Effective: May 21, 2026. At Trillet, your privacy is our priority. Our policy explains how we collect, use, and protect your data with full transparency.
This Privacy Policy explains how Zerodue AI Pty Ltd (ABN 62 681 053 789; ACN 681 053 789), trading as Trillet AI, collects, uses, discloses, stores, transfers, and protects personal information in connection with Trillet's websites, hosted platform, AI voice-agent services, messaging services, integrations, APIs, templates, white-label tools, implementation services, support services, and related services.
In this Privacy Policy, "Trillet," "we," "us," and "our" refer to Zerodue AI Pty Ltd trading as Trillet AI. "Customer," "you," and "your" refer to the person or organization that uses our Services or whose information we process.
This Privacy Policy should be read together with our Terms of Service and any applicable Order Form, statement of work, Regulated Customer Addendum, data-processing agreement, business associate agreement, security addendum, service-level agreement, or other written agreement.
This summary is provided for convenience. The full Privacy Policy below controls.
This Privacy Policy applies to personal information processed in connection with:
This Privacy Policy does not apply to third-party websites, platforms, applications, or services that are not controlled by Trillet, even if they are linked from or integrated with the Services.
Trillet may process personal information in different roles depending on the context.
For account administration, billing, website analytics, sales, support, security, direct marketing, product operations, and our own business operations, Trillet generally acts as the organization responsible for deciding how and why that information is processed.
For personal information submitted by Customers into the Services, including End User call data, messaging data, CRM data, routing data, knowledge-base data, and workflow data, Trillet generally processes that information on behalf of the Customer to provide the Services. In those cases, the Customer is responsible for determining the lawful basis, notices, consents, retention needs, disclosure wording, and processing instructions.
Where privacy laws use terms such as "controller," "processor," "business," "service provider," "contractor," or similar concepts, those roles depend on the applicable law and the specific use case. If a Regulated Customer Addendum, data processing agreement, business associate agreement, or similar agreement applies, that agreement controls for the data and use case it covers.
We collect personal information directly from you, automatically through your use of the Services, from Customers, from End Users who interact with AI Agents, from connected systems, from service providers, and from authorized third-party or public sources.
We may collect names, business names, email addresses, phone numbers, job titles, account credentials, company information, billing contacts, administrative contacts, support contacts, user roles, workspace details, and similar information.
We may collect billing addresses, payment status, subscription details, plan details, invoices, usage records, tax information, transaction history, refund history, failed-payment information, and related billing records. Payment-card details are processed by our payment processors and are not stored directly by Trillet unless expressly stated.
Customers may submit or authorize us to process information such as scripts, prompts, knowledge-base materials, documents, websites, customer records, leads, phone numbers, email addresses, CRM records, calendar data, ticketing data, routing rules, escalation contacts, on-call rosters, service-area data, business rules, campaign records, consent records, and integration credentials.
Depending on the workflow and configuration, the Services may process call recordings, audio, transcripts, messages, chat logs, SMS content, MMS content, WhatsApp content, Messenger content, email content, call summaries, post-call notes, call duration, call frequency, caller ID, recipient numbers, routing events, transfer events, voicemail events, timestamps, call dispositions, opt-out events, consent events, and related metadata.
The Services may generate AI Output such as responses, call summaries, classifications, routing decisions, recommended actions, structured fields, CRM notes, ticket notes, appointment records, alerts, analytics, quality signals, and workflow logs. Ownership of AI Output is addressed in our Terms of Service.
If a Customer connects Trillet to a Customer System or third-party integration, we may receive or process information from that system, such as CRM records, calendar availability, appointment data, ticket information, customer profiles, call history, payment status, account status, authentication status, service history, or other data made available through the integration.
We may collect information about website and platform use, including IP address, browser type, device type, operating system, pages viewed, referring pages, links clicked, session activity, feature usage, API usage, logs, error reports, performance data, approximate location derived from IP address, and similar technical data.
We may use cookies, pixels, local storage, analytics tools, advertising tools, session replay tools, conversion tracking, and similar technologies to operate the website, remember preferences, secure accounts, understand usage, improve performance, measure marketing campaigns, support advertising, and detect abuse where permitted.
Browser settings may allow you to block or delete cookies. Some parts of the Services may not work properly without certain cookies.
