Chirp Labs Privacy Policy

Chirp Labs Pty Ltd (ABN 33 675 585 387) (we, us or our) respects your right to privacy and is committed to safeguarding the privacy of our customers and website visitors (you or your). This policy sets out how we collect and treat your personal information.

Scope

This Privacy Policy applies to:

• Users of our platform and services;
• Prospects who we may send marketing emails to; and
• Our staff and applicants for roles at Chirp Labs.

This Privacy Policy also describes how we process the personal information of individuals who our own clients add to the Chirp Labs platform as part of our services. This only covers our use of that personal information and not our clients' use. If you are one of those individuals you may need to ask our clients about how they process your data.

1. We Respect Your Privacy

We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and where applicable, the UK and EU General Data Protection Regulation (GDPR). This Privacy Policy sets out our commitment to protecting your personal information provided to us, or collected by us, when interacting with you.

Personal information is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

2. What Personal Information Is Collected

We will, from time to time, collect and store personal information about you when you interact with our website and services. The types of personal information we may collect about you include:

• basic identifying and contact information, such as your name, job title, company, email or phone number;
• sales correspondence made through the communication channels that our clients have approved for us to have access to;
• details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you;
• information you provide to us when you participate in any interactive features, including surveys, feedback forms, contests, promotions, activities or events;
• your preferences in receiving marketing from us and our third parties and your communication preferences;
• if we need to verify your identity (for example, because we have a legal obligation to do so), your government-issued identification and proof of address documents;
• if you access any software or websites we make available to you, details about your use of such platforms, which may include username and password details, your internet protocol (IP) address, your search queries or browsing behaviour (including through the use of cookies, tracking pixels, and other analytics tools);
• where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience, or whether you hold required authorisations or licences (if applicable); or
• where necessary for security purposes, we may collect and use information that is publicly available (including information accessible via search engines or public social media platforms), as well as images, physical descriptions and other relevant information, to the extent reasonably required to identify, assess or respond to a credible security threat to our employees, events or premises.

3. How We Collect Your Personal Information

Chirp Labs Pty Ltd collects personal information from you in a variety of ways, including:

• when you provide it directly to us, including face-to-face, over the phone, over email or online;
• when a client has given us permission to access its sales correspondence and communication (e.g. emails, messages, transcripts of phone calls and voicemails or WhatsApp messages) between itself and its prospects / clients;
• from publicly available sources, e.g. your job title and the company you work for;
• when you complete a form, such as registering for any events or newsletters, or responding to surveys;
• when you use any software or website we operate and make available to you (including from any analytics and cookie providers or marketing providers — see the "Cookies" section below for more detail on the use of cookies); or
• from publicly available sources.

By providing us with personal information, you consent to the supply of that information for the specific purposes outlined in this Privacy Policy. You may withdraw your consent at any time by contacting us at privacy@trychirp.com, however this may affect our ability to provide services to you.

If you provide us, our service providers or our affiliates with any personal data relating to other individuals, you:

• represent that you have the authority to do so,
• where required, have obtained their necessary consent(s) to share their personal data with us for processing, and
• acknowledge and accept that it may be used in accordance with this Privacy Policy.

4. How We Use Your Personal Information

We collect, hold, use and disclose your personal information for the following purposes:

• to provide you with products and services during the usual course of our business activities;
• our services analyse sales and related correspondence and communications (e.g. emails, messages and transcripts of phone calls) with individual prospects of our clients to create a sentiment and sales signal score, and then our service is able to identify pain points in the deal and to recommend the next course of action to our clients;
• to support, patch and de-bug our services, including in any support tickets submitted to us;
• to administer our business activities, including for our internal record keeping, administrative and billing purposes;
• to manage, research and develop our products and services — but we do not use identifiable personal information to train our large language models or other AI, and we do not use identifiable data to test our services;
• for advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you;
• for analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms;
• to produce and publish analysis and reports on usage and trends we see in our services, but nothing that identifies our clients or their clients/prospects will be disclosed in any published analytics or report;
• communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS or mail;
• investigate any complaints;
• if you have applied for employment with us, to consider your employment application; and
• to comply with our legal obligations or if otherwise required or authorised by law.

Our processing of personal data includes automated processing using artificial intelligence to help inform and advise our clients of next steps in their commercial dealings with their prospects. The service does not make any decisions; the decisions are made by the users of our service.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

5. Disclosure of Your Personal Information

We will only disclose personal information (excluding sensitive information) to third parties where it is necessary as part of our business, where we have your consent, or where permitted by law. This means that we may disclose personal information (excluding sensitive information) to:

• our employees, contractors and/or related entities;
• IT service providers, data storage, web hosting and server providers;
• (limited to Chirp's own clients' and prospects' data) marketing or advertising providers;
• professional advisors, bankers, auditors, our insurers and insurance brokers;
• (limited to Chirp's own clients) payment systems operators or processors;
• our existing or potential agents or business partners;
• if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser's advisers and may be among the assets transferred;
• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
• third parties to collect and process data, such as analytics providers and cookies; and
• any other third parties as required or permitted by law, such as where we receive a subpoena.

