Privacy Policy

1. Scope of this policy

This policy applies to personal information we collect through:

• our website;
• enquiry forms;
• booking forms;
• audit/demo requests;
• emails, phone calls, and messages;
• sales and onboarding conversations;
• client implementation work;
• AI employee setup, management, monitoring, and support;
• content, video, image, social media, document, email, voice, CRM, and workflow automation services.

This policy applies to website visitors, prospects, clients, client team members, suppliers, contractors, and people whose information may be processed through a client’s AI employee workflow.

2. What Wharq does

Wharq provides managed AI employees for business workflows.

Depending on the client engagement, Wharq may help build AI employees that can:

• call or answer calls;
• transcribe conversations;
• summarise calls, meetings, videos, and documents;
• read and retrieve information from business files;
• draft emails and follow-ups;
• update CRMs, task boards, calendars, and spreadsheets;
• create reports;
• generate content ideas, captions, scripts, image prompts, video prompts, and social media workflows;
• analyse videos, Looms, Zoom recordings, screen recordings, podcasts, and internal training content;
• support social media and content workflows;
• report back with what happened and what needs attention.

Wharq is not intended to be used as an unmanaged, uncontrolled AI system. Our service is designed around role definition, business context, tool access, approvals, monitoring, and ongoing improvement.

3. The types of personal information we collect

The personal information we collect depends on how you interact with us.

3.1 Website and enquiry information

When you contact us, book a demo, request an audit, or submit a form, we may collect:

• name;
• email address;
• phone number;
• business name;
• website URL;
• industry;
• team size;
• business role or job title;
• location;
• biggest workflow bottleneck;
• tools currently used;
• message or enquiry details;
• booking details;
• preferred contact method;
• information about your business needs.

3.2 Booking and communication information

If you book a call or communicate with us, we may collect:

• booking times and calendar details;
• meeting notes;
• call notes;
• emails;
• phone numbers;
• messages;
• call recordings or transcripts, where used and permitted;
• information you choose to provide during sales, onboarding, support, or audit discussions.

We currently expect to use Cal.com or similar booking tools. We may also use other form, CRM, email, calendar, and scheduling tools.

3.3 Client workflow and implementation information

When we work with a client, we may process information required to design, build, connect, manage, and monitor an AI employee. This may include:

• emails;
• call recordings;
• call transcripts;
• CRM records;
• lead and customer enquiry details;
• names, phone numbers, email addresses, and contact details;
• documents, PDFs, policies, SOPs, contracts, notes, and briefs;
• internal business notes;
• calendar data;
• task-board data;
• Slack, Teams, WhatsApp, Telegram, or similar messages;
• video files, Looms, Zoom recordings, screen recordings, podcasts, or training videos;
• social media content, comments, posts, drafts, calendars, and analytics;
• image generation prompts and outputs;
• video generation prompts and outputs;
• reports, spreadsheets, dashboards, and operational summaries.

3.4 Technical and usage information

When you visit our website or interact with our systems, we may collect:

• IP address;
• browser type;
• device type;
• operating system;
• referring pages;
• pages viewed;
• approximate location;
• timestamps;
• cookie identifiers;
• analytics and advertising data;
• interaction data, such as form submissions and button clicks.

We may use analytics, advertising, retargeting, and website improvement tools including Google Analytics, Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, Google Ads tracking, Microsoft Clarity, Hotjar, or similar tools.

3.5 Sensitive information

Sensitive information may include health information, financial information, legal matter information, insurance details, identity documents, government identifiers, children’s information, or other information that receives higher protection under privacy law.

Wharq does not intentionally collect sensitive information unless it is reasonably necessary for a client workflow, legally permitted, and handled with appropriate controls. Where possible, clients should avoid providing sensitive information unless it is required for the agreed service.

4. How we collect personal information

We may collect personal information:

• directly from you when you submit a form, book a call, email us, call us, or message us;
• from your business or employer;
• from client systems that you or a client authorises us to access;
• from documents, emails, calls, videos, CRMs, calendars, task boards, communication platforms, and business tools connected to an AI employee;
• from third-party platforms used for booking, CRM, analytics, hosting, email, automation, AI processing, voice, content, and integrations;
• from publicly available sources, such as websites, social media profiles, company directories, public listings, and online content;
• from cookies and similar technologies.

5. Why we collect and use personal information

We collect and use personal information to:

• respond to enquiries;
• book and manage calls;
• assess whether Wharq is a fit for a business;
• conduct workflow audits;
• map business processes and bottlenecks;
• design, build, deploy, monitor, and improve AI employees;
• connect AI employees to approved tools and systems;
• enable phone, email, document, CRM, calendar, task, reporting, content, video, image, and social media workflows;
• produce transcripts, summaries, reports, drafts, and workflow outputs;
• provide support and troubleshooting;
• monitor performance, failures, usage, and workflow issues;
• improve our services;
• manage client relationships;
• send follow-up emails, newsletters, marketing communications, and service updates;
• add prospects and clients to our CRM or sales pipeline;
• run advertising, retargeting, analytics, and website optimisation;
• comply with legal, accounting, tax, security, and administrative obligations;
• protect our rights, systems, clients, users, and business.