If you contact us, book a demo, join a call, complete a form, send an email, join a community, respond to a survey, attend an event, or communicate with our team, we may collect the content of those communications and related metadata.
If a Customer authorizes us to create or enrich an AI Agent using public or Customer-provided sources, we may process information from websites, public business listings, public business directories, documents, and other Customer-provided sources.
We do not scrape social media platforms, gated content, or sources that prohibit programmatic access through their published terms. Where access to a third-party platform is required (for example, to read business listings on a platform with an official API), the Customer must provide credentials and authorize access through that platform's official mechanism.
Customers are responsible for ensuring they have the right to authorize processing of the sources they provide. Trillet may decline to access, ingest, or use sources that appear restricted, unlawful, unreliable, technically unstable, or likely to create legal, security, or operational risk.
We process sensitive or regulated information only where the use case is authorized by a written agreement, such as a Business Associate Agreement for protected health information, a Regulated Customer Addendum for restricted regulated uses, or a separate signed schedule for biometric, payment-card, or other restricted categories.
Customers must not submit sensitive or regulated information outside an authorized use case. Submission of sensitive or regulated information without the applicable written agreement is a breach of the Terms of Service.
We may collect personal information from:
We use personal information for the following purposes:
We may use Customer Data, call data, transcripts, summaries, AI Output, and related workflow data to provide, secure, support, troubleshoot, maintain, and operate the Services for the Customer.
We may use aggregated, anonymized, or de-identified data derived from use of the Services for analytics, benchmarking, security, product improvement, and business purposes, provided it does not identify a Customer, Customer's clients, or any individual.
Trillet does not use Customer Data to train or fine-tune any model, including Trillet models, third-party models, foundation models, or generalized models, unless Customer permits that use through account settings, an Order Form, or another written agreement. Trillet imposes contractual restrictions on material AI subprocessors prohibiting use of Customer Data for training generalized models without Customer's express opt-in.
We may use operational telemetry, error reports, abuse signals, security signals, and de-identified performance data to operate, secure, and improve the Services. Identified operational data is used only for service delivery, security, abuse detection, and platform protection, not for general feature development.
Customer-specific AI Agents, prompts, workflows, knowledge bases, and integrations may be tuned, corrected, or improved as part of providing services to that Customer.
The Services may be used to make or support automated or AI-assisted decisions, depending on how a Customer configures a workflow.
Examples may include routing a call, prioritizing an inquiry, classifying urgency, determining whether to escalate to a human, summarizing a conversation, identifying a likely service category, scheduling an appointment, creating a ticket, sending a notification, or writing information to a Customer System.
Customers decide which workflows to deploy, what data to use, which actions an AI Agent may take, and whether human review is required. Customers are responsible for determining whether a workflow involves decisions that significantly affect an individual's rights or interests and for providing any notices, human review, appeal rights, or other safeguards required by law.
Where the Services constitute an AI system under applicable AI-specific regulation, including the European Union Artificial Intelligence Act, Trillet may have provider obligations independent of Customer's deployer obligations. Trillet will meet such obligations as applicable, including transparency obligations under Article 50 of the EU AI Act where the Services are deployed to interact with end users.
For Trillet's own operations, we do not use automated decision-making to make decisions that produce legal or similarly significant effects about individuals without appropriate notice and safeguards.
We may share personal information as described below.
We may share personal information with vendors, service providers, contractors, and subprocessors that help us provide the Services. These may include cloud hosting providers, telephony providers, SMS and messaging providers, speech-to-text providers, text-to-speech providers, large-language-model providers, analytics providers, customer-support tools, payment processors, security vendors, email providers, logging tools, and professional advisors.
We require service providers to process personal information only as necessary to provide services to us or as otherwise permitted by law and applicable agreements. For material AI subprocessors that process Customer Data, we additionally require contractual prohibitions on training generalized models on Customer Data without Customer's express opt-in.
A current list of material subprocessors is maintained at our Trust Center at security.trillet.ai. We will provide notice of material subprocessor changes through the agreed notice method where required by an applicable data processing agreement.
If a Customer connects Trillet to a Customer System or third-party integration, we may share information with that system as necessary to provide the configured workflow. For example, the Services may create CRM notes, update tickets, check calendar availability, send alerts, create summaries, or write call outcomes to a connected system.
