SourCherry CRM
Privacy Policy

SourCherry CRM is a business systems platform designed to help customers manage leads, contacts, funnels, websites, bookings, communications, automations, AI-assisted workflows, courses and client relationships.

We handle personal information in two main ways. First, we handle information for our own business purposes, such as managing accounts, sales, billing, support, marketing and platform operations. Secondly, our customers may use the Platform to collect and manage information about their own leads, clients, students, contacts, prospects and end users. In those cases, the customer is usually responsible for deciding what personal information is collected, why it is collected and how it is used.

If your information was provided to SourCherry by one of our customers, or collected through a website, form, funnel, booking page, automation, email, SMS, call or course controlled by one of our customers, you should first contact that customer about privacy requests, consent, unsubscribe requests, access, correction or deletion. We may assist the customer where reasonably required and legally permitted.

Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable. This can include obvious details such as a name, email address or phone number, and can also include technical, usage, communication, transaction and account information where it can reasonably identify a person.

Sensitive information is a special category of personal information. It can include information about health, racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, criminal records, biometric information and other information treated as sensitive under Australian privacy law. We do not intentionally request sensitive information unless it is reasonably necessary for a specific service and we have a lawful basis to handle it. You should not upload sensitive information to the Platform unless you have authority, consent and a clear lawful reason to do so.

Depending on how you interact with SourCherry and the Platform, we may collect the following types of personal information:

• Account and identity information, such as your name, business name, role, username, account ID, login details, profile details and user permissions.
• Contact information, such as your email address, phone number, postal address, billing address, social media handle or other contact details you provide.
• Business information, such as your industry, business type, website, offer, marketing preferences, CRM setup, client acquisition goals, course progress, support needs and other information you provide when using our services.
• Billing and transaction information, such as plan type, payment status, invoice details, billing history, GST-related information and limited payment information. We generally use third-party payment processors and do not intentionally store full card details unless a secure payment provider makes tokenised or limited information available for billing purposes.
• Platform content and customer data, such as leads, contacts, form submissions, booking details, pipelines, notes, emails, SMS messages, call records, conversations, files, funnel pages, website content, automations, workflows, course content, student activity and other material uploaded, created, sent or received through the Platform.
• Support and communication information, such as emails, chat messages, ticket details, call notes, recordings where applicable, feedback, survey responses and information you provide when asking for help.
• Technical and usage information, such as IP address, device type, browser type, operating system, log data, pages viewed, features used, timestamps, error reports, security events, cookie identifiers, analytics information and other information collected automatically when you use the Platform.
• Marketing and advertising information, such as your communication preferences, campaign interactions, referral source, webinar registrations, lead magnet downloads, page visits, ad interactions, opt-in records and unsubscribe records.
• AI input and output information, such as prompts, instructions, messages, uploaded content, generated responses and workflow data processed through AI-assisted features or agents.

We may collect personal information directly from you when you create an account, purchase a plan, complete a form, book a call, join a course, contact support, send us a message, attend an event, subscribe to marketing, use an AI feature, upload data or otherwise interact with SourCherry.

We may collect personal information automatically when you visit our websites or use the Platform, including through cookies, pixels, analytics tools, server logs and similar technologies.

We may collect personal information from our customers when they upload, import, create, capture, send or receive information through the Platform. This can include information about their own leads, clients, prospects, students and contacts.

We may collect personal information from third parties where lawful, such as payment processors, communication providers, analytics providers, advertising platforms, calendar tools, integration partners, referral partners, public sources and service providers connected to the Platform.

If you provide personal information about another person, you must ensure you have the authority to do so and, where required, that the person has been given a privacy notice and any required consent.

We may use personal information for the following purposes:

• To provide, operate, maintain, personalise and improve the Platform, including CRM, funnels, websites, forms, bookings, pipelines, automations, memberships, courses, AI tools, support and communication features.
• To create and manage accounts, authenticate users, manage permissions, verify identity, secure access and administer subscriptions.
• To process payments, issue invoices, manage billing, collect unpaid amounts, apply GST where relevant and keep accounting and business records.
• To provide onboarding, training, customer support, technical support, troubleshooting, system setup, account administration and service notices.
• To enable communications through the Platform, including email, SMS, voice calls, chat, notifications, reminders, automated messages and customer-managed communications.
• To provide AI-assisted features, including drafting, summarising, responding, classifying, routing, analysing, generating content, supporting workflows and assisting with business systems.
• To monitor platform performance, detect errors, improve features, analyse usage, test updates, develop new services and make the Platform easier and safer to use.
• To send administrative messages, security alerts, service updates, billing notices, policy updates and other non-marketing communications.
• To send marketing communications where permitted, including newsletters, offers, product updates, webinars, training invitations and educational content. You can opt out of marketing communications at any time.
• To protect SourCherry, our customers, users and the public from fraud, misuse, spam, security threats, unauthorised access, unlawful conduct, policy breaches and other harmful activity.
• To comply with legal obligations, enforce our terms, respond to lawful requests, resolve disputes, protect rights and manage complaints.

