Privacy Policy

1. Who we are

2XNC Pty Ltd is an Australian company that provides an AI-powered customer support platform for appliance manufacturers and distributors. Our platform handles customer interactions across voice (IVR phone calls), web chat, and email on behalf of our clients.

For the purposes of data protection law, our clients are typically the data controllers (they determine the purposes and means of processing their customers' data), and we act as a data processor on their behalf. Where we collect data directly (e.g. client account registration), we act as a data controller.

2. Information we collect

From our clients: When you sign up for our platform, we collect your business name, registration number, contact details, product catalogues, service agent information, and any data you upload through the client portal.

From your customers (voice calls): When a customer calls a number powered by our platform, we collect the caller's phone number and generate a transcript of the conversation. The AI agent may also process spoken information such as names, addresses, and product details during the call. Voice audio is processed in real time and is not stored.

From your customers (web chat): When a customer uses the web chat, we collect the messages they type and any information they voluntarily provide (names, email addresses, product details).

From your customers (email): When email triage is enabled, we process inbound customer emails including sender address, name, and email body content. Draft replies are generated by AI and held for human review before sending.

From your customers (warranty): If a warranty booking is made, we collect the details provided: name, address, phone number, email, purchase information, and fault description. This data is stored on your behalf and accessible through your client portal.

3. How we use information

We use personal information solely to operate the platform on behalf of our clients:

• Routing and handling customer calls, chats, and emails
• Providing AI-powered product support from your knowledge base
• Logging warranty requests and service bookings
• Generating analytics and reports for your account
• Sending notifications (voicemail alerts, warranty confirmations)

We do not:

• Use your data to train AI models
• Sell or share personal information with third parties for marketing or advertising
• Use personal information for any purpose beyond delivering the contracted service

4. Data storage & security

We implement the following security measures to protect your data:

• Encryption in transit — all connections use TLS 1.2 or higher
• Encryption at rest — all stored data is encrypted using AES-256
• Access controls — tenant data is isolated; only authorised personnel can access customer data
• PII scrubbing — phone numbers, email addresses, and street addresses are automatically redacted from stored call transcripts
• Infrastructure — hosted on ISO 27001-certified cloud providers with ongoing monitoring
• Backups — automated database backups with point-in-time recovery

The specific data storage region and infrastructure details are documented in each client's data processing agreement.

5. Call recording & AI disclosure

A disclosure message is played at the start of every call before the caller is connected to the AI system. Our AI agents will acknowledge that they are an AI system when sincerely asked by a caller.

Voice audio is processed in real time and is not stored after the call ends. Post-call transcripts are generated, PII-scrubbed, and stored for a limited period (see Section 7).

6. Third-party services

We engage third-party service providers to deliver components of the platform, including cloud infrastructure, telephony, AI processing, and email delivery. These providers process personal information on our behalf under data processing agreements.

We take reasonable steps to ensure that all providers handle personal information in accordance with applicable data protection laws. A full list of sub-processors is available to clients upon request and is included in the data processing agreement.

7. Data retention

Upon termination of a service agreement, all remaining data is deleted or de-identified within 30 days, unless otherwise required by law or agreed in writing. You may request deletion of specific records at any time by contacting support@2xnc.org.

8. Your rights

You have the following rights in relation to your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate or incomplete information
• Deletion — request deletion of your personal information, subject to legal retention requirements
• Data export — request your data in a machine-readable format

For clients: You have full access to data collected on your behalf through the client portal.

For end customers: If you have interacted with our platform (called a phone number, used a chat widget, or sent an email), you may exercise your rights by contacting us at support@2xnc.org, or by contacting the business whose service you used.

Additional rights may apply depending on your jurisdiction. Jurisdiction-specific obligations are documented in each client's data processing agreement.

9. Cookies

We use a single session cookie to maintain your login on the admin and client portals. We do not use analytics, advertising, or tracking cookies. If this changes in the future, this policy will be updated accordingly.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to clients via email. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For all privacy enquiries, data access requests, or complaints, contact us at support@2xnc.org.

If you are not satisfied with our response, you may escalate your complaint to the relevant data protection authority in your jurisdiction.