Privacy Policy
Last updated: 16 June 2026
This policy explains how Always Building AI Pty Ltd ("we", "us", "our") collects, uses, stores, and shares personal information when you use the My Plan BFF service ("the service"). It is written to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
About us
Always Building AI Pty Ltd \ ABN: 32 697 570 344 \ 20 Stratton Terrace, Wynnum, Queensland 4178, Australia \ hello@alwaysbuilding.ai
We operate My Plan BFF, a digital assistant that helps families self-managing NDIS plans handle appointments, invoices, documents, and provider correspondence.
What this policy covers
This policy applies to all personal information we collect through:
- The My Plan BFF web dashboard at app.myplanbff.com.au
- The My Plan BFF Telegram bot
- The dedicated SMS number issued to each family
- The dedicated Gmail address each family creates and connects to the service
- Any communication you have with us by email or post
Information we collect
Information you give us directly
- Account details: family name, the primary user's name, email address, telephone number, and (where applicable) password (stored as a one-way cryptographic hash; we never see the plaintext).
- NDIS participant details: first names of the participants whose plans you manage. We do not collect NDIS participant numbers or plan dollar values directly; we infer spend categories from invoices you forward.
- Contacts: names, emails, phone numbers, and roles of providers, schools, support workers, and other people you wish the service to contact on your behalf.
- Communications content: every message you send to the bot via Telegram, SMS, or email — text, voice, photos, PDFs, and forwarded emails.
- Documents: invoices, appointment letters, therapy reports, school correspondence, and any other documents you forward or upload.
- Preferences: standing rules you set ("always book after 2pm", "split invoices 50/50 between Zach and River", etc.).
Information we collect automatically
- Technical data: IP address, browser/user-agent string, device type, request timestamps, and per-turn correlation identifiers used for debugging and abuse prevention.
- Usage data: the AI model calls made on your behalf, token counts, audio seconds transcribed, and costs incurred — used for billing transparency and to enforce per-family spend caps.
- Application logs: structured records of requests and errors, retained for up to 30 days.
Information we collect via integrations
When you connect your Google account, we receive:
- Your Google account email address
- An OAuth access token and refresh token (stored encrypted at rest)
- The ability to read, send, and modify items in your Google Calendar, Drive, Sheets, and Gmail inbox, scoped to the account you connect
We use these tokens only to perform the actions you ask the service to perform. We do not browse, index, or scrape your data outside of those actions.
Sensitive information
Some of the information above is sensitive information under the Privacy Act, including:
- Information about a person's disability or NDIS-funded supports
- Health information (when therapy notes, medical letters, or appointment details are forwarded)
- Information about minors (where participants are children whose plans are managed by a parent or guardian)
We collect this information only because it is necessary to deliver the service you have asked us to provide, and we treat it as sensitive throughout its lifecycle. By signing up and forwarding this information to the service, you are giving us your consent under APP 3 to collect and use it for the purposes described in this policy.
How we use your information
We use your information only to:
- Deliver the service — read invoices, log them to your Google Sheet, file PDFs to your Google Drive, capture appointments to your Google Calendar, send emails and SMS on your behalf, and respond to your messages.
- Operate the AI assistant — pass relevant context to the AI models we use so they can answer your questions and execute the tools you request.
- Maintain memory — store summaries of past conversations so the assistant remembers your preferences, your providers, and important context across sessions.
- Generate scheduled outputs — produce a daily briefing at the time you choose, and run an overnight memory-consolidation job.
- Support and debugging — investigate errors, respond to your support requests, and audit unusual activity.
- Billing and cost control — calculate AI and SMS costs incurred per family, and enforce a daily soft cap to prevent runaway spend.
- Comply with our legal obligations — including the Notifiable Data Breaches scheme administered by the Office of the Australian Information Commissioner (OAIC).
We do not:
- Sell your personal information to anyone
- Use your personal information for advertising or marketing of unrelated products
- Use your data to train the AI models we use (subject to vendor specifics below)
- Share your personal information with any party not listed in this policy
Who we share your information with
We use third-party service providers to deliver the service. Each provider receives only the information necessary for their role. Where a provider is outside Australia, we have considered the requirements of APP 8 (cross-border disclosure) and rely on contractual commitments and our own technical safeguards.
Infrastructure
| Provider | Location | What they handle |
|---|---|---|
| Railway | United States | Hosts our application servers and PostgreSQL database |
| Cloudflare | Global | DNS for our domain; offsite storage of encrypted database backups via Cloudflare R2 |
AI services
We use AI providers to understand your requests and to read the things you ask the assistant to act on. The content sent includes your messages to the assistant, relevant context (family details, participants, recent conversation history, memories), and — where relevant to a request — the contents of emails and attachments in your connected Gmail and documents you send or store. None of these providers use this data to train their models (see "Limited Use" below).
| Provider | Location | What they receive |
|---|---|---|
| Anthropic (Claude API) | United States | The assistant's reasoning calls and the content described above. Anthropic does not train its models on API inputs by default; standard retention is up to 30 days for abuse monitoring. |
| Google (Gemini via Vertex AI) | United States | For some families, the same reasoning calls and content — including email bodies, attachments, and documents — are processed by Google's Gemini models on Vertex AI instead of Anthropic. Google does not use Vertex AI inputs to train its models. |
| OpenAI (Whisper) | United States | Voice notes you send via Telegram, for transcription. Audio is sent, the transcript is returned, and we do not retain the audio. OpenAI does not train on API inputs by default. |
| AssemblyAI | United States | When you record an appointment, the audio is sent to AssemblyAI to produce a transcript. We have executed a Business Associate Addendum with AssemblyAI and activated their model-training opt-out (confirmed 9 June 2026); AssemblyAI does not use your recordings to train its models. |
| Voyage AI | United States | Short snippets of text used to compute semantic embeddings for memory and document search. We have enabled Voyage's opt-out-of-training setting, which gives zero-day retention. |
Messaging
| Provider | Location | What they handle |
|---|---|---|
| Telegram | Multiple jurisdictions | Routes messages between you and our bot. Telegram retains messages per their own policy. |
| Twilio | United States (HQ) | Sends and receives SMS using a dedicated Australian mobile number we provision for each family. Twilio retains message bodies per their own retention settings. |
Google Workspace (your own account)
When you connect a Google account, your Google Calendar, Google Drive, Google Sheets, and Gmail data remain on your Google account. We act only on your behalf via OAuth. Google is the data controller for the data stored on your account.
Files we save to your Google Drive (such as invoices, reports, and other documents) are private — they are not shared with anyone and have no public links. When you open a file from your My Plan BFF dashboard, our service fetches it securely from your Google Drive on your behalf and shows it to you — you never need to sign in to the connected Google account yourself. If you ask the assistant for a document in chat, it sends you the file directly. A file is only ever shared with another person when you explicitly ask the assistant to share it or email it to them.
Error monitoring
| Provider | Location | What they receive |
|---|---|---|
| Sentry | United States | Stack traces and contextual metadata when an error occurs in our application. Error events may contain small fragments of user-provided text. Retained for 90 days by default. |
We will only disclose your personal information to other parties if we are required to by law, by a regulator with jurisdiction, or in the context of a sale, merger, or insolvency of Always Building AI Pty Ltd (in which case the successor entity will be bound by an equivalent privacy commitment).
Limited Use of Google user data
My Plan BFF's use and transfer of information received from Google APIs (Gmail, Google Drive, Google Calendar, and Google Sheets) adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically:
- We use the access you grant to your Google account only to provide and improve the features you see and use in My Plan BFF — managing your provider email, filing your documents and invoices, and keeping your appointments and invoice records.
- We do not transfer this data to others except as needed to provide or improve those features (to the service providers listed above, acting on our instructions), to comply with applicable law, or as part of a merger or acquisition with your notice and consent.
- We do not use this data for any form of advertising.
- We do not allow humans to read your Google data, except: with your consent (for example, when you ask us for support); where necessary for security purposes, such as investigating abuse; or to comply with applicable law.
- We do not use your Gmail or Google Drive data, or data derived from it, to develop, improve, or train generalised or non-personalised artificial-intelligence or machine-learning models. Where your data is processed by our AI service providers (Anthropic, Google, OpenAI, AssemblyAI), it is used only to perform the specific task you asked for, and those providers do not train their models on it.
How we store and protect your information
- In transit: all connections between you, our servers, and third-party providers use TLS encryption.
- At rest in our database: stored on Railway's managed PostgreSQL with disk-level encryption.
- Backups: a daily encrypted snapshot of the database is taken at 3am AEST, encrypted client-side with a Fernet key held only by us, and uploaded to Cloudflare R2. Retention is 30 days.
- OAuth tokens: encrypted at rest in our database.
- Passwords: never stored. We hold a one-way cryptographic hash (bcrypt).
- Access control: every database query in our application is scoped by family identifier. Cross-family access is structurally prevented. Administrative access is limited to authorised personnel of Always Building AI Pty Ltd.
- Operational safeguards: per-family daily spend cap, kill-switch to pause an account, end-to-end correlation identifiers, and an ops alert channel that flags errors and unusual activity for human review.
No system is perfectly secure. If we become aware of unauthorised access to your personal information that is likely to result in serious harm, we will notify you and the OAIC in accordance with the Notifiable Data Breaches scheme.
How long we keep your information
- Active account data (messages, appointments, invoices, memories, contacts, documents): retained while your account is active.
- Account deletion: when you ask us to delete your account, we hard-delete the personally identifying records and wipe identifying fields on our families table within a reasonable timeframe. We retain anonymised cost and usage records (with no PII) for billing continuity.
- Application logs: up to 30 days.
- Database backups: up to 30 days (encrypted).
- Sentry error data: up to 90 days.
- Data held on third-party services: governed by that provider's retention policy. Where the provider is one you control (Google account, Telegram), retention is in your hands.
Your rights under the Privacy Act
You have the right to:
- Access the personal information we hold about you. Email us and we will provide a copy within 30 days.
- Correct information that is inaccurate, out of date, incomplete, or misleading. Most personal details can be edited from the Settings page in the dashboard; otherwise email us.
- Request deletion of your personal information. We will action this promptly. Information we are required to retain for legal or accounting reasons is described above.
- Withdraw your consent to our processing at any time by closing your account. This may end your ability to use the service.
- Complain about how we handle your information (see below).
To exercise any of these rights, email hello@alwaysbuilding.ai or write to the postal address at the top of this policy.
Children and participants who are minors
Some NDIS participants whose plans are managed through the service are children. We do not collect information directly from minors; the parent or guardian holding the account is responsible for the information they provide and consent to its processing on the child's behalf.
If you become aware that we hold information about a minor and you believe we should not, email us and we will work with you to address it.
Cookies and tracking
The web dashboard sets a single signed session cookie (httpOnly, Secure in production, SameSite=Lax) to keep you signed in. We do not use third-party advertising cookies, behavioural tracking, or analytics that profile you across sites. We use first-party server logs for application performance and security only.
Direct marketing
We do not use your personal information for direct marketing.
Cross-border data transfers (APP 8)
Most of the providers we use are based outside Australia, principally in the United States. By using the service, you consent to your personal information being transferred to and processed in those jurisdictions for the purposes described in this policy. We have considered the protections in place in each provider's jurisdiction and contractually require all providers to maintain confidentiality and appropriate security. Where a provider does not operate under privacy laws substantially similar to the APPs, we are not relieved of our APP obligations and remain accountable for your information.
Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be notified to you by email or via the dashboard before they take effect.
Complaints
If you have a privacy concern, the fastest way to resolve it is to email hello@alwaysbuilding.ai with the subject "Privacy complaint". We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner \ GPO Box 5288, Sydney NSW 2001 \ Phone: 1300 363 992 \ Web: www.oaic.gov.au
Contact
Always Building AI Pty Ltd \ 20 Stratton Terrace, Wynnum, Queensland 4178, Australia \ Email: hello@alwaysbuilding.ai