noemanoema

Legal

Privacy Policy

Last updated: 5 March 2026  ·  Noema Consulting Pty Ltd

Who We Are

Noema Consulting Pty Ltd (ACN 152 516 642) ("noema", "we", "us", or "our") operates the noema AI Voice Assistant platform, accessible at noema.au and related subdomains.

We are committed to protecting your personal information and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains what information we collect, why we collect it, how we use and disclose it, and your rights in relation to it.

In this policy, "you" refers to both our customers (businesses that subscribe to noema) and, where relevant, individuals whose information we process on behalf of those customers (such as callers to a noema-powered phone line).

Information We Collect

Account & business information

When you register for noema, we collect your name, email address, password (hashed), business name, and phone number. If you sign in using Google OAuth, we receive your name and email address from Google. We do not receive or store your Google password.

Caller information

When a member of the public calls your noema-powered phone number, we collect their phone number (provided by the telephone network), the date and time of the call, call duration, and any information they provide during the conversation. This information is collected on behalf of you (our customer) to operate the service.

Call recordings & transcripts

Calls handled by noema are recorded and transcribed using speech-to-text technology. Both the audio recording and the text transcript are stored and made available to you in your noema dashboard. Callers are notified that their call may be recorded at the start of each interaction.

Payment information

Billing is handled by Stripe. We do not store your full card number, CVV, or bank account details. Stripe provides us with a payment token, your billing email, and the last four digits of your card for display purposes. Stripe's privacy policy governs how they handle your payment data.

Usage & technical data

We collect logs of how you use the platform, including pages visited, features used, IP addresses, browser type, and device information. This helps us diagnose problems and improve the service.

Communications

If you contact us via support tickets, email, or web forms, we store the content of those communications so we can respond and track issues.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the noema platform
  • Process and route inbound phone calls on your behalf
  • Generate AI-powered responses and conversation transcripts
  • Display call history, leads, and contacts in your dashboard
  • Process payments and manage your subscription
  • Send transactional emails (account verification, billing receipts, call summaries)
  • Respond to support requests and resolve disputes
  • Detect and prevent fraud, abuse, and security incidents
  • Improve our AI models and service quality using aggregated, de-identified data
  • Comply with our legal obligations

We will not use your information for purposes other than those listed above without first obtaining your consent, unless we are required to do so by law.

Third-Party Providers

We engage the following third-party service providers to operate the platform. Each receives only the data necessary to perform their function.

ProviderPurpose
TwilioPhone number provisioning, call routing, and call recording
DeepgramSpeech-to-text transcription of call audio
AnthropicAI language model powering conversation responses
ElevenLabsText-to-speech synthesis of AI responses
StripePayment processing and subscription management
SendGrid (Twilio)Transactional email delivery
RailwayCloud hosting and infrastructure
GoogleOAuth sign-in (if you use Google login)

We do not sell your personal information to any third party. We do not share your information with advertisers.

Call Recording & AI Processing

The noema platform records telephone calls and processes the audio using AI services. The following applies to this activity:

Caller notification

The noema AI informs callers at the start of each call that they are speaking with an AI assistant. This satisfies the notification requirements under the Telecommunications (Interception and Access) Act 1979 (Cth) for one-party consent jurisdictions.

Customer responsibility: As a noema customer, you are responsible for ensuring your use of call recording complies with the laws applicable to your location and industry. Recording laws vary by state and territory. We recommend seeking independent legal advice if you are unsure of your obligations.

AI processing: Call audio is transmitted to Deepgram for transcription and the resulting text is sent to Anthropic to generate AI responses. Audio is also sent to ElevenLabs to synthesise speech. These providers process data on our behalf under data processing agreements and are not permitted to use your data for their own model training without separate consent.

No emergency services: The noema AI Voice Assistant is not capable of detecting or responding to emergencies. It must not be relied upon to contact emergency services. Callers requiring emergency assistance should be directed to call 000.

Data Retention

Account & business data

For the duration of your account, plus 24 months after closure

Call recordings (audio)

Up to 12 months from the date of the call

Call transcripts & AI conversation logs

Up to 12 months from the date of the call

Payment records

7 years (required by Australian tax law)

Support communications

3 years after resolution

Usage & technical logs

Up to 90 days

You may request earlier deletion of your personal information at any time by contacting us at [email protected]. We will action deletion requests within 30 days except where retention is required by law.

Security

We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, and destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Hashed storage of passwords (bcrypt)
  • Access controls limiting staff access to personal data on a need-to-know basis
  • Short-lived JWT authentication tokens with automatic refresh
  • Hosting on Railway infrastructure with industry-standard physical security

No method of transmission over the internet or electronic storage is 100% secure. If you believe your information has been compromised, please contact us immediately at [email protected].

Your Rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the following rights in relation to your personal information:

Access

You may request a copy of the personal information we hold about you. We will respond within 30 days. We may charge a reasonable fee for access in complex cases.

Correction

If the information we hold about you is inaccurate, out of date, incomplete, or misleading, you may ask us to correct it. We will action correction requests within 30 days.

Deletion

You may request that we delete your personal information. We will comply unless retention is required by law or necessary for a legitimate business purpose.

Opt-out of marketing

You may unsubscribe from marketing emails at any time using the unsubscribe link in any marketing email, or by contacting us directly. Transactional emails (receipts, security alerts) cannot be opted out of while your account is active.

To exercise any of these rights, contact us at [email protected]. We may ask you to verify your identity before fulfilling a request.

International Transfers

Our service providers (listed above) are based in the United States. By using noema, your personal information will be transferred to and processed in the United States, which may not have privacy laws equivalent to Australia's.

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure those recipients handle your information consistently with the Australian Privacy Principles, including entering into data processing agreements with our service providers.

Under APP 8.1, you acknowledge that where we have taken such reasonable steps, we are not liable for a breach of the APPs by an overseas recipient.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or by displaying a prominent notice in the platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

Your continued use of noema after the effective date of any change constitutes your acceptance of the updated policy.

Contact & Complaints

If you have any questions about this Privacy Policy or wish to make a privacy complaint, please contact our Privacy Officer:

Noema Consulting Pty Ltd

Email: [email protected]

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

Website: www.oaic.gov.au

Phone: 1300 363 992

GPO Box 5218, Sydney NSW 2001