If an Agency Customer manages a sub-account, client workspace, or white-label deployment, information may be visible to or processed by that Agency Customer and its authorized users. End Users of an agency-managed deployment should contact the relevant agency or business for questions about that deployment.
We may disclose or transfer personal information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, due diligence process, or similar transaction, subject to commercially reasonable confidentiality protections.
We may disclose personal information if we believe disclosure is necessary or appropriate to comply with law, legal process, regulation, court order, subpoena, government request, carrier request, platform request, or law-enforcement request, or to protect the rights, property, safety, security, or integrity of Trillet, Customers, End Users, third parties, carriers, platforms, or the Services.
We may share personal information with your consent or at your direction, including where you authorize an integration, request support, invite users, configure alerts, or instruct us to send data to a third party.
We may share personal information with our corporate affiliates where necessary to provide, support, sell, or improve the Services, subject to confidentiality obligations and applicable law. We do not share personal information with business partners for those partners' independent marketing or business purposes without your consent.
Mobile phone numbers, SMS consent records, and text-messaging opt-in data will not be shared with third parties or affiliates for their independent marketing or promotional purposes.
We may share mobile information with service providers and carriers as necessary to deliver messages, operate the Services, comply with law, prevent fraud or abuse, honor opt-outs, and provide support.
This section does not authorize Customers to send SMS or messaging communications to End Users. Customers remain responsible for obtaining and maintaining all required consents and for honoring opt-outs and applicable messaging rules.
Customers are responsible for privacy compliance in their own workflows and deployments.
Customers must:
Trillet may provide tools that support privacy and compliance, but Trillet does not determine Customer's legal obligations and does not guarantee that Customer's workflows are compliant.
The Services may record, transcribe, monitor, analyze, summarize, and store calls and messaging interactions depending on Customer configuration and applicable plan features.
Customers are responsible for determining whether call recording, monitoring, transcription, and AI analysis are lawful for their use case and jurisdictions.
Customers are responsible for providing recording notices, obtaining consent, approving call greetings, approving AI disclosures, configuring retention, and managing access controls.
If you are an End User interacting with an AI Agent, the business or agency that deployed that AI Agent is generally responsible for the call flow, disclosures, consent, and use of the resulting data. You may contact that business directly for questions about its privacy practices.
We process sensitive or regulated information only under an executed written agreement that authorizes the specific use case, as described in Section 4.11.
Healthcare Customers must not use the Services to create, receive, maintain, or transmit protected health information under HIPAA unless Trillet has executed a Business Associate Agreement and the applicable Order Form identifies the HIPAA-covered workflow.
For payment-card workflows, Customers must use approved payment processors and must not cause payment-card data to be spoken, stored, transcribed, logged, or processed through the Services unless expressly authorized in a signed PCI schedule.
For biometric workflows, including speaker verification, voiceprints, voice authentication, and biometric template creation, Customers must execute an Order Form expressly authorizing the workflow and provide documented notice, consent, retention, and jurisdiction-specific instructions before submission.
For regulated industries, Customers are responsible for determining whether the Services are appropriate for their compliance obligations and for implementing required human review, audit, retention, consent, access, and security controls.
Trillet is based in Australia, and the Services may be provided using systems, personnel, vendors, and service providers located in Australia, the United States, and other countries.
Personal information may be transferred to, stored in, accessed from, or processed in countries other than the country where it was collected. Those countries may have privacy and data-protection laws that differ from your jurisdiction.
When Customer Data is transferred from the European Economic Area, United Kingdom, or Switzerland to a country without an adequacy decision, Trillet uses the European Commission's Standard Contractual Clauses (Module 2 controller-to-processor and Module 3 processor-to-processor, as applicable) as the standard transfer mechanism. Where Trillet's material subprocessors are self-certified under the EU-U.S. Data Privacy Framework, UK Extension, or Swiss-U.S. Data Privacy Framework, those certifications may provide additional safeguards within the transfer chain. Other safeguards including vendor assessments, transfer impact assessments, and other legally recognized transfer mechanisms may apply as required by the applicable data processing agreement.
Customers are responsible for determining whether their own use of the Services requires additional transfer notices, transfer safeguards, data residency commitments, or customer-specific agreements.
