Privacy Policy

FamilySentry is an Australian service that provides real-time AI-powered scam call detection and family alert services. We are based in South Australia.

ABN: 38 485 223 654

Contact: admin@familysentry.com.au

We collect personal information only to the extent necessary to provide our services. The information we collect includes:

From interest registrations:

• Email address
• Name (if provided voluntarily)

From service subscribers:

• Name and email address (account registration)
• Phone number(s) associated with the service
• Payment information (processed by Stripe — we do not store card details)
• Known contacts list (names, phone numbers, relationships) — names and relationships are AES-256-GCM encrypted at rest; phone numbers are stored in plain E.164 format because they are required for caller-matching during call screening
• Family member details (name, phone number, email, notification preferences)
• Push-notification device tokens (Firebase Cloud Messaging tokens) for the FamilySentry mobile app — encrypted at rest with AES-256-GCM

Call data (collected automatically during service operation):

• Caller phone number and call metadata
• Call transcripts (generated in real time for AI analysis)
• Call recordings — retained only where you have explicitly enabled recording retention; deleted by default
• AI risk assessments and analysis output
• Timestamps and call duration

We collect personal information:

• Directly from you when you register interest, sign up, or contact us
• Automatically when the FamilySentry service processes calls routed through it
• From third-party telecommunications providers (Twilio) when calls are made to or forwarded through our service

We collect personal information for the following purposes:

• To provide real-time scam detection and family alert services
• To contact registered interest subscribers about the service launch and early access
• To contact you about your account, billing, and service notifications
• To comply with legal obligations
• To improve and develop our services
• To respond to your enquiries and support requests

We will not use your personal information for any purpose other than those listed above without your consent.

Under APP 5 we are required to disclose the third parties to which your personal information may be transmitted. We use the following providers to deliver the Service. They process data on our behalf and are required to handle it in accordance with applicable privacy laws:

• Twilio Inc. (USA) — telephone infrastructure, call routing, SMS, and voice recordings. Voice traffic uses Twilio's Sydney edge (au1) where available.
• Supabase Inc. (USA) — database (PostgreSQL) and authentication. The FamilySentry production instance is hosted on AWS infrastructure in the Sydney region (ap-southeast-2, Australia), so personal information is physically stored in Australia. Data is encrypted at rest by Supabase and additionally AES-256-GCM-encrypted at the application layer for sensitive fields (contact names, contact relationships, FCM device tokens). Supabase Inc., as a US-based entity, retains technical access to the database for service delivery — see the cross-border disclosure note below.
• Anthropic PBC (USA) — AI analysis of call transcripts for scam detection. Transcripts are sent to the Claude API for analysis. Under our standard Anthropic API agreement, prompts and outputs may be retained by Anthropic for up to 30 days for trust-and-safety review and are not used to train Anthropic's models. User-feedback sharing is disabled on our account.
• Deepgram Inc. (USA) — real-time speech-to-text transcription. Every connection uses Deepgram's no_storage flag, so audio is processed in memory and never written to Deepgram's storage.
• Resend (Resend Inc., USA) — transactional email delivery (account confirmation, password reset, scam-risk alerts, monthly-quota notifications, family-member invite emails). Resend is also our Supabase auth SMTP provider.
• Firebase Cloud Messaging (Google LLC, USA) — push-notification delivery to the FamilySentry mobile app for both Twilio Voice CallInvite delivery and family-alert push notifications.
• Stripe Inc. (USA) — payment processing (when paid subscriptions launch). We do not store full card details — only Stripe customer and subscription identifiers.
• Railway (Railway Corp, USA) — application hosting for the API server. The dashboard frontend and API server run on Railway infrastructure in Singapore. Personal information is processed in transit by these servers when you use the Service (call audio, transcripts, alert routing) but is not permanently stored on Railway — persistent storage of personal information is handled by Supabase in Sydney, Australia (above).
• Microsoft Corporation (USA) — website analytics and session replay (Microsoft Clarity). Loaded only after analytics consent.
• Google LLC (USA) — website traffic and usage analytics (Google Analytics 4). Loaded only after analytics consent.
• Meta Platforms, Inc. (USA) — advertising conversion and audience measurement (Meta Pixel). Loaded only after analytics consent.

Cross-border disclosure (APP 8)

Several providers above are based in the United States. The two pieces of infrastructure that handle your personal information are located in the Asia-Pacific region:

• Persistent storage of personal information is handled by Supabase on AWS infrastructure in Sydney, Australia (ap-southeast-2). Your personal information is physically stored within Australia.
• Application servers (Railway) run in Singapore. Personal information passes through these servers in transit when you use the Service (e.g. when call audio is routed to AI analysis or when alerts are dispatched) but is not permanently stored there.

Supabase Inc. and Railway Corp, as US-based entities, retain technical access to their respective infrastructure for service delivery and are contractually bound to process data only for the purpose of providing that service. Encryption at rest plus the application-layer encryption noted above apply.

