This Privacy Policy describes how Snackable Media Pty Ltd (ACN 643 012 239, ABN 18 643 012 239) trading as Proshop AI ("we", "us", "our") collects, uses, discloses and protects personal information.
We comply with the Privacy Act 1988 (Cth) (the "Privacy Act") and the Australian Privacy Principles ("APPs"). If you have questions about this Policy or want to exercise your privacy rights, contact us:
- Email: privacy@callproshops.com
- Post: 9-13 Bronte Road, Bondi Junction, NSW 2022, Australia
1. Who this Policy applies to
We collect personal information about three groups of people:
- Callers — people who call, message, or otherwise contact a golf course or pro shop that uses Proshop AI ("Customer Course");
- Customer Course staff — the operators and employees of Customer Courses who use our dashboard; and
- Site visitors — people who visit our website at callproshops.com and submit interest forms.
Different parts of this Policy apply to each group. Where the same rules apply across all groups, we say "you" generically.
2. What we collect
2.1 Callers (your customers, if you operate a pro shop)
When you call, WhatsApp, or SMS a Customer Course that uses Proshop AI, we collect:
- Your phone number (passed by the telecommunications provider when you contact us).
- What you say or write to the AI agent — we transcribe inbound speech to text so the agent can interpret it and so the Customer Course can read what was said. By default we do not retain audio recordings — we keep transcripts only. (Some Customer Courses opt in to audio recording; if they do, the agent will tell you so at the start of the call.)
- Information you choose to share during the conversation — your name, your email address, the date and time you want to book, your party size, special requirements you mention, and any other details you provide.
- Metadata about the interaction — when the call or message happened, how long it lasted, what channel it came through, what language it was in, and a short summary of the outcome.
- Your preferred language, cached after the first call so subsequent calls feel familiar.
2.2 Customer Course staff
When you sign up to use Proshop AI, we collect:
- Identity — your name, email address, and role at the Customer Course.
- Authentication data — managed through our third-party identity provider (Clerk). We do not store your password.
- Course details — the information you provide to configure the Service: course name, address, contact details, hours, pricing, knowledge-base content, etc.
- Activity — actions you take in the dashboard, including which bookings you confirm or reject and which AI-flagged questions you answer.
2.3 Site visitors
When you visit callproshops.com or submit an interest form, we collect:
- Form information — your name, email, the name of the pro shop you operate, and any message you include.
- Server logs — IP address, browser type, pages visited, referrer, in line with normal web hosting. We do not use behavioural tracking or third-party advertising cookies on the marketing site.
3. Why we collect it
We collect personal information for the following primary purposes:
| Purpose | Whose information |
|---|---|
| To provide the Service to Customer Courses (answer calls, take bookings, surface what was said) | Callers, Customer Course staff |
| To operate, maintain, secure and improve the Service | All groups |
| To bill Customer Courses for their usage | Customer Course staff |
| To respond to enquiries from prospective customers | Site visitors |
| To comply with our legal obligations | All groups |
| To detect, prevent and respond to fraud or misuse | All groups |
We will not use your personal information for any other purpose unless we have your consent or it is otherwise permitted under the Privacy Act.
4. How we collect it
We collect personal information:
- Directly from you when you speak to or message a Customer Course that uses Proshop AI, when you sign up as a Customer Course staff user, or when you fill in a form on our website;
- From the Customer Course when they configure their knowledge base or staff list; and
- Automatically through the technical operation of the Service (server logs, interaction metadata).
We may collect personal information about a caller from a Customer Course (for example, if the operator updates a caller's name in the system) and from the telecommunications providers we use (Twilio, who routes calls and messages to us).
5. Who we share it with
We share personal information with:
- The Customer Course you called or messaged. Callers' interaction details are visible to the operator of the Customer Course in their dashboard. That is the point of the Service.
- Our service providers — we share personal information with the technology providers we use to run the Service. As of the date of this Policy, those are:
| Provider | What they do | Where they process data |
|---|---|---|
| Supabase | Database hosting | Australia (ap-southeast-2, Sydney) |
| Fly.io | Application hosting (the AI agent) | Sydney (syd) |
| Vercel | Application hosting (dashboard and marketing site) | Sydney (syd1) |
| Twilio | Voice, WhatsApp and SMS routing | Australia (for AU inbound numbers) and United States |
| Anthropic | AI model that powers the agent (Claude) | United States |
| Deepgram | Speech-to-text transcription | United States |
| ElevenLabs | Text-to-speech for agent responses | United States |
| Clerk | Identity and authentication | United States |
| Stripe | Payment processing | United States |
| Resend | Transactional email delivery | Worldwide |
| Sentry | Error reporting | United States |
| Axiom | Log shipping | United States |
We choose providers whose terms commit them to handling personal information consistently with the Privacy Act and the APPs. Several providers process data outside Australia (mostly the United States). By using the Service, you consent to your personal information being transferred outside Australia for these purposes. We take reasonable steps to ensure these providers handle personal information consistently with the APPs.
