

We share personal information with the following categories of recipient:

  • Subprocessors — Service providers who help us deliver the Service. Our current list of subprocessors is published at bury-digital.com/subprocessors.html.
  • Customers — End User information collected via a Customer's account is made available to that Customer (and only that Customer) in their lead hub.
  • Government and law enforcement — Where required by law, court order, or where we reasonably believe disclosure is necessary to protect rights, property, or safety.
  • Professional advisors — Our lawyers, accountants, and insurers, under confidentiality obligations.
  • Successor entities — If we are acquired, merged, or sell substantially all our assets, personal information may transfer to the acquiring entity, subject to this Privacy Policy.

We do not share personal information for marketing purposes.

6. International transfers

Some of our subprocessors are located outside Australia. In particular:

  • Anthropic, Inc. processes AI qualification requests in the United States.
  • Twilio Inc. processes some SMS and voice traffic via infrastructure that may include the United States.
  • Cloudflare, Inc. operates a global edge network for content delivery and security.

Where we transfer personal information overseas, we take reasonable steps to ensure the recipient handles it in a manner consistent with the APPs.

The primary database storing Customer and End User information (Supabase) is hosted in the Sydney (ap-southeast-2) region, within Australia.

7. How long we keep personal information

We keep personal information for as long as needed to deliver the Service and meet our legal obligations.

  • Active accounts: for the life of the Customer's subscription.
  • Closed accounts: Customer and End User data is deleted within 90 days of account closure, unless we are required to retain it for legal, accounting, or fraud-prevention purposes.
  • Billing records: retained for at least 7 years to comply with Australian taxation law.
  • Marketing and prospect information: retained until you ask us to delete it.

Customers can export their data at any time before closing their account.

8. How we protect personal information

We use technical and organisational measures to protect personal information, including:

  • Encryption in transit (TLS) and at rest
  • Row-Level Security (RLS) in our database to enforce strict multi-tenant isolation
  • Access controls and least-privilege access for our personnel
  • Audit logging of administrative actions
  • Regular security review of subprocessors
  • Incident detection and response procedures

More detail is available at bury-digital.com/security.html.

No system is perfectly secure. If a notifiable data breach occurs, we will comply with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.

9. Your rights

Under Australian privacy law you have the right to:

  • Access the personal information we hold about you
  • Correct information that is inaccurate, out of date, or incomplete
  • Complain about how we handle your personal information
  • Request deletion of your personal information, subject to our legal retention obligations

For End Users: requests about information collected through a specific Customer (for example, messages you sent to a Customer's forwarded number) should generally be directed to that Customer first, as they are the data controller. We will assist Customers in responding to such requests.

To make a request, email us at the address in Section 13. We will respond within 30 days.

10. Complaints

If you believe we have mishandled your personal information, please contact us first (see Section 13). We will investigate and respond within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner:

  • Website: oaic.gov.au
  • Phone: 1300 363 992

11. Cookies and analytics

Our website uses essential cookies for site functionality. We may use limited analytics to understand how visitors use our website. We do not use third-party advertising cookies or trackers. You can disable cookies in your browser, though some site features may not work.

12. Children

The Service is intended for use by Australian businesses, not by individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.

13. Contact us

For privacy questions, requests, or complaints:

14. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. If we make a material change, we will notify Customers by email at least 30 days before the change takes effect.