Under APP 8 (Cross-border disclosure of personal information), before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs. Each provider listed above is contractually bound to process data only for the purpose of providing services to FamilySentry, and we apply application-layer AES-256-GCM encryption to the most sensitive fields (contact names, relationships, and FCM tokens) so that they remain unreadable in the database without our encryption key.

FamilySentry routes calls through its system for the purpose of real-time AI analysis. We operate in accordance with the Telecommunications (Interception and Access) Act 1979 (Cth) and the Surveillance Devices Act 2016 (SA).

Callers are notified that their call may be monitored or recorded by a recorded announcement at the start of the call, prior to being connected. By continuing the call, callers consent to this monitoring.

Call recordings are deleted by default after analysis. Recordings are only retained where the subscriber has explicitly enabled recording retention in their account settings. Retained recordings may be deleted at any time by the subscriber.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Security measures include:

• AES-256-GCM encryption for sensitive fields (contact names and relationships) at rest
• TLS encryption in transit for all data
• Access controls and authentication for all internal systems
• Regular review of security practices

Despite these measures, no data transmission over the internet is guaranteed to be completely secure. You use our service at your own risk, and we cannot guarantee absolute security.

We retain personal information only for as long as necessary for the purposes described in this policy:

• Interest registration records: until you unsubscribe or request deletion
• Account and subscriber data: for the duration of your subscription and for up to 7 years after termination, as required by Australian tax and financial record-keeping obligations
• Call transcripts and AI analysis: retained in your account history; you may delete individual call records from your dashboard
• Call recordings: deleted automatically after analysis unless retention is enabled by you

Under the Privacy Act 1988 (Cth), you have the right to:

• Request access to the personal information we hold about you (APP 12)
• Request correction of personal information that is inaccurate, out of date, incomplete, or misleading (APP 13)
• Opt out of direct marketing communications
• Request deletion of your data (subject to legal retention obligations)

How to request deletion of your data:

• Email us at admin@familysentry.com.au with the subject line "Data deletion request" and the email address associated with your account.
• We will confirm receipt within 5 business days and complete deletion within 30 days, except where we are required by Australian tax or financial record-keeping law to retain certain records (in which case we will explain what we must keep and for how long).
• Subscribers can also delete individual call records, known contacts, and family members directly from the dashboard at any time — that deletion is immediate.
• On full account closure, encrypted call recordings, transcripts, AI analyses, FCM tokens, and known-contact records are deleted within 30 days. Subscription, invoice, and tax records are retained for 7 years per Australian tax law.

To exercise any of these rights, please contact us at admin@familysentry.com.au. We will respond within 30 days.

Our web application uses browser cookies and local storage for two purposes:

Essential cookies and storage:

• Session management for logged-in users (authentication tokens)
• User preferences such as your dark/light mode setting and your analytics consent choice

These are required for the service to function and are not used for tracking.

Analytics cookies (opt-in):

With your consent, we partner with the following third-party analytics services to capture how you use and interact with our website:

• Microsoft Clarity — captures behavioral metrics, heatmaps, and session replay to help us identify usability issues and improve the site. Website usage data is captured using first and third-party cookies and other tracking technologies. We use this information for site optimization and security purposes. Clarity automatically masks text inputs and other sensitive fields by default
• Google Analytics 4 — aggregates anonymous traffic data such as page views, referral sources, and approximate geographic region
• Meta Pixel — records page views and waitlist sign-ups (as the "Lead" conversion event) so we can measure the performance of advertising campaigns on Facebook and Instagram and reach similar audiences. The pixel sends Meta your IP address, browser/device information, and which pages or events you triggered on our site

These services are provided by Microsoft Corporation, Google LLC, and Meta Platforms, Inc. respectively, all based in the United States. When you click "Accept" on our consent banner, you agree that we and these providers may collect and use data about your interactions with the site for the purposes described above. We do not send your name, email address, phone number, or any other identifying information to these services, and we do not link analytics sessions to your FamilySentry account.

We only load these analytics services after you click "Accept" on the consent banner shown on your first visit. If you click "Decline", no analytics cookies are set and no data is sent to Microsoft, Google, or Meta. You can change your choice at any time by clicking "Cookie preferences" in the site footer, or by clearing your browser storage for this site — the banner will reappear on your next visit.

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement. For Google, see the Google Privacy Policy. For Meta, see the Meta Privacy Policy.

Our service is not directed to persons under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

If you believe we have breached the Australian Privacy Principles or the Privacy Act 1988, please contact us first at admin@familysentry.com.au. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are material, notify registered users by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

For any questions about this Privacy Policy or how we handle your personal information, please contact:

FamilySentry
ABN 38 485 223 654
Adelaide, South Australia
Email: admin@familysentry.com.au