Privacy Policy

FamilySentry is an Australian service that provides in-call AI-powered scam call detection and family alert services. We are based in South Australia.

FamilySentry Pty Ltd

ACN: 698 176 037

ABN: 77 698 176 037

Contact: admin@familysentry.com.au

We collect personal information only to the extent necessary to provide our services. The information we collect includes:

From interest registrations:

• Email address
• Name (if provided voluntarily)

From service subscribers:

• Name and email address (account registration)
• Phone number(s) associated with the service
• Payment information (processed by Stripe — we do not store card details)
• Known contacts list (names, phone numbers, relationships) — names and relationships are AES-256-GCM encrypted at rest; phone numbers are stored in plain E.164 format because they are required for caller-matching during call screening
• Family member details (name, phone number, email, notification preferences)
• Push-notification device tokens (Firebase Cloud Messaging tokens) for the FamilySentry mobile app — encrypted at rest with AES-256-GCM

Call data (collected automatically during service operation):

• Caller phone number and call metadata (timestamp, duration)
• Call transcripts — generated during the call for AI scam analysis. Before any transcript is stored or sent to our US-based AI provider for analysis, it is passed through an ingest-time redaction layer that removes sensitive information (TFN, Medicare and other government identifiers, credit-card and bank-account numbers, dates of birth, disclosed health conditions, religious affiliations, ethnic origin, sexual orientation, political opinion, and union membership). Transcripts of LOW- and MEDIUM-risk calls are not stored at all — only metadata is kept. Transcripts of HIGH- and CRITICAL-risk calls are stored in redacted form, encrypted at rest with AES-256-GCM, and are accessible only to the protected person and to FamilySentry support staff (never to your nominated family members).
• Call recordings — FamilySentry does not store audio recordings of calls. Audio is transcribed in real time and the audio stream is then discarded.
• AI risk assessment and scam-category classification
• Phone numbers and AI risk assessments associated with calls screened on your account

We collect personal information:

• Directly from you when you register interest, sign up, or contact us
• Automatically when the FamilySentry service processes calls routed through it
• From third-party telecommunications providers (Twilio) when calls are made to or forwarded through our service

We collect personal information for the following purposes:

• To provide in-call scam detection and family alert services
• To contact registered interest subscribers about the service launch and early access
• To contact you about your account, billing, and service notifications
• To comply with legal obligations
• To improve and develop our services
• To respond to your enquiries and support requests

We will not use your personal information for any purpose other than those listed above without your consent.

Under APP 5 we are required to disclose the third parties to which your personal information may be transmitted. We use the following providers to deliver the Service. They process data on our behalf and are required to handle it in accordance with applicable privacy laws:

• Twilio Inc. (USA) — telephone infrastructure, call routing and SMS. Twilio processing — call signalling, TwiML execution, voice media (the actual call audio bridged between the caller and the protected person), SMS messaging used to deliver scam alerts to family members, CallerName Lookup used to identify verified business callers, and FCM Push Credential provisioning used to deliver incoming-call notifications to the FamilySentry mobile app — is processed in Twilio's US1 region. FamilySentry does NOT request Twilio to record calls; voice audio passes through Twilio in transit only and is not stored by Twilio. Twilio offers an Australian (Sydney, au1) edge for some services, but our incoming-call delivery to the FamilySentry mobile app depends on FCM Push Credentials which Twilio only provisions in its US region; pinning the call path to au1 would prevent calls from being delivered to the app, so the entire Twilio call path is processed in the United States for technical viability. The pre-call consent notice (see section 6) expressly discloses this routing before any audio leaves the caller's line.
• Supabase Inc. (USA) — database (PostgreSQL) and authentication. The FamilySentry production instance is hosted on AWS infrastructure in the Sydney region (ap-southeast-2, Australia), so personal information is physically stored in Australia. Data is encrypted at rest by Supabase and additionally AES-256-GCM-encrypted at the application layer for sensitive fields (contact names, contact relationships, FCM device tokens). Supabase Inc., as a US-based entity, retains technical access to the database for service delivery — see the cross-border disclosure note below.
• Anthropic PBC (USA) — AI analysis of call transcripts for scam detection. Transcripts are sent to the Claude API for analysis AFTER our ingest-time redaction layer has stripped sensitive information (TFN, Medicare and other identifiers, financial details, dates of birth, disclosed health conditions, religion, ethnic origin, and other Privacy Act s.6 sensitive information). Under our standard Anthropic API agreement, prompts and outputs may be retained by Anthropic for up to 30 days for trust-and-safety review and are not used to train Anthropic's models. User-feedback sharing is disabled on our account.
• Deepgram Inc. (USA) — in-call speech-to-text transcription. Every connection uses Deepgram's no_storage flag, so audio is processed in memory and never written to Deepgram's storage. We also enable Deepgram's native redaction (PCI, PII, PHI, and number sequences) at the transcription layer, so sensitive data is stripped from the transcript stream before it leaves Deepgram.
• Resend (Resend Inc., USA) — transactional email delivery (account confirmation, password reset, scam-risk alerts, monthly-quota notifications, family-member invite emails). Resend is also our Supabase auth SMTP provider.
• Firebase Cloud Messaging (Google LLC, USA) — push-notification delivery to the FamilySentry mobile app for both Twilio Voice CallInvite delivery and family-alert push notifications.
• Stripe Inc. (USA) — (a) identity verification of nominated family members via Stripe Identity (government-ID document image + selfie + automated name-match against the legal name supplied by the protected person at invitation time). Stripe Identity acts as our verification provider; the protected person never sees the ID image or selfie, and FamilySentry retains only a verification reference and a pass/fail outcome — the source images are held by Stripe under their own retention policy. (b) Payment processing (when paid subscriptions launch). We do not store full card details — only Stripe customer and subscription identifiers.
• Railway (Railway Corp, USA) — application hosting for the API server. The dashboard frontend and API server run on Railway infrastructure in Singapore. Personal information is processed in transit by these servers when you use the Service (call audio, transcripts, alert routing) but is not permanently stored on Railway — persistent storage of personal information is handled by Supabase in Sydney, Australia (above).
• Microsoft Corporation (USA) — website analytics and session replay (Microsoft Clarity). Loaded only after analytics consent.
• Google LLC (USA) — website traffic and usage analytics (Google Analytics 4). Loaded only after analytics consent.
• Meta Platforms, Inc. (USA) — advertising conversion and audience measurement (Meta Pixel). Loaded only after analytics consent.

Cross-border disclosure (APP 8)

Several providers above are based in the United States, and your call audio, transcripts, and AI analyses pass through US-based infrastructure during the call. Persistent storage of personal information remains in the Asia-Pacific region:

• Persistent storage of personal information is handled by Supabase on AWS infrastructure in Sydney, Australia (ap-southeast-2). Your personal information is physically stored within Australia.
• Application servers (Railway) run in Singapore. Personal information passes through these servers in transit when you use the Service (e.g. when call audio is routed to AI analysis or when alerts are dispatched) but is not permanently stored there.
• Twilio call processing (call signalling, TwiML execution, voice media, voice recordings, SMS messaging, CallerName Lookup, and FCM Push Credential provisioning) occurs in Twilio's US1 region (United States). See the Twilio entry above for the technical reason. The pre-call consent notice (section 6) expressly discloses this before any audio is processed.

Supabase Inc. and Railway Corp, as US-based entities, retain technical access to their respective infrastructure for service delivery and are contractually bound to process data only for the purpose of providing that service. Encryption at rest plus the application-layer encryption noted above apply.

Under APP 8 (Cross-border disclosure of personal information), before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs. Each provider listed above is contractually bound to process data only for the purpose of providing services to FamilySentry, and we apply application-layer AES-256-GCM encryption to the most sensitive fields (contact names, relationships, and FCM tokens) so that they remain unreadable in the database without our encryption key.

FamilySentry routes calls through its system for the purpose of in-call AI scam analysis. We operate in accordance with the Telecommunications (Interception and Access) Act 1979 (Cth) and the Surveillance Devices Act 2016 (SA).

At the start of every screened call (before the call is connected), a recorded announcement notifies the caller that the call will be transcribed and analysed in real time, identifies the US-based service providers involved (see section 5), and gives the caller the option to consent (by pressing 1) or hang up. The call is not bridged to the protected person unless the caller consents.

What we store and what we don't

• Audio recordings: FamilySentry does not store audio recordings of calls. Audio is transcribed in real time by our US-based transcription provider (Deepgram, with their no_storage flag set) and the audio stream is then discarded.
• Ingest-time redaction: Before any transcript text is stored or sent to our US-based AI provider for analysis, an automated redaction layer removes sensitive information including TFN, Medicare and other government identifiers, credit-card and bank-account numbers, dates of birth, disclosed health conditions, religious affiliations, ethnic origin, sexual orientation, political opinion, and union membership. This minimises the personal information collected under APP 3 and the sensitive-information collection rule in APP 3.3.
• LOW- and MEDIUM-risk calls: Only metadata (timestamp, duration, caller number, AI risk level, scam category) is stored. No transcript text is retained.
• HIGH- and CRITICAL-risk calls: The redacted transcript is retained, AES-256-GCM-encrypted at rest, and is accessible only to the protected person (the elder) and to FamilySentry support staff. Family members nominated to receive scam alerts do not see transcripts or call content of any kind.

