Skip to main content
Back to home
Tradie Pilot AI
Privacy

Privacy Policy

Last updated: 1 May 2026

Tradie Pilot AI is an AI-driven SMS receptionist for Australian tradies. This policy explains what personal information we collect, why we collect it, who we share it with, and the rights you have over it. It is written to satisfy the Australian Privacy Principles (APPs) under the Privacy Act 1988.

1. Who we are

Tradie Pilot AI is operated by Alisya AI (the "business", "we", "us", "our"). Our registered business details, including ABN, will be published on this page once the V1 entity is finalised. Until then, the contact channel is privacy@tradiepilot.ai.

In this policy, "tradie" means the business owner who subscribes to Tradie Pilot AI, and "customer" means the end customer who calls or texts the tradie's mobile number and receives a reply from our AI receptionist on the tradie's behalf.

2. What we collect

2.1 Information tradies give us when signing up

When a tradie submits the /free-trialform, we collect: full name, business name, mobile number, email address, and suburb. We use this to run the concierge onboarding call and to provision the tradie's dedicated AI mobile number.

2.2 Information collected automatically by the AI receptionist

When a customer calls the tradie's mobile and the call forwards to our service, or when a customer sends an SMS to the tradie's dedicated AI number, we receive: the customer's mobile number, the time of the call or message, and (for SMS) the text body of every message in the conversation. We do not record voice calls in V1 — the AI does not answer voice calls in V1.

2.3 Information our systems generate

In the course of replying, the AI generates: a classification (emergency vs standard vs spam vs out-of-hours), a generated outbound SMS body, a safety tip selected from our vetted library, and operational metadata (timestamps, latency, error codes). This metadata is stored against the conversation thread.

2.4 Unsolicited information

If a tradie or customer sends us information we did not ask for (for example, by forwarding a screenshot or a third party's contact details by accident), we will, where it is lawful and reasonable to do so, destroy or de-identify that information within 30 days of becoming aware of it.

3. Anonymity option

Australian Privacy Principle 2 entitles you to deal with us anonymously or under a pseudonym where it is practicable to do so. For Tradie Pilot AI it is not practicable: the entire purpose of the service is for the tradie to reply to a real customer at a real phone number. We cannot provide the service without the customer's phone number and the tradie's identity.

4. How we use your information

4.1 Primary purpose

We use the information to deliver the service the tradie pays for: receive the missed-call event, send a first-response SMS to the customer on the tradie's behalf, run AI emergency triage on inbound replies, and surface the conversation in the tradie's inbox.

4.2 Related secondary purpose

During the concierge-onboarding window, we send a real-time email + SMS notification to the founder when a new tradie lead lands on the /free-trial form. This is so the one-business-hour callback promise on the form is keepable. Tradies signing up to the service would reasonably expect this.

4.3 Direct marketing

We do not direct-market to your end customers. We may send service-improvement updates by email to tradies who have signed up. Every such email contains a one-click unsubscribe.

5. Who we share it with

We share information with the third-party service providers listed below. Each is bound by contract to handle the data only for the purpose described.

  • Twilio (Sydney, Australia): provisions the tradie's dedicated AU mobile number, receives missed-call and inbound-SMS webhooks, and sends outbound SMS. Twilio holds the customer's phone number and SMS bodies in its au1 region.
  • Google Vertex AI Gemini (Sydney, Australia): receives the inbound SMS body for emergency-triage classification and reply generation. Hosted in australia-southeast1; data does not leave Australia.
  • Amazon Web Services (Sydney, Australia, ap-southeast-2): hosts the persistence layer (DynamoDB conversation table), authentication (AWS Cognito), and Lambda compute for the lead form and tradie inbox.
  • n8n (self-hosted at n8n.alisya.ai): orchestrates the SMS conversation flow (webhook receive, classifier call, outbound send, persistence write). The hosting region is verified as AU-compliant before any production tradie workflow runs.
  • Resend (United States): sends the founder-notification email when a new lead lands on the /free-trial form. Disclosed in §6 below.
  • Cloudflare (global edge, Australian termination): hosts the marketing site (tradiepilot.ai) and provides DNS, edge caching, and TLS termination.

We do not sell personal information to any third party.

6. Cross-border disclosure

Australian Privacy Principle 8 requires us to disclose any cross-border transfer of personal information. In V1, the only cross-border processor is Resend (United States), used for transactional email to the founder.

The data class shared with Resend is:

  • The lead's name, email address, mobile number, and suburb.
  • The lead's submitted business name.
  • The submission timestamp.

Customer SMS bodies, conversation transcripts, and AI replies are never sent to Resend. Those stay in AU-region services (Twilio au1, DynamoDB ap-southeast-2, Vertex AI australia-southeast1).

The safeguards we rely on for this transfer are: encryption in transit (TLS), Resend's contractual data-protection terms, and the limited data class above.

7. Your rights

You have the right to:

  • Ask us what personal information we hold about you (APP 12).
  • Ask us to correct any personal information that is wrong or out-of-date (APP 13).
  • Ask us to delete personal information we no longer need to retain.
  • Withdraw any consent you have given (this may end the service if the consent was required to deliver it).
  • Complain to us, and if not satisfied, to the Office of the Australian Information Commissioner (OAIC).

Email privacy@tradiepilot.ai and we will respond within 30 days. We do not charge for these requests.

8. Security

We protect personal information using the controls documented in docs/SECURITY_BASELINE.md in our public source repository. Highlights:

  • TLS 1.2+ on every customer-facing endpoint.
  • Encryption at rest in DynamoDB and inside Twilio's infrastructure.
  • IAM scoping per environment; no shared admin credentials; no per-user database root credentials.
  • Per-tradie isolation tests gate the conversation persistence layer before launch.

No system is completely secure. If we ever detect a breach affecting your information, we will notify you under the Notifiable Data Breaches scheme.

9. Cookies and analytics

The marketing site (tradiepilot.ai) does not set tracking cookies in V1. We do not use Google Analytics, Meta Pixel, or any third-party analytics that profile individual users. We may add a privacy-respecting analytics tool in the future; if we do, this policy will be updated and the change announced on the site.

The tradie inbox (when launched, P1.8 in our roadmap) will use a session cookie issued by AWS Cognito to keep tradies signed in. This is strictly necessary for the service to function.

10. How long we keep it

  • Lead form submissions: kept for 24 months from submission, then deleted, unless the tradie became a customer (in which case it forms part of the customer record and is retained while the subscription is active plus 7 years for ATO record-keeping).
  • Customer SMS conversations: kept for 24 months in DynamoDB by default, then deleted via table TTL, unless the tradie configures a longer retention for business-record reasons.
  • Operational logs (CloudWatch, Sentry): kept for 90 days.
  • Founder-notification emails (Resend): retained inside Resend per Resend's own retention policy; the underlying data also exists in DynamoDB and is governed by the lead retention rule above.

11. Updates to this policy

We update this policy when our data flow, vendor list, or pricing changes in a way that materially affects what is described here. The "Last updated" date at the top of this page reflects the most recent change. Material changes are announced on the marketing site at least 14 days before they take effect.

12. Contact and complaints

For any privacy question, request, or complaint, email privacy@tradiepilot.ai.

If we cannot resolve your complaint to your satisfaction, you can escalate to the Office of the Australian Information Commissioner (OAIC):

  • Web: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001