6. Lawful Grounds of Processing

Where we process your personal information, we must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

We will only process your personal information for the lawful reasons that we have collected it in accordance with this Privacy Policy. If you are a user of our services then we will always ask for your approval before accessing any communication channels that you use with your prospects. We are processing our client's personal data to fulfil our contracts with them, and we have a legitimate interests to process the personal data of prospects of our clients when performing and improving our services. If you are a prospect / client of our own clients then our lawful ground is our legitimate interests.

We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin.

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

To the extent the UK or EU GDPR applies to our processing of personal information, we will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

7. Hosting and International Data Transfers

Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include, but are not limited to, the USA.

We and our other group companies have offices, facilities, suppliers and contractors in Australia and the USA, and we may store or disclose your personal information to entities in those countries for the purposes of hosting, support and de-bugging any issues with the service. Some of our staff are based abroad and they may be able to securely access personal information for support and de-bugging purposes.

Transfers to each of these countries will be done in accordance with applicable laws and based on assessments by us of the security and contractual protections that the recipients offer. Where applicable the transfer will be made using the standard data protection clauses adopted or approved by the European Commission and the UK Information Commissioner's Office.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

8. Security of Your Personal Information

Chirp Labs is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors have contracted with us, and have adequate technical and organisational measures in place to protect personal information against unauthorised use, loss and theft.

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

9. Your Rights and Controlling Your Personal Information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us or allow us to connect to your communication channels, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information or access to communication channels to us, however, if you do not, it may affect our ability to provide the services to you.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person's consent to provide the personal information to us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Deletion: If you are a resident of a jurisdiction with a data deletion right (e.g. the UK, EU and certain US states) then you can contact us to request us to delete all personal information we hold about you and we will delete that personal information within a reasonable time.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

We may ask you to verify your identity before acting on any of your requests.

10. Retention of Your Personal Information

When performing our services, the personal information within correspondence between our clients and their sales prospects (e.g. emails, messages and transcripts of phone calls) is analysed by our proprietary AI technologies, and then the correspondence itself is deleted immediately from our systems. We then only retain the output of the AI analysis, and we store that in accordance with the remainder of this policy.

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of providing our services and satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

If you are a client of ours then you can request us to delete all personal information about your prospects and staff (other than what is needed for administrative records) when your contract with us is at an end.

11. Complaints About Privacy

If you have any complaints about our privacy practices, please feel free to send in details of your complaints to privacy@trychirp.com. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.

12. Changes to Privacy Policy

Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.

13. Cookies and Tracking Pixels

What we use:

• Cookies — small files we deploy on your devices that remember you when you visit our website again; and
• Tracking pixels — tiny invisible images in web pages and emails that tell us when they're viewed.

What these do:

• Cookies help us improve your website experience and show you relevant ads on our site and other websites you visit; and
• Cookies do not collect personal information by themselves, but may be linked to personal information you choose to share with us.
• Unlike cookies, tracking pixels do not store any information on your device, but instead send information to our servers when the pixel is loaded.

Your choices:

You can block cookies and tracking pixels through your browser settings or ad-blocking extensions. However, this may affect how well our website works for you and limit personalised content.

Third party sites:

Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Chirp is not responsible for the privacy practices of other such websites. We encourage you to read the privacy statements of these third party websites.

14. Use of Artificial Intelligence (AI)

Our business operations and the provision of our services relies on our proprietary artificial intelligence and machine learning technologies (AI Technologies). We will only use AI Technologies when legally permitted and necessary for our business operations.

We do not use any data obtained from Google Calendar or Gmail APIs to develop, improve, or train AI Technologies. Data accessed from Google Calendar and Gmail is used solely to provide and enhance the specific features and services of our application and is handled in accordance with Google's Limited Use requirements.

We may use personal information within AI Technologies for the following purposes:

• to provide our services to our clients;
• to improve and optimise our services and operations;
• to automate certain processes and communications, such as routine tasks;
• to personalise your experience with our services;
• for quality assurance purposes; and
• to assist with customer support and queries.

Your Rights and our Commitments: We will treat information generated or inferred by the AI Technologies about individuals as personal information and you maintain all rights over your personal information as outlined in this Privacy Policy, regardless of whether AI Technologies are used in processing.

When using AI Technologies with your personal information:

• Transparency and control: we will inform you when AI Technologies are being used to make decisions that may significantly affect you. We will implement processes to verify the accuracy of AI-generated outputs and we will take reasonable steps to maintain human oversight and review of significant AI-generated decisions. Our staff are trained to understand the limitations of AI systems and verify outputs before they are relied upon; and
• Security: we implement appropriate technical and organisational measures to ensure that our use of AI Technologies maintains the security and integrity of your personal information. This includes regular testing and monitoring of AI outputs for accuracy and reliability; and
• Risk mitigation: we regularly assess and document the risks associated with our use of AI Technologies in processing personal information and implement appropriate mitigation measures. This includes ongoing monitoring of AI Technologies and regular reviews of their performance and impact.

15. Last Updated

This policy was last updated on 3 February 2026.