Who can see and do what on your account

A FamilySentry account always has one Protected Person — the individual whose calls are screened. It also has an Owner — the person who holds billing responsibility — and may have one or more Monitors (family members nominated to receive scam alerts). One person may hold more than one of these roles.

When the Protected Person manages their own account, they are both Protected Person and Owner. When a family member sets up the account on the Protected Person's behalf (for example, an adult child setting up the service for an elderly parent), Owner and Protected Person are different people. In that case the following access rules apply:

• The Protected Person — sees all calls, alerts, transcripts, and settings on the account, and is the only person who can change call-handling settings (auto-end-call thresholds, ring timeout, business whitelist), pause monitoring, nominate Monitors, or revoke a Monitor's access.
• The Owner (when not also the Protected Person) — sees billing information and the basic status of the service (whether call forwarding is active, plan tier, days remaining). The Owner does not see the Protected Person's call history, transcripts, or call-handling settings, and the Owner cannot add or remove Monitors. Paying for the service does not confer access to the Protected Person's communications data.
• Monitors — receive scam alerts (date, time, and a brief risk classification, per the rules above) on the channels they have chosen. Monitors do not see transcripts, call content, caller numbers, AI summaries, or full call history.
• FamilySentry support staff — access encrypted HIGH- and CRITICAL-risk transcripts only when responding to a support request from the Protected Person, when investigating a security incident, or where required by law (see section 4).

The Protected Person can change who has access at any time. From the FamilySentry mobile app or the dashboard, the Protected Person can see the full list of people who currently hold Monitor access, revoke any Monitor immediately, and pause the entire service. When the Protected Person revokes a Monitor, that Monitor's access ends within seconds and they stop receiving future alerts. When the Protected Person pauses the service, call forwarding is removed from their phone, calls ring through directly to them as if FamilySentry were not installed, and no call data is generated.

When a family member nominates a Monitor on the Protected Person's behalf during initial setup, the Protected Person is sent an independent notification (email or, if no email is on file, SMS together with an in-app prompt) confirming the nomination and reminding them of their right to revoke it.

Verifying a Monitor's identity

To reduce the risk that an impostor accepts a Monitor invitation, every nominated Monitor must complete a one-time identity check via our verification provider, Stripe Identity, before they can receive alerts. Stripe Identity captures a photo of a government-issued ID document and a short selfie, performs an automated check that the selfie matches the ID, and compares the legal name on the ID against the legal name the Protected Person supplied when nominating the Monitor. Only the verification reference and pass/fail outcome are returned to FamilySentry; the underlying images stay with Stripe under their own retention policy.

Identity verification is a one-time check that the person accepting the invitation is the person the Protected Person nominated. It is not a guarantee against future misuse: a Monitor who passes verification but later behaves abusively, or whose phone or email is compromised after verification, will still receive alerts until the Protected Person revokes them. The Protected Person remains in control and can revoke any Monitor at any time, as set out above.

Who this service is for — capacity to give informed consent

FamilySentry is designed for adults who can give informed consent to call screening on their own phone. It is not designed for people who lack that capacity — including those with significant cognitive impairment or dementia where decision-making capacity is in question.

The Service depends on the Protected Person personally enabling call forwarding from their own handset, and that step is how we capture their consent under the Telecommunications (Interception and Access) Act 1979 (Cth) and the Surveillance Devices Act 2016 (SA). If the person being protected cannot perform that step themselves, the Service is not operating on a consent basis that we are willing to rely on, regardless of any power-of-attorney or guardianship authority the Owner may hold (see also our Terms of Service, "Account roles and access", paragraph (e) Capacity).

If you are unsure whether the person you want to protect can give informed consent to call screening, please consult their treating doctor or a qualified legal professional before subscribing on their behalf.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Security measures include:

• AES-256-GCM encryption at rest for sensitive fields (contact names, contact relationships, FCM device tokens, and HIGH/CRITICAL-risk call transcripts)
• Ingest-time redaction of transcripts before storage and before transmission to our US-based AI provider — see section 6
• TLS encryption in transit for all data
• Access controls and authentication for all internal systems
• Regular review of security practices

Despite these measures, no data transmission over the internet is guaranteed to be completely secure. You use our service at your own risk, and we cannot guarantee absolute security.