We retain personal information for as long as reasonably necessary to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, maintain security, support business operations, and fulfill the purposes described in this Privacy Policy.
Retention periods vary depending on the type of data, account settings, plan, Customer instructions, legal requirements, backup cycles, and applicable Order Forms or SOWs.
Typical retention practices include:
We may retain backup copies for a limited period after deletion from active systems.
We use commercially reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.
Security measures may include access controls, encryption, logging, monitoring, authentication controls, vendor controls, internal security procedures, network protections, and incident-response processes. Current security evidence is available through Trillet's Trust Center at security.trillet.ai or on request through Trillet's standard diligence process.
No system is perfectly secure. We cannot guarantee that unauthorized access, cyber incidents, data loss, or service interruptions will never occur.
Customers are responsible for managing user access, protecting credentials, limiting permissions, approving integrations, configuring security settings, and maintaining appropriate security practices for their own users, devices, networks, and connected systems.
If we become aware of a security incident involving unauthorized access to personal information, we will assess the incident and take steps required by applicable law and applicable agreements.
Where the Services involve processing of personal information on behalf of a Customer, Trillet will notify affected Customers without undue delay and, where feasible, within seventy-two (72) hours after confirmation of a security incident involving unauthorized access to Customer Data, unless legal restriction, law-enforcement request, or active investigation requires delay. Where a signed data processing agreement, business associate agreement, standard contractual clauses, or other mandatory data-transfer or regulated-data exhibit imposes a stricter incident-notice standard for covered data, the stricter standard controls for the covered data.
Where required by applicable law, we will notify affected Customers, individuals, regulators, or other parties in accordance with applicable legal obligations.
Customers are responsible for notifying their own End Users, clients, regulators, or other parties where Customer is legally responsible for doing so, unless an applicable agreement states otherwise.
Depending on your location and the context in which we process your personal information, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, information about processing, or appeal of a denied request.
You may also have rights to opt out of certain marketing communications, targeted advertising, sale or sharing of personal information, profiling, or certain automated decision-making activities where applicable law provides those rights.
To exercise rights relating to your Trillet account or direct relationship with Trillet, contact us at support@trillet.ai.
If your request relates to personal information processed by Trillet on behalf of a Customer, we may refer your request to that Customer or require you to contact that Customer directly, unless applicable law requires otherwise.
We may need to verify your identity before responding to a request. We may decline or limit requests where permitted by law, including where fulfilling the request would affect another person's rights, interfere with legal obligations, compromise security, or relate to information we process on behalf of a Customer.
If applicable law gives you a right to appeal our decision, you may appeal by replying to our response or contacting support@trillet.ai with "Privacy Appeal" in the subject line.
Trillet is subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles where applicable.
Australian individuals may request access to or correction of their personal information. You may also contact us with privacy questions or complaints.
If you make a privacy complaint, we will take reasonable steps to respond within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.
Where required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988, Trillet will notify the Office of the Australian Information Commissioner and affected individuals of eligible data breaches.
Where Australian privacy law requires transparency about automated decision-making, this Privacy Policy describes the kinds of personal information that may be used in AI-assisted workflows and the kinds of decisions or actions those workflows may make or support. Customers remain responsible for determining whether their configured workflows require additional notices to individuals.
Depending on your U.S. state of residence, you may have rights to access, correct, delete, obtain a copy of personal information, opt out of targeted advertising, opt out of sale or sharing of personal information, opt out of certain profiling or automated decision-making, limit certain uses of sensitive personal information, or appeal a denied request.
Trillet does not sell personal information.
If we use cookies, pixels, advertising technologies, or analytics technologies that constitute "sale," "sharing," or "targeted advertising" under applicable U.S. state privacy laws, you may have the right to opt out of that use. Where required, Trillet will provide an opt-out mechanism, cookie preference tool, or other legally required method.
Where required by applicable law, Trillet will honor recognized universal opt-out mechanisms, such as Global Privacy Control, for browser-based opt-outs.
Where Trillet processes personal information as a service provider, processor, or contractor on behalf of a Customer, privacy requests should generally be directed to that Customer.
We do not knowingly sell or share personal information of individuals under 16.
This section applies to California residents where the California Consumer Privacy Act, as amended, applies.