Our customers may use SourCherry CRM to collect, store, process and communicate with their own leads, clients, prospects, students, members and contacts. This may include names, emails, phone numbers, messages, booking records, form responses, payment records, marketing preferences, call notes and other customer-controlled data.

Where a customer controls the reason for collecting and using that data, the customer is responsible for providing any required privacy notice, obtaining any required consent, ensuring the data is accurate and lawful, responding to privacy requests, honouring unsubscribe or opt-out requests, and using the Platform in accordance with applicable laws.

We may access or process customer-controlled data to provide the Platform, support the customer, maintain security, investigate misuse, comply with law, improve service reliability, perform backups, enable integrations, process communications and fulfil our contractual obligations.

If you are a lead, client, prospect, student or contact of one of our customers and you want access to, correction of, deletion of, or information about personal information held by that customer in SourCherry CRM, please contact the customer directly first. If you contact us, we may refer your request to the relevant customer unless the law requires otherwise.

SourCherry CRM includes communication tools that may allow customers to send emails, SMS messages, voice calls, voicemail drops, reminders, notifications, chat messages and other communications. Customers are responsible for ensuring their own communications are lawful, consent-based where required, accurate and not misleading.

For our own marketing, we may contact you by email, SMS, phone, social media, retargeting ads or other channels where permitted by law. We aim to obtain and maintain appropriate consent, identify ourselves clearly and provide a functional unsubscribe or opt-out option where required.

You can unsubscribe from our marketing emails or SMS messages using the unsubscribe link, reply option or instructions in the message, or by contacting us. We may still send you non-marketing messages about your account, billing, security, support, legal notices or service operation.

Customers using the Platform for marketing or telemarketing must comply with the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth), the Australian Consumer Law and any other rules that apply to their audience, industry and location.

The Platform may include AI-assisted features, agents or tools that help draft, summarise, classify, respond, analyse, generate, route or automate content and workflows.

AI features may process information you enter, upload, connect or instruct the Platform to use. This may include personal information. You should not enter sensitive information, confidential information or third-party personal information into AI features unless you have authority and a lawful reason to do so.

We do not intentionally use your personal information to train public, general-purpose AI models. Where AI providers or subprocessors are used, we take reasonable steps through platform configuration, vendor terms or contractual controls to limit the use of data to providing and improving the specific service, where available.

AI output may be incomplete, inaccurate or unsuitable for your circumstances. You are responsible for reviewing AI-generated content before relying on it, publishing it, sending it to others or using it in a business, legal, financial, health, employment or compliance context.

We may use cookies, pixels, tags, local storage, analytics tools and similar technologies to operate our websites and Platform, remember preferences, maintain sessions, improve performance, measure traffic, understand usage, detect errors, support security and deliver or measure marketing.

You can usually manage cookies through your browser settings. If you block or delete cookies, some parts of the Platform may not work properly.

Third-party advertising or analytics providers may also use cookies or similar technologies subject to their own privacy policies and settings.

We may disclose personal information to the following categories of recipients where reasonably necessary for the purposes described in this Privacy Policy:

• Our directors, employees, contractors, advisers and authorised support personnel who need access to perform their role.
• Technology providers, hosting providers, CRM infrastructure providers, communication providers, email/SMS/telephony providers, AI providers, analytics providers, support tools, payment processors, accounting providers, security providers, automation providers and other vendors that help us operate the Platform and our business.
• Integration partners and third-party services you choose to connect to the Platform, such as calendar, payment, social media, email, advertising, analytics, marketplace, domain, voice, messaging or other software providers.
• Our professional advisers, including accountants, lawyers, insurers, auditors and consultants.
• Regulators, government agencies, law enforcement bodies, courts, tribunals or other parties where required or permitted by law, or where reasonably necessary to protect rights, safety, security, property or legal interests.
• A buyer, investor, assignee, successor or adviser in connection with a proposed or actual business sale, merger, restructuring, financing, acquisition or transfer of assets.
• Any person or organisation you direct us to disclose information to, or where you otherwise consent.