We retain personal information only for as long as necessary for the purposes described in this policy. We follow a strict data-minimisation principle: we do not store call content unless it is operationally necessary.

• Interest registration records: until you unsubscribe or request deletion
• Account and subscriber data: for the duration of your subscription and for up to 7 years after termination, as required by Australian tax and financial record-keeping obligations
• Call recordings (audio): never stored. Call audio is transcribed in real time and the audio stream is discarded.
• LOW- and MEDIUM-risk call transcripts: never stored. Only the call metadata (timestamp, duration, caller number, risk level, scam category) is kept.
• HIGH- and CRITICAL-risk call transcripts: stored in redacted, AES-256-GCM-encrypted form. Auto-deleted once they pass the call-history window for your plan (Single — 14 days, Household and Family — 30 days). You may also delete individual call records from your dashboard at any time, and that deletion takes effect immediately.
• False-positive review window: when the protected person flags a HIGH- or CRITICAL-risk call as a false positive, the redacted transcript is held for review by FamilySentry support staff for up to 6 hours. After that window the transcript continues to be retained under the standard plan-tier window above.
• Audit and security logs (login history, password-change events, account-deletion confirmations): retained for 12 months as required by APP 11.1 (security of personal information)

If you downgrade to a plan with a shorter retention window, records older than the new window are deleted on the next scheduled sweep (typically within 24 hours of the downgrade).

Under the Privacy Act 1988 (Cth), you have the right to:

• Request access to the personal information we hold about you (APP 12)
• Request correction of personal information that is inaccurate, out of date, incomplete, or misleading (APP 13)
• Opt out of direct marketing communications
• Request deletion of your data (subject to legal retention obligations)

How to request deletion of your data:

• Email us at admin@familysentry.com.au with the subject line "Data deletion request" and the email address associated with your account.
• We will confirm receipt within 5 business days and complete deletion within 30 days, except where we are required by Australian tax or financial record-keeping law to retain certain records (in which case we will explain what we must keep and for how long).
• Subscribers can also delete individual call records, known contacts, and family members directly from the dashboard at any time — that deletion is immediate.
• On full account closure, encrypted call transcripts, AI analyses, FCM tokens, and known-contact records are deleted within 30 days. Subscription, invoice, and tax records are retained for 7 years per Australian tax law.

To exercise any of these rights, please contact us at admin@familysentry.com.au. We will respond within 30 days.

Our web application uses browser cookies and local storage for two purposes:

Essential cookies and storage:

• Session management for logged-in users (authentication tokens)
• User preferences such as your dark/light mode setting and your analytics consent choice

These are required for the service to function and are not used for tracking.

Analytics cookies (opt-in):

With your consent, we partner with the following third-party analytics services to capture how you use and interact with our website:

• Microsoft Clarity — captures behavioral metrics, heatmaps, and session replay to help us identify usability issues and improve the site. Website usage data is captured using first and third-party cookies and other tracking technologies. We use this information for site optimization and security purposes. Clarity automatically masks text inputs and other sensitive fields by default
• Google Analytics 4 — aggregates anonymous traffic data such as page views, referral sources, and approximate geographic region
• Meta Pixel — records page views and waitlist sign-ups (as the "Lead" conversion event) so we can measure the performance of advertising campaigns on Facebook and Instagram and reach similar audiences. The pixel sends Meta your IP address, browser/device information, and which pages or events you triggered on our site

These services are provided by Microsoft Corporation, Google LLC, and Meta Platforms, Inc. respectively, all based in the United States. When you click "Accept" on our consent banner, you agree that we and these providers may collect and use data about your interactions with the site for the purposes described above. We do not send your name, email address, phone number, or any other identifying information to these services, and we do not link analytics sessions to your FamilySentry account.

We only load these analytics services after you click "Accept" on the consent banner shown on your first visit. If you click "Decline", no analytics cookies are set and no data is sent to Microsoft, Google, or Meta. You can change your choice at any time by clicking "Cookie preferences" in the site footer, or by clearing your browser storage for this site — the banner will reappear on your next visit.

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement. For Google, see the Google Privacy Policy. For Meta, see the Meta Privacy Policy.

Our service is not directed to persons under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

If you believe we have breached the Australian Privacy Principles or the Privacy Act 1988, please contact us first at admin@familysentry.com.au. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are material, notify registered users by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

For any questions about this Privacy Policy or how we handle your personal information, please contact:

FamilySentry Pty Ltd
ACN 698 176 037
ABN 77 698 176 037
Adelaide, South Australia
Email: admin@familysentry.com.au