In the preceding 12 months, Trillet may have collected the following categories of personal information:
We collect these categories from the sources described in Section 5 and use them for the purposes described in Section 6.
We may disclose these categories to the recipients described in Section 9.
Retention by category follows the practices described in Section 15 of this Privacy Policy.
We do not use or disclose sensitive personal information for purposes that require a right to limit under California law unless we provide the required notice and choice.
We do not knowingly sell or share personal information of individuals under 16.
California residents may exercise privacy rights by contacting support@trillet.ai. If your request relates to a Customer deployment, we may direct you to the relevant Customer.
Trillet does not currently offer self-service signup to customers located in the European Economic Area, the United Kingdom, or Switzerland for the processing of personal data subject to GDPR, UK GDPR, or Swiss data protection law. Customers in those jurisdictions should contact Trillet sales to execute the applicable data processing agreement and transfer mechanism before processing covered personal data.
If the GDPR, UK GDPR, Swiss FADP, or similar laws apply to your interaction with Trillet, you may have rights to access, correct, delete, restrict, object to processing, request portability, and withdraw consent where processing is based on consent.
Where applicable, the lawful bases for processing may include:
Where a Customer requires Trillet to process personal data subject to GDPR, UK GDPR, or Swiss law, Trillet and Customer will execute the applicable data processing agreement, Standard Contractual Clauses (as applicable), and other required transfer mechanisms before processing commences.
Where Trillet processes personal data of individuals located in the European Union or United Kingdom under a signed Data Processing Agreement and the nature or volume of processing triggers a representative requirement under Article 27 of the GDPR or UK GDPR, Trillet will appoint a representative and publish the contact information in this Privacy Policy and on our Trust Center at security.trillet.ai.
You have the right to lodge a complaint with your local data-protection authority.
You may opt out of promotional emails by using the unsubscribe link in the email or contacting us.
You may opt out of promotional SMS messages by replying STOP where supported.
Even if you opt out of promotional communications, we may still send transactional, administrative, billing, support, legal, and security-related communications.
Customers are responsible for managing End User opt-outs and suppression lists for Customer's own campaigns and workflows.
We may use cookies, pixels, analytics tools, advertising tools, and similar technologies as described in this Privacy Policy.
Where required, we will provide consent, opt-out, or preference-management tools for non-essential cookies, targeted advertising, sale or sharing, or similar processing.
You may be able to control cookies through browser settings or device settings. Blocking cookies may affect website or platform functionality.
Where required by applicable law, we will honor recognized browser-based opt-out signals such as Global Privacy Control for applicable website-based sale, sharing, or targeted advertising opt-outs.
The Services are not designed for individuals under 18, and Trillet does not knowingly collect personal information directly from individuals under 18 for self-service account creation or self-service use.
Where applicable law sets a lower age threshold (such as COPPA in the United States for children under 13, or GDPR for individuals under the age of digital consent in the relevant member state, typically 13 to 16), Trillet does not knowingly collect personal information from individuals below those thresholds.
Customers must not use the Services to collect or process children's personal information unless the applicable use case, consent structure, and written agreement expressly permit it and comply with applicable law.
If we become aware that we have collected personal information from a child in violation of this Privacy Policy, we will take appropriate steps to delete or restrict that information.
Some browsers transmit "Do Not Track" signals. There is no uniform standard for responding to these signals, and Trillet does not currently respond to them unless required by applicable law.
Where a browser signal is legally recognized as a privacy opt-out mechanism, such as Global Privacy Control in certain jurisdictions, we will treat it according to applicable law.
We may update this Privacy Policy from time to time. If changes are material, we will make reasonable efforts to provide notice, such as by posting the updated Privacy Policy, updating the effective date, emailing account owners, or providing in-product notice.
Your continued use of the Services after the updated Privacy Policy becomes effective means the updated policy applies to future processing.
Material changes that expand our rights to use previously collected personal information will not be applied retroactively unless we provide additional notice and, where required, obtain consent.
If you have questions about this Privacy Policy or want to exercise privacy rights, contact us at:
By email: support@trillet.ai
By mail:
Zerodue AI Pty Ltd trading as Trillet AI
The Commons Cremorne
10-20 Gwynne St
Cremorne VIC 3121
Australia