Privacy Policy

Last updated: 20 April 2026

This Privacy Policy explains how PumAI("we", "us", "our") collects, uses, stores and discloses personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Who we are

PumAI provides AI-powered conversational agents for Webchat, WhatsApp, Instagram and Messenger. Our registered business address is located in Australia. For privacy matters contact privacy@pumai.com.au.

2. Information we collect

  • Account data: name, email, password (hashed), business name, industry, phone.
  • Billing data: collected and stored by Stripe (we do not store card details).
  • Conversation data: messages exchanged between customers and AI agents, including attachments.
  • Usage data: dashboard access logs, feature usage, error logs.
  • Integration data: tokens and identifiers supplied by Meta (Page IDs, access tokens) and Whapi (WhatsApp session).
  • Technical data: IP address, browser type, device identifiers.

3. How we collect it

  • Directly from you when you register, configure channels or update your account.
  • From third parties when you connect integrations (Meta, Whapi, Google OAuth).
  • Automatically when you use the service (cookies, logs, analytics).

4. Why we collect it (purposes)

  • Provide, maintain and improve the service.
  • Process payments and manage subscriptions.
  • Generate AI responses to messages.
  • Send service-related notifications.
  • Comply with legal obligations.

5. Who we share it with

We share limited information with the following processors, only as necessary to operate the service:

  • OpenAI (United States) — processes conversation text to generate AI responses.
  • Stripe (United States / Ireland) — processes payments and manages subscriptions.
  • Meta Platforms (United States) — provides the Facebook Messenger and Instagram APIs.
  • Whapi (Israel / United States) — WhatsApp integration.
  • Google (United States) — OAuth authentication (only if you sign in with Google).
  • Our hosting and infrastructure providers.

We do not sell your personal information to third parties.

6. Cross-border disclosure (APP 8)

Some of our processors operate outside Australia. By using PumAI you acknowledge that your personal information (including the content of conversations) may be transferred to and processed in the United States, Ireland, Israel and other jurisdictions where our providers operate. These transfers are governed by the data protection agreements we maintain with each provider.

7. How we secure it (APP 11)

  • Passwords hashed with bcrypt.
  • Data transmitted over HTTPS / TLS in production.
  • Access to production systems restricted to authorised personnel.
  • Regular backups with retention.
  • Encryption at rest for sensitive credentials.

8. How long we keep it

  • Account data: while your account is active, then up to 12 months after deletion for legal purposes.
  • Conversation data: up to 24 months unless deleted earlier by you.
  • Billing records: 7 years, as required by Australian tax law.
  • Logs: 12 months.

9. Your rights (APP 12, APP 13)

  • Access: request a copy of your personal information.
  • Correction: correct inaccurate or outdated information.
  • Deletion: request deletion of your account and associated data.
  • Portability: request export of your data in a machine-readable format.
  • Complaint: lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC).

Requests can be made via privacy@pumai.com.au.

10. AI-generated content

Conversations with PumAI are handled by artificial intelligence. Responses may contain errors and should not be relied upon for professional, legal, medical or financial advice. You can request human takeover of any conversation at any time.

11. Notifiable Data Breaches

In the event of an eligible data breach we will notify affected individuals and the OAIC within the timeframes required by the Notifiable Data Breaches scheme.

12. Changes to this policy

We may update this policy. We will notify you of material changes by email or via the dashboard. The effective date is shown at the top of this page.

13. Contact

Privacy Officer — privacy@pumai.com.au