- Legal disclosures — if we are required to disclose information by law, by a court order, or to investigate suspected fraud or violation of our terms.
- Business transfer — if our business is acquired or merged, we may transfer your personal information to the acquirer, subject to a privacy commitment at least as protective as this Policy.
We do not sell your personal information.
6. How long we keep it
We keep personal information only for as long as we need it for the purposes set out above, or as required by law.
| Type of information | Retention period |
|---|---|
| Transcripts of calls and messages | 18 months from the date of the interaction, then deleted |
| Audio recordings (only when the Customer Course has opted in) | 90 days from the date of the call, then deleted |
| Booking records | 7 years (for tax purposes and dispute resolution) |
| Customer Course account data | For the duration of the subscription, plus 30 days post-cancellation, then deleted (anonymised aggregate metrics may be retained) |
| Server logs and security records | 12 months |
| Marketing-site form submissions | 24 months unless you ask for earlier deletion |
When we delete personal information, we use commercially reasonable methods to overwrite or render it unrecoverable. Backups may persist for up to 30 additional days before being overwritten in normal rotation.
7. Call transcription, not call recording (default)
The Service uses generative AI to answer calls. To do this, the inbound audio is converted to text in real time (by Deepgram). The audio is not retained. What is retained is the text transcript, plus metadata about the call (when, how long, what language, what outcome).
A Customer Course may opt in to retaining audio recordings (in addition to transcripts). If they do, the AI agent will tell callers at the start of the call that audio recordings are kept. This is to make sure recording is never silent or surprising.
This Policy's references to "what was said" therefore mean the transcript by default, and the transcript plus the audio when recording is on.
8. Use of automated decision-making
The Service uses an AI model (Claude, by Anthropic) to interpret what callers say and decide how to respond. This is an automated process, but:
- the AI agent does not make decisions that have legal or similarly significant effects on you;
- booking requests are sent to Customer Course staff for human confirmation before they are final;
- you can ask to be transferred to a human staff member at any time, and the agent must offer this on first request without persuasion;
- if the agent makes a factual error (about hours, pricing, etc.), the Customer Course staff are responsible for correcting it through the dashboard and can override or remove the underlying knowledge-base entry.
We do not use your personal information to train third-party AI models. Our agreements with Anthropic and Deepgram restrict them from using inputs from our service to train their public models.
9. Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure, including:
- encryption in transit (HTTPS / TLS) and at rest (database encryption);
- role-based access controls;
- multi-factor authentication for staff accounts;
- audit logging of administrative actions;
- regional data residency in Australia for primary storage; and
- vendor due diligence and contractual privacy commitments.
No system is perfectly secure. If we become aware of a data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner and affected individuals in accordance with the Notifiable Data Breaches scheme.
10. Your rights
Under the Privacy Act, you have the right to:
- Access the personal information we hold about you;
- Correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading;
- Withdraw consent for certain uses, where the use is based on your consent;
- Complain if you believe we have breached the APPs.
To exercise any of these rights, email privacy@callproshops.com. We will respond within 30 days. If you are a caller and want to exercise rights in relation to information held by a Customer Course, you should usually contact the Customer Course directly — they are the primary controller of caller information they collect through us.
If you are not satisfied with our response to a privacy complaint, you can contact the Office of the Australian Information Commissioner (OAIC):
- Phone: 1300 363 992
- Website: oaic.gov.au
11. Children
The Service is intended for use by businesses operating pro shops. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top tells you when the latest version took effect. Material changes will be notified to Customer Course staff by email and posted on our website.
13. Contact us
For any privacy question or request:
- Email: privacy@callproshops.com
- Post: Privacy Officer, Snackable Media Pty Ltd, 9-13 Bronte Road, Bondi Junction, NSW 2022, Australia
What this Policy is, what it isn't
This Policy describes what Proshop AI does with personal information. If you are a caller who wants to know what a specific pro shop does with information about you separately, ask that pro shop for their own privacy policy. They are responsible for the personal information they collect about their customers; we are their service provider.