Mr Vero
⟢ Legal · Effective 29 April 2026

Privacy Policy.

How Mr Vero collects, uses, stores, and discloses personal information when you use our platform. Mr Vero is a product of Teklabs Digital Pty Ltd.

This Privacy Policy describes how Mr Vero, a product of Teklabs Digital Pty Ltd ("we", "us", "our"), collects, uses, stores, and discloses personal information when you use the Mr Vero platform and related services ("the Service"). By creating an account or using the Service, you consent to the collection, use, and disclosure of personal information as described in this policy.

This policy complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, it also addresses requirements under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data protection laws.

1. Information we collect

We collect the following categories of personal information:

(a) Account Information. When you register, we collect your name, email address, phone number, business name, industry, job title, and billing information (including payment card details processed by our payment provider).

(b) Usage Data. We automatically collect data about how you interact with the Service, including pages visited, features used, session duration, click patterns, device type, browser type, operating system, IP address, referring URLs, and general geolocation (city or region level).

(c) AI Agent Data. When you deploy AI agents, we process data related to agent interactions, including call recordings, transcripts, message content, contact information for persons your agents communicate with, call outcomes, sentiment analysis, and agent performance metrics.

(d) Voice Data. We process audio recordings of all calls made by and to your AI agents. These recordings are used to provide the Service, generate transcripts, improve call quality, train and improve our AI models (subject to Section 3(d)), and for compliance monitoring.

(e) CRM and Integration Data. When you connect third-party systems (CRM platforms, email, calendars, databases), we access and process data from those systems as necessary to provide the Service. This includes reading, writing, modifying, and deleting records in your connected systems as directed by your AI agent configuration.

(f) Communication Data. We collect information from your communications with us, including support requests, feedback, survey responses, and correspondence.

(g) Onboarding Data. During onboarding, we collect information about your business, industry, target market, competitive landscape, and intended use of the Service to configure your AI agents.

(h) Derived Data. We generate derived data from your use of the Service, including analytics, performance metrics, benchmarks, usage patterns, and aggregated insights. Derived data is owned by Mr Vero as set out in our Terms of Service.

2. How we use your information

We use personal information for the following purposes:

  • Providing, operating, maintaining, and improving the Service
  • Processing and completing transactions
  • Configuring, deploying, and optimising AI agents on your behalf
  • Generating call transcripts, conversation summaries, and performance analytics
  • Improving the accuracy, reliability, and performance of AI models and agent capabilities
  • Developing new features, products, and services
  • Communicating with you about your account, service updates, new features, and promotional offers
  • Analysing usage patterns, benchmarking, and generating aggregated industry insights
  • Detecting and preventing fraud, abuse, misuse, and security threats
  • Monitoring compliance with our Terms of Service and Acceptable Use Policy
  • Complying with legal obligations, responding to legal process, and protecting our rights
  • Enforcing our Terms of Service and other agreements
  • Any other purpose disclosed at the time of collection or with your consent

3. AI processing and automated decision-making

The Service uses artificial intelligence to process data and make automated decisions.

(a) AI Model Providers. Your data is processed by third-party AI model providers (including OpenAI, Anthropic, and Google) to generate AI agent responses. These providers are located in the United States and process data under data processing agreements with us. By using the Service, you consent to this processing and acknowledge that data will be transferred to the United States for this purpose.

(b) Voice Processing. Voice calls are processed in real-time using AI speech models. Audio is transmitted to third-party providers in the United States for speech recognition, response generation, and transcript creation.

(c) Automated Decisions. AI agents make autonomous decisions about what to say, when to follow up, how to respond to contacts, and what actions to take in connected systems. These decisions are based on your configuration, the AI model's capabilities, and the context of each interaction. You are solely responsible for monitoring and reviewing these automated decisions.

(d) AI Model Training and Improvement. We use de-identified and aggregated data derived from your use of the Service to train, improve, and develop our AI models, algorithms, and related products. This data may include conversation patterns, interaction outcomes, and performance metrics. You may opt out of AI model training through Settings > Privacy > AI Model Training, or by submitting a request through our contact channel. Opt-out requests are processed within 30 days and apply prospectively only. Opt-out does not affect data already used for training prior to the opt-out request.

(e) Automated Decision-Making Transparency. In accordance with APP 1.7, the Service uses computer programs to make decisions that may significantly affect individuals. The types of personal information used include contact details, communication history, CRM data, and voice recordings. Categories of automated decisions include: lead qualification and prioritisation, call scheduling and follow-up timing, conversation responses and messaging content, CRM record creation and modification, and campaign performance optimisation.

4. Information sharing and disclosure

We share personal information in the following circumstances:

(a) Service Providers. We share data with third-party service providers who assist in operating the Service, including cloud hosting providers (Microsoft Azure, Amazon Web Services), AI model providers (OpenAI, Anthropic, Google), telecommunications carriers (Twilio), payment processors (Stripe), and analytics services.

(b) AI Agent Communications. When your AI agents make calls or send messages, recipient contact information and communication content are shared with telecommunications providers and AI model providers as necessary to complete the communication. You are responsible for ensuring lawful basis for these communications.

(c) Legal Requirements. We may disclose information when required or permitted by law, regulation, legal process, governmental request, or to protect the rights, property, or safety of Mr Vero, our users, or third parties.

(d) Business Transfers. In connection with a merger, acquisition, reorganisation, or sale of assets, personal information may be transferred to the acquiring entity. We will notify you of any such transfer.

(e) Aggregated and De-identified Data. We may share aggregated, anonymised, or de-identified data with third parties for any purpose, including industry benchmarking, research, marketing, and analytics. Such data does not identify any individual.

(f) With Your Consent. We may share information for purposes not described in this policy with your explicit consent.

We do not sell personal information that identifies you to third parties.

5. Cross-border data transfers

(a) Countries. Personal information is transferred to and processed in the following countries: Australia, the United States, and other countries where our service providers operate. Our primary overseas data recipients are located in the United States (OpenAI, Anthropic, Twilio, Amazon Web Services).

(b) Safeguards. In accordance with APP 8, we take reasonable steps to ensure overseas recipients handle personal information consistently with the APPs. These steps include entering into data processing agreements that require APP-equivalent protections, conducting due diligence on provider security practices, and monitoring compliance.

(c) Consent. By using the Service, you expressly consent to the transfer of your personal information to the countries listed above. You acknowledge that privacy laws in those countries may not provide the same level of protection as Australian law.

(d) EEA/UK Transfers. For transfers from the European Economic Area or the United Kingdom, we rely on Standard Contractual Clauses or equivalent mechanisms as required by applicable law.

6. Data storage and security

(a) Storage. Your data is stored on secure servers in Australia and the United States.

(b) Security Measures. We implement technical and organisational measures to protect personal information, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, audit logging, network segmentation, and regular security assessments.

(c) No Guarantee. While we take reasonable steps to protect your data, no method of electronic storage or transmission is completely secure. We cannot guarantee the absolute security of your information.

(d) Breach Notification. In the event of an eligible data breach under Part IIIC of the Privacy Act 1988, we will: (i) complete an assessment within 30 days of becoming aware of grounds to suspect a breach; (ii) notify the Office of the Australian Information Commissioner (OAIC); and (iii) notify affected individuals, including a description of the breach, the kinds of information involved, and recommended steps. We will also comply with the 72-hour ransomware payment reporting obligation where applicable.

7. Data retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Retention periods vary by data type:

(a) Account and Billing Data. Retained for the duration of your subscription plus 7 years for financial records as required by the Corporations Act 2001 and Taxation Administration Act 1953.

(b) Call Recordings. Retained for the duration of your subscription. You may delete individual recordings at any time through the Service. Recordings are deleted from active systems within 60 days of account termination.

(c) Call Metadata and Transcripts. Date, time, duration, phone numbers, and transcripts are retained for the duration of your subscription plus 12 months for compliance verification and dispute resolution.

(d) Contact and CRM Data. Processed on your behalf and retained for the duration of the relevant campaign or assignment. Deleted within 30 days of account termination or upon your instruction.

(e) Usage Data and Derived Data. Anonymised and aggregated usage data, analytics, benchmarks, and derived insights may be retained indefinitely. This data does not identify any individual and is owned by Mr Vero.

(f) System and Security Logs. Retained for 12 months for security monitoring, incident investigation, and APP 11 compliance.

(g) Post-Termination. Upon account termination, we retain your data for 30 days during which you may request an export. After this period, personal information is deleted from active systems within 60 days. De-identified data, aggregated analytics, backup copies subject to automatic retention cycles, and data we are required to retain by law may persist beyond this period.

(h) Destruction. When personal information is no longer required for any permitted purpose, we take reasonable steps to destroy it or ensure it is de-identified in accordance with APP 11.2.

8. Your rights

(a) Access (APP 12). You may request access to personal information we hold about you. We will respond within 30 days. We may charge a reasonable fee for providing access where permitted by law. We may refuse access where required or permitted by law (for example, where providing access would reveal commercially sensitive decision-making processes).

(b) Correction (APP 13). You may request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information. We will respond within 30 days. If we refuse to correct information, we will provide written reasons and notify you of available complaint mechanisms.

(c) Deletion. You may request deletion of your personal information. We will comply unless we are required to retain it by law, or the information is necessary for the establishment, exercise, or defence of legal claims.

(d) Data Portability. You may export your data at any time through the tools provided in your account during your subscription.

(e) Direct Marketing Opt-Out. You may opt out of receiving direct marketing communications at any time by using the unsubscribe mechanism in our communications, or by submitting a request through our contact channel. We will process opt-out requests within 5 business days.

(f) Withdrawal of Consent. Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

To exercise any of these rights, submit your request through our contact channel.

9. Your responsibilities

(a) Customer Data. Where you use the Service to collect, process, or store personal information about third parties (including your contacts, leads, and customers), you are responsible for: (i) ensuring you have a lawful basis for collecting and providing that information to the Service; (ii) providing required privacy notices under APP 5 to those individuals; (iii) obtaining any necessary consents for AI-generated communications, call recording, and data processing; and (iv) complying with all applicable privacy, telecommunications, and consumer protection laws.

(b) AI Agent Compliance. You are solely responsible for ensuring that AI agents deployed through your account operate in compliance with applicable law. This includes AI disclosure requirements, do-not-call register compliance, call recording consent, and any other obligations described in our Terms of Service.

(c) Accuracy. You are responsible for ensuring that personal information you provide to us is accurate and up to date.

10. Australian Privacy Principles compliance

In accordance with the Australian Privacy Principles:

  • APP 1 (Open and Transparent Management): This policy describes our personal information handling practices, including automated decision-making.
  • APP 3 (Collection): We collect only personal information that is reasonably necessary for our functions and activities, by lawful and fair means.
  • APP 5 (Notification): We notify individuals about the collection of their personal information at or before the time of collection, including the purposes of collection and usual disclosures.
  • APP 6 (Use and Disclosure): We only use and disclose personal information for the purposes described in this policy, purposes directly related to those purposes, or as otherwise permitted by law.
  • APP 8 (Cross-Border Disclosure): We take reasonable steps to ensure overseas recipients handle personal information consistently with the APPs. Primary overseas recipients are located in the United States.
  • APP 11 (Security and Destruction): We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. We destroy or de-identify personal information when it is no longer needed for any permitted purpose.
  • APP 12 (Access): Individuals may request access to their personal information.
  • APP 13 (Correction): Individuals may request correction of their personal information at any time.

11. Cookies and tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyse usage patterns and improve the Service
  • Measure the effectiveness of our communications
  • Detect and prevent security threats

You may control cookie settings through your browser. Disabling cookies may affect Service functionality.

12. Children's privacy

The Service is not intended for persons under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.

13. Third-party links and services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

14. Changes to this policy

We may update this Privacy Policy at any time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy. If you do not agree to the updated policy, you must stop using the Service.

15. Complaints

If you believe we have breached the Australian Privacy Principles or handled your personal information inappropriately, you may lodge a complaint by submitting a request through our contact channel. We will acknowledge your complaint within 5 business days and provide a response within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

16. Contact us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us via our contact channel.

Mr Vero is a product of Teklabs Digital Pty Ltd.
Queensland, Australia.

Effective Date: 29 April 2026

Last Modified: 29 April 2026