Because SourCherry CRM uses cloud software, communication tools, AI tools, payment providers, analytics services, technical support and other third-party systems, personal information may be stored, accessed or processed outside Australia.

The countries where recipients may be located can change over time depending on our providers and their infrastructure. Where practicable, likely locations may include Australia, the United States, Canada, the United Kingdom, countries in the European Union or European Economic Area, Singapore, India, the Philippines and other countries where our service providers or their subprocessors operate.

Where Australian privacy law requires it, we take reasonable steps to ensure overseas recipients handle personal information in a way that is consistent with the Australian Privacy Principles or that another lawful basis for overseas disclosure applies.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure. These steps may include access controls, authentication, encryption in transit where supported, account permissions, monitoring, backups, security logging, staff and contractor access limits, vendor controls and administrative procedures.

No online platform, transmission method or storage system can be guaranteed to be completely secure. You are responsible for keeping your login credentials secure, using strong passwords, enabling available security features such as two-factor authentication where offered, managing user permissions carefully and notifying us promptly of suspected unauthorised access or misuse.

If we become aware of a data breach involving personal information and we are required by law to notify affected individuals, regulators or customers, we will take steps to assess and respond to the incident in accordance with applicable law.

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Platform, maintain accounts, support customers, comply with legal, tax, accounting and reporting obligations, resolve disputes, enforce agreements, maintain security and operate backups.

The period for which we retain information may depend on the type of information, the nature of your account, legal requirements, billing records, support history, backup cycles, dispute risk and operational needs.

If your account is cancelled or terminated, we may delete, de-identify or retain information in accordance with our terms, backup procedures, legal obligations and legitimate business needs. Some information may remain in backups, logs or archives for a limited period before deletion in the ordinary course of business.

Customers are responsible for setting appropriate retention practices for the personal information they collect and manage about their own leads, clients, prospects, students and contacts through the Platform.

You may request access to personal information we hold about you, or ask us to correct information you believe is inaccurate, out of date, incomplete, irrelevant or misleading. We may need to verify your identity before responding.

We will respond to access and correction requests within a reasonable time. Where Australian privacy law applies, we aim to respond within the timeframes required by law. If we refuse a request or provide limited access, we will explain our reasons where required or appropriate.

If your request relates to information controlled by one of our customers, we may ask you to contact that customer directly or we may refer your request to that customer.

You may also ask us to delete or de-identify personal information, stop sending marketing, withdraw consent where consent is the basis for processing, or provide more information about how we handle your information. Some requests may be limited by legal, contractual, operational, security or recordkeeping requirements.

If you have a privacy question, concern or complaint, please contact us using the details at the end of this Privacy Policy. Please include enough detail for us to understand and investigate the issue.

We will take reasonable steps to respond to privacy complaints within a reasonable time. If you are not satisfied with our response and Australian privacy law applies, you may be able to contact the Office of the Australian Information Commissioner (OAIC) for further information or to make a complaint.

The Platform is intended for business users and is not directed to children. We do not knowingly collect personal information from children under 16 for our own business purposes without appropriate authority or consent.

Customers must not use the Platform to collect personal information from children or minors unless they have a lawful basis to do so and comply with all applicable privacy, consumer, child protection and consent requirements.

The Platform may contain links to third-party websites, apps, payment processors, social media platforms, marketplaces, communication providers, analytics tools, AI providers or integrations. Third-party services are not controlled by SourCherry unless expressly stated.

When you use or connect a third-party service, that provider may collect, use, store or disclose personal information under its own privacy policy, terms and settings. You should review those documents before connecting or using third-party services.

We are not responsible for the privacy practices, security practices, content, availability or conduct of third-party services except to the extent required by law.

If you are a customer using SourCherry CRM for your own business, you are responsible for your own privacy compliance. This includes:

• Providing your own privacy policy or collection notice where required.
• Collecting personal information lawfully and fairly.
• Obtaining consent where required for email, SMS, calls, AI processing, recording, marketing or other communications.
• Maintaining accurate opt-in, opt-out, unsubscribe and consent records.
• Honouring unsubscribe, stop, correction, deletion and access requests where required.
• Ensuring your automations, funnels, forms, websites, messages and integrations are configured lawfully.
• Avoiