How we handle your personal information.

In this policy, “we”, “us”, and “Telova” refer to Telova Pty Ltd (ABN 40 698 337 450, ACN 698 337 450), an Australian Private Company with its registered office in Adelaide, South Australia.

Telova builds software, websites, custom CRM tools, and custom agents for Australian businesses, and operates platforms including Telova Handover and (in development) Telova Connect. This policy covers any personal information we handle in the course of those activities.

We collect only what we need to operate the website, respond to enquiries, and deliver services. Specifically:

• Contact form submissions: full name, work email, the service or platform you nominated, and the content of your message.
• Anonymous usage analytics: via Vercel Analytics. This is cookieless and uses hash-based, rotating session identifiers; we do not receive personally identifying information from this source.
• Service delivery information: where you become a client, we collect the contact and operational information required to deliver the engagement (typically: names and emails of project contacts, billing details, and operational data relevant to the build).
• Server logs: our hosting provider (Vercel) captures standard request metadata such as IP address, user agent, and timestamps for operational, debugging, and abuse-prevention purposes.

We do not knowingly collect personal information from children under 16, and we do not collect sensitive information (as defined in the Privacy Act) through the public website.

• To respond to enquiries you submit through the contact form.
• To deliver the services or products you have engaged us for, and to administer the commercial relationship (invoicing, support, status updates).
• To understand how the website is used in aggregate so we can improve it. This is done without identifying any individual.
• To meet our legal and tax obligations (for example, retaining financial records under the Income Tax Assessment Act).
• To protect the website and our infrastructure from abuse, spam, fraud, and security threats.

We do not sell your personal information, and we do not use it for advertising profiling.

We share personal information only with service providers who help us run the business, and only to the extent necessary. The current set of providers is:

• Vercel Inc. (United States) for website hosting, edge delivery, and cookieless analytics.
• Resend (Hapsule, Inc.) (United States) for transactional email delivery of contact form submissions to our team mailboxes.
• Microsoft Corporation (Microsoft 365 services, where applicable for email and productivity) under the Microsoft Online Services Terms.
• GitHub, Inc. (a Microsoft subsidiary, United States) for source-control of the website and project code.

We may also share information where we are required to by Australian law, by court order, or by a properly empowered regulator (for example, the Australian Taxation Office or the Office of the Australian Information Commissioner).

Some of the service providers listed above are located outside Australia. By using this website or engaging us for services, you acknowledge that your personal information may be processed and stored in:

• United States (Vercel hosting, Resend email delivery, GitHub source control, Microsoft 365 services where applicable)
• European Union (Microsoft 365 services, where data is held in EU data centres)

We take reasonable steps to ensure overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles, primarily by selecting reputable providers whose contracts and data processing terms align with APP 8.

Personal information is stored on managed infrastructure provided by the third parties named above. We rely on those providers' security controls (encryption in transit and at rest, access controls, monitoring, vulnerability management) and apply our own controls on top: limited access on a need-to-know basis, strong authentication for our team accounts, and minimisation of what we collect in the first place.

Despite reasonable security measures, no internet-based system is completely immune from unauthorised access. If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme.

• Contact form submissions: retained while we are in active correspondence with you and for up to 24 months afterwards, then deleted unless we have a continuing legal obligation to keep them.
• Client engagement records: retained for the duration of the engagement and for at least 7 years afterwards, to satisfy Australian tax and corporate record-keeping obligations.
• Anonymous analytics: retained in aggregate form, with no individual identification, by Vercel.

You have the right to:

• Request access to the personal information we hold about you.
• Request correction of any personal information that is inaccurate, out of date, incomplete, or misleading.
• Withdraw any consent you have previously given for us to use your personal information for a specific purpose.
• Request deletion of your personal information, subject to any continuing legal obligation we have to retain it (such as financial records).
• Make a complaint about how we have handled your personal information.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

This website uses Vercel Analytics, which is cookieless and uses rotating hash-based session identifiers rather than cookies. We do not use third-party advertising cookies, social-media tracking pixels, or cross-site retargeting tools.

The website may set technical cookies that are strictly necessary for the site to function (for example, to remember your accessibility preferences for the duration of a visit). You can disable cookies in your browser; some site features may behave differently if you do.

If you believe we have not handled your personal information in accordance with the Australian Privacy Principles, you can lodge a complaint with us by emailing the address below. We will acknowledge your complaint within 7 days and investigate it within 30 days.

If you are not satisfied with our response, you can refer the complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

We may update this policy from time to time, for example when we add new services or change service providers. The current version is always available at this URL, and the “Last updated” date at the top reflects when it was last materially changed. Continuing to use the website after a change indicates your acceptance of the updated policy.