6. AI processing

Wharq uses AI tools and automation platforms to provide its services.

Information processed through AI systems may include prompts, instructions, files, text, transcripts, summaries, emails, CRM information, call information, video-related content, social media content, and workflow outputs.

We do not intend to use client confidential information or client customer data to train public AI models. However, client information may be processed by third-party AI providers and infrastructure providers as required to deliver the service, subject to their own terms, privacy policies, security controls, and data processing practices.

Where reasonably available, we aim to use privacy-conscious settings, business or API plans, restricted access, and appropriate configurations for AI processing.

Clients should not provide information to Wharq or connect systems to an AI employee unless they have the right, authority, and consent to do so.

7. Client systems and our role as admin

Wharq’s role is generally to build, configure, manage, and improve the AI employee and its capabilities.

Where practical, client data should remain inside the client’s own systems, such as their email, CRM, cloud storage, calendar, task board, communication tools, or approved knowledge base.

For some clients, we may help create or maintain an Obsidian vault or similar knowledge base for the AI employee. This may contain business context, SOPs, workflows, instructions, summaries, and approved knowledge needed for the AI employee to perform its role.

Unless otherwise agreed, Wharq does not aim to hold a separate standalone copy of a client’s full customer database or business records. However, as an implementation and admin provider, Wharq may be able to access, view, process, route, troubleshoot, or configure information inside connected systems to the extent needed to provide the service.

Clients remain responsible for the information they choose to provide, upload, connect, or authorise Wharq to access.

8. Client responsibilities

Clients are responsible for ensuring that:

• they have the legal right to provide Wharq access to their systems and data;
• they have obtained any required consents from their customers, staff, contractors, suppliers, or other individuals;
• their own privacy policy and customer notices properly explain how data may be processed by AI tools, automation providers, and service providers;
• they do not provide unnecessary sensitive information;
• they comply with laws applying to their business, industry, and communications;
• they properly review and approve workflows before they are used in production;
• they make decisions about what should remain human-reviewed.

This is especially important where AI employees are used for phone calls, customer communication, emails, social media, documents, legal, finance, insurance, property, health, identity, or sensitive business workflows.

9. Calls, recordings, and transcripts

Where a client workflow includes voice, Wharq or the client’s AI employee may:

• make outbound calls;
• answer inbound calls;
• ask structured questions;
• qualify enquiries;
• record calls where lawful and configured;
• transcribe calls;
• summarise calls;
• create tasks or follow-up emails;
• update CRM or other systems;
• send reports to the client.

Call recording and transcription laws can vary depending on the location of the parties and the purpose of the call. Clients are responsible for ensuring that their call workflows, notices, consents, and scripts comply with applicable laws.

Wharq may help configure call notices or workflow controls, but the client remains responsible for the lawful use of calls, recordings, and transcripts in their business.

10. Content, image, video, and social media workflows

Where a client uses Wharq for content or social workflows, personal information may be processed in:

• social media posts;
• captions;
• comments;
• direct messages;
• content calendars;
• videos;
• images;
• scripts;
• ad concepts;
• prompts;
• briefs;
• performance reports;
• Looms, Zoom recordings, or other video files.

Clients are responsible for ensuring they have the rights to use any images, videos, brand assets, customer stories, testimonials, recordings, documents, or other materials provided to Wharq or connected to an AI employee.

11. Cookies, analytics, and advertising

We may use cookies, pixels, tags, analytics scripts, and similar technologies to:

• operate our website;
• understand website traffic;
• improve website performance;
• measure campaign performance;
• remember user preferences;
• run advertising and retargeting;
• understand how visitors interact with our website.

These tools may collect technical and usage data, including IP address, browser, device, pages visited, clicks, and similar activity.

You can disable or manage cookies through your browser settings. Some website features may not work properly if cookies are disabled.

12. Marketing communications

We may use personal information to:

• respond to enquiries;
• call prospects;
• send follow-up emails;
• send newsletters or promotional emails;
• add prospects and clients to a CRM or sales pipeline;
• retarget website visitors with ads;
• provide service updates.

You can unsubscribe from marketing emails using the unsubscribe link where provided or by contacting us at: privacy@wharq.com

We may still send non-marketing messages relating to services, security, transactions, support, or legal matters.

13. Who we disclose personal information to

We may disclose personal information to third parties where reasonably necessary for our business and services, including:

• AI model and AI infrastructure providers;
• voice and phone providers;
• automation and integration platforms;
• booking and calendar providers;
• email and messaging providers;
• CRM platforms;
• website hosting and security providers;
• cloud storage providers;
• analytics and advertising platforms;
• document, content, image, video, and social media tools;
• contractors, freelancers, sales partners, implementation partners, or support providers;
• professional advisers, such as accountants, lawyers, insurers, or consultants;
• payment, invoicing, and accounting providers;
• government authorities, regulators, courts, or law enforcement where required or permitted by law.

Current or potential service providers may include:

OpenAI, Anthropic, Google, Microsoft, Vapi, Twilio, Cloudflare, Google Workspace, Microsoft 365, Slack, Notion, Airtable, HubSpot, GoHighLevel, Trello, Asana, ClickUp, Monday, Make, Zapier, n8n, Composio, Firecrawl, Exa, Perplexity, Canva, Loom, YouTube, LinkedIn, Meta, TikTok, Cal.com, and other AI, hosting, automation, analytics, CRM, communication, productivity, content, and workflow providers.

Some providers may not be individually named in this policy because the exact tool stack can change depending on the client workflow, integration requirements, security needs, and service design. Where appropriate, specific providers may be listed in proposals, onboarding documents, implementation plans, or client agreements.

14. Overseas disclosure

Some of our service providers may store, process, or access personal information outside Australia, including in the United States, Europe, the United Kingdom, Singapore, and other regions.

By using our website or services, you acknowledge that personal information may be processed by overseas service providers where reasonably necessary for Wharq to provide its services.

We take reasonable steps to use reputable providers and appropriate configurations, but overseas providers may be subject to the laws of their own jurisdictions.

15. Data storage

Depending on the engagement, information may be stored or processed in:

• client systems;
• client-approved Obsidian vaults or knowledge bases;
• Google Drive;
• Microsoft OneDrive or SharePoint;
• Notion;
• Airtable;
• CRM platforms;
• email systems;
• call and transcription tools;
• automation platforms;
• social media and content platforms;
• Cloudflare;
• local devices;
• other cloud tools approved or required for the workflow.

Where practical, Wharq aims to keep client data inside client-controlled or client-approved systems rather than creating unnecessary copies.

16. Data retention

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including business, sales, service delivery, legal, accounting, security, and administrative purposes.

Website enquiry and prospect data: Website enquiry, booking, and prospect data may be kept while needed for business, sales, legal, and administrative purposes unless deletion is requested and we are legally able to delete it.

Client project data: Client project data is generally kept during the client relationship and may be deleted, returned, de-identified, or retained after offboarding depending on the client agreement, operational requirements, legal obligations, security requirements, backup processes, and support needs.

Where information remains in the client’s own systems, the client is responsible for retention and deletion inside those systems.

17. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Security measures may include:

• password-protected systems;
• limited access where practical;
• use of reputable third-party providers;
• two-factor authentication where available;
• access revocation when no longer required;
• separation of client workspaces or systems where practical;
• review of connected tools;
• secure configuration of workflows where practical;
• monitoring and troubleshooting of workflow issues.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

Wharq is not currently SOC 2 or ISO 27001 certified.

18. Data breaches

If we become aware of a data breach affecting personal information, we will assess the incident and take steps to contain, investigate, and respond to it.

Where required by applicable law, including the Notifiable Data Breaches scheme, we will notify affected individuals and/or the Office of the Australian Information Commissioner where a breach is likely to result in serious harm. The OAIC describes a data breach as occurring when personal information is lost or accessed or disclosed without authorisation, and covered organisations must notify affected individuals and the OAIC where a breach is likely to cause serious harm.

Clients must notify Wharq promptly if they become aware of any suspected unauthorised access, misuse, security issue, or data breach involving a Wharq-connected workflow, AI employee, integration, or tool.

19. Accessing or correcting your personal information

You may request access to personal information we hold about you.

You may also ask us to correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make a request, contact: privacy@wharq.com

We may need to verify your identity before responding. In some cases, we may refuse access or correction where permitted by law, such as where the request is unreasonable, unlawful, would affect another person’s privacy, or would reveal commercially sensitive information.

20. Deleting your information

You may request that we delete personal information we hold about you.

We will take reasonable steps to delete or de-identify personal information where we are legally and practically able to do so.

We may need to retain some information for legal, accounting, security, dispute resolution, backup, fraud prevention, service, or legitimate business purposes.

Where information is held inside a client’s systems, you may need to contact the relevant client directly.

21. Complaints

If you have a privacy concern or complaint, contact us first at: privacy@wharq.com

Please include enough detail for us to understand and respond to your concern.

We will aim to respond within a reasonable timeframe.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.

22. Third-party websites and platforms

Our website and services may link to or integrate with third-party websites, tools, platforms, and services.

We are not responsible for the privacy practices, security, or content of third-party providers. You should review the privacy policies and terms of any third-party services you use or authorise.

23. Children

Wharq provides business services and is not intended for children.

We do not knowingly collect personal information from children unless it is provided by a client as part of an authorised business workflow and handled in accordance with applicable law and client instructions.

Clients should avoid providing children’s information unless it is necessary, lawful, and appropriately authorised.

24. Changes to this policy

We may update this Privacy Policy from time to time.

The updated version will be posted on our website with a new “Last updated” date.

Your continued use of our website or services after changes are published means you accept the updated policy.

25. Contact us

For privacy questions, requests, or complaints, contact:

Wharq
Sydney, New South Wales, Australia
Website: https://wharq.com
Email: privacy@wharq.com