Privacy Policy

Last updated: 18 May 2026

The Office Lady is operated by Ryan Sims (ABN 90 973 786 085), trading as The Office Lady, of 65 Shanahan Street, Redland Bay QLD 4165, Australia. In this Privacy Policy, references to "we", "us" or "our" mean Ryan Sims trading as The Office Lady. References to "you" mean any individual whose personal information we handle, including website visitors, demonstration users, customers, and customers' callers.

This Privacy Policy explains how we handle personal information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. It applies to all our services, including the website at theofficelady.au, the Ashleigh demonstration, and the paid AI voice receptionist service.

1. What information we collect

We collect personal information in several ways.

From you directly (as a website visitor, demonstration user, or customer): your name, email, mobile number, business name, and any other information you provide in conversation with Ashleigh, through forms on the website, or in correspondence with us.

From the calls our service handles for paying customers: the names, mobile numbers, email addresses, business names, and conversation content of your customers' callers. This information is collected on behalf of, and at the direction of, the paying customer (the call recipient).

Automatically when you use the website: technical information including your IP address, browser type, device type, pages visited, and timestamps. We use standard logging tools to maintain the website. We do not currently use behavioural tracking cookies.

From payment processing: billing name, billing address, and card payment metadata. We do not store card numbers — these are handled by our payment processor, Stripe.

2. Sensitive information

We do not solicit sensitive information (as defined under the Privacy Act, including health information, race, religion, sexual orientation, political views, biometric information, etc.). If a caller voluntarily mentions sensitive information during a call, it may be incidentally captured in call recordings and transcripts. We treat any such information with the same care as other personal information and apply the retention windows described in section 5.

3. How we use personal information

We use the personal information we collect to:

• Provide the AI voice receptionist service to our paying customers, including answering calls and creating bookings on their behalf;
• Operate the demonstration on theofficelady.au;
• Communicate with you about service updates, billing, and support;
• Improve our service quality, including by reviewing call recordings and transcripts for quality assurance and prompt-design improvements;
• Comply with our legal obligations.

We do not sell personal information. We do not use personal information for advertising to you or to third parties.

4. Who we share personal information with

We share personal information only as needed to provide the service or as required by law.

Service providers we use to operate the service include providers in the following categories, with primary processing locations as noted:

• Voice AI platform (United States) — handles call audio, transcription, conversational logic, and may store call recordings in line with the retention rules in section 5;
• Telecommunications provider (United States) — handles SMS and (where applicable) voice routing for our Australian phone numbers;
• Text-to-speech provider (United States) — receives text prompts to generate Ashleigh's spoken responses. Text prompts may include caller names and booking details;
• Database and hosting provider (Singapore) — stores booking records, transcripts, customer contacts, and operational data;
• Payment processor (Stripe — United States, with Stripe Payments Australia Pty Ltd as our Australian regulatory counterpart);
• Job and scheduling software integration (ServiceM8 — Australia) — for paying customers on plans that include this integration, we push booking and customer data to the customer's own ServiceM8 account at their direction;
• Calendar provider (United States) — for booking events written to customers' nominated calendar accounts at their direction;
• Email provider (United States) — for transactional emails sent to customers (e.g. account notifications, booking confirmations).

Each provider is bound by its own terms and privacy practices and processes personal information only as necessary to provide the relevant function to us.

Other recipients. We may also disclose personal information:

• To our customers, where the information was collected by Ashleigh on their behalf during a call (e.g. a caller's contact details, captured for the purpose of booking);
• To professional advisers (lawyers, accountants) bound by duties of confidentiality;
• Where required by law, regulator request, or court order;
• In connection with a sale, merger, or restructure of our business, where the recipient agrees to handle the information consistently with this Privacy Policy.

5. How long we keep personal information

We retain personal information only as long as we need it for the purposes set out in section 3, or as required by law.

For paying customers' service data:

• Call audio recordings — 30 days from the date of the call;
• Call transcripts and text-based records — 90 days from the date of the call;
• Booking, customer and job records — for the duration of the customer's subscription, plus 90 days after termination, then permanently deleted;
• Voice clones (where customers have taken the voice cloning add-on) — for the duration of the subscription. Deleted on subscription termination or earlier on request.

For website visitors and demonstration users:

• Demonstration call recordings and transcripts — same as above (30 / 90 days);
• Contact details captured during a demonstration that resulted in a follow-up enquiry — kept until the enquiry is resolved or you ask us to delete them.

For all users:

• Billing records and tax-related information — minimum of seven (7) years from the end of the relevant financial year, as required under Australian tax law.

You can request earlier deletion of any record at any time by emailing ryan@theofficelady.au, except where we are required by law to retain it.

6. Overseas disclosure

As set out in section 4, several of our service providers are located outside Australia, primarily in the United States and Singapore. By using our service, you acknowledge that personal information about you may be processed in those countries.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles the information consistently with the Australian Privacy Principles. However, where information is processed overseas, the relevant overseas privacy laws (rather than Australian law) may apply to that handling.

The countries we currently disclose personal information to are: United States, Singapore. We will update this Privacy Policy if this changes.

7. Security

We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, or disclosure. These steps include:

• Encryption of data in transit (HTTPS / TLS) and at rest where supported by our service providers;
• Access controls and authentication on systems holding personal information;
• Encrypted storage of third-party integration credentials;
• Logical separation of customers' data in our database;
• Regular review of security practices in line with industry standards.

No system is perfectly secure. If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

8. Access, correction, and complaints

Access. You can request access to the personal information we hold about you by emailing ryan@theofficelady.au. We will respond within a reasonable period (usually within 30 days) and provide the information unless an exception under the Privacy Act applies.

Correction. If you believe personal information we hold is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you can ask us to correct it. We will respond within a reasonable period.

Complaints. If you have a complaint about how we have handled your personal information, please contact us first by emailing ryan@theofficelady.au. We will acknowledge your complaint promptly and aim to resolve it within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner:

• Website: oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5288, Sydney NSW 2001

9. Callers to our customers' businesses

If you are calling a business that uses The Office Lady to handle its calls, you are speaking with our AI receptionist (Ashleigh, or a custom-branded version configured for that business). The information collected during your call (name, mobile, email, the purpose of your call) is collected on behalf of, and provided to, the business you called.

The business you called is responsible for its own use of that information. If you have a privacy concern about how the business uses your information after the call, please contact that business directly. We can assist with deletion of the call recording and transcript from our systems on request.

10. Children

The Office Lady service is provided to businesses, not individuals, and the website and demonstration are not directed at children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal information to us, please contact ryan@theofficelady.au and we will delete it.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or the law. Material changes will be communicated via the website. The "Last updated" date at the top of this page reflects the current version.

12. Contact

For any privacy-related question, request, or complaint: