Privacy Policy

Last updated: August 4th, 2025

Your privacy is important to us. This Privacy Policy explains how WAF Solutions Pty Ltd, trading as Askable ("we", "us", or "our") collects, uses, and discloses personal information. This policy applies to our website (getaskable.com) and the services we provide (the "Service").

We distinguish between information we collect from our direct customers ("Customers") and information we process on their behalf about their end-users ("Contacts").

1. Information We Collect from Our Customers

When you register for and use Askable as a Customer, we collect and process the following personal information in accordance with APP 3 (Collection of solicited personal information):

  • Account Information: Name, email address, company name, job title, phone number, billing address, and avatar URL you provide
  • Authentication Data: Username, encrypted passwords, and security credentials
  • Billing Information: Payment details, billing history, and subscription information (processed by our payment providers)
  • Workspace Content: Knowledge Base articles, documents, bot configurations, inbox settings, and custom integrations you create
  • Usage Data: IP address, browser type, device information, pages visited, features used, time spent, and interaction patterns
  • Communication Data: Support tickets, feedback, survey responses, and other communications with us
  • Cookies and Tracking: Session identifiers, preferences, analytics data, and performance metrics

2. Information We Process on Behalf of Our Customers

Our Service helps you communicate with your Contacts. When you use our Service for your Contact data, you are the data controller and we act as a service provider processing data in accordance with your instructions.

Data About Your Contacts

  • Contact Information: Name, email address, phone number, avatar URL, and unique identifiers you assign
  • Conversation Content: Complete message history, file attachments, timestamps, and conversation metadata
  • Technical Data: IP address, user agent, browser information, device type, operating system, and referrer URLs
  • Session Information: Login times, session duration, geographic location (country/region level), and activity patterns
  • Custom Metadata: Any additional information you choose to store about Contacts and their interactions
  • AI Interaction Data: Queries sent to our AI systems, responses generated, and interaction quality metrics

3. Legal Basis for Collection and Use

We collect and use personal information in accordance with the General Data Protection Regulation (GDPR) and Australian Privacy Principles:

  • Contractual Performance (GDPR Art. 6(1)(b)): To provide our services and fulfill our obligations to you under our terms of service
  • Legitimate Interests (GDPR Art. 6(1)(f)): For service improvement, security, analytics, and business operations where reasonably expected or with your consent
  • Legal Requirements (GDPR Art. 6(1)(c)): To comply with EU, Australian laws and court orders
  • Consent (GDPR Art. 6(1)(a)): Where you have explicitly agreed to specific uses of your personal information

4. How We Use Personal Information

We use collected personal information for the following purposes, in accordance with APP 6:

  • Service Delivery: Provide, maintain, and improve our platform
  • AI-Powered Support: Enable our AI bots to respond to customer inquiries and provide automated assistance
  • Customer Support: Address technical issues and respond to inquiries
  • Security: Protect against fraud, abuse, and security threats (APP 11)
  • Analytics: Understand usage patterns and improve user experience
  • Communication: Send service updates, security alerts, and important notices
  • Billing: Process payments and manage subscriptions
  • Legal Compliance: Meet regulatory requirements and legal obligations

5. Disclosure of Personal Information

We may disclose personal information in accordance with APP 6 to:

  • Service Providers: Third-party vendors who assist with hosting, analytics, payment processing, and other business functions, subject to contractual privacy protections
  • Legal Requirements: When required by Australian law, court order, or government request
  • Business Transfers: In connection with mergers, acquisitions, or asset sales (with appropriate protections)
  • Your Instructions: As directed by you or your authorized representatives
  • Emergency Situations: Where disclosure is necessary to prevent serious threat to life, health or safety

We do not sell personal information to third parties or use it for advertising purposes.

6. Cross-Border Transfers of Personal Information

Personal information is primarily stored and processed within the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure adequate protection in accordance with GDPR Chapter V, including:

  • Adequacy Decisions: Transfers to countries with European Commission adequacy decisions (including UK, Switzerland, and other approved jurisdictions)
  • Standard Contractual Clauses (SCCs): EU-approved contractual safeguards with service providers in non-adequate countries
  • Cloud Service Providers: Located in countries with adequate privacy protections or bound by appropriate safeguards

All international transfers are subject to appropriate safeguards under GDPR Articles 44-49. We conduct transfer impact assessments where required and remain responsible for ensuring ongoing protection of your personal data.

7. Data Retention

We retain personal information in accordance with APP 11 as follows:

  • Customer Account & Service Data: For the duration of your account plus 1 year after termination (includes all conversations, knowledge base content, and configurations)
  • Usage and Analytics Data: For 2 years from collection
  • Billing Records: For 7 years as required by Australian taxation law
  • Support Communications: For 3 years from resolution

Personal information may be retained longer if required by Australian law or for legitimate business purposes such as fraud prevention or security incidents. We securely destroy or de-identify personal information when no longer required.

8. Your Privacy Rights

Under GDPR and the Privacy Act 1988, you have the following rights regarding your personal information:

  • Right of Access (GDPR Art. 15): Request access to your personal information we hold
  • Right to Rectification (GDPR Art. 16): Request correction of inaccurate, out-of-date, incomplete, irrelevant or misleading personal information
  • Right to Erasure (GDPR Art. 17): Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing (GDPR Art. 18): Limit how we process your personal data in certain situations
  • Right to Data Portability (GDPR Art. 20): Receive your personal data in a structured, machine-readable format
  • Right to Object (GDPR Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent (this may affect service provision)

For Customers: Contact us at privacy@getaskable.com to exercise these rights. We will respond within 30 days.

For Contacts: We process your personal information on behalf of our Customers. Please contact the Customer you interact with directly to exercise your rights. If you cannot identify the appropriate Customer, contact us and we will assist in directing your request.

9. Data Security

We implement reasonable security safeguards in accordance with APP 11 to protect personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and multi-factor authentication
  • Regular security assessments and monitoring
  • Employee training on privacy protection
  • Incident response procedures
  • Secure data destruction when no longer required

10. Data Breach Notification

Under the Notifiable Data Breach (NDB) scheme, if we experience a data breach likely to result in serious harm, we will:

  • Assess the breach within 30 days of becoming aware of it
  • Notify affected individuals as soon as practicable if serious harm is likely
  • Report the breach to the Office of the Australian Information Commissioner (OAIC)
  • Provide recommendations on steps you should take to protect yourself

11. Cookies and Tracking Technologies

We use essential cookies for service functionality and analytics cookies to improve our Service in accordance with APP 6. You can control cookie preferences through your browser settings. Disabling certain cookies may affect Service functionality.

12. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable Australian law. We will provide at least 30 days' notice of material changes by email and prominent notice on our website. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Complaints and Regulatory Authority

If you have a complaint about our handling of your personal information, please contact us first. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authorities:

For EU/EEA residents: Contact your local data protection authority. You can find your local authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

For Australian residents: Contact the Office of the Australian Information Commissioner (OAIC):

15. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

16. Accessibility

We are committed to making our privacy information accessible to all users. This policy follows Web Content Accessibility Guidelines (WCAG) 2.1 standards. If you need this policy in an alternative format or have accessibility concerns, please contact us at privacy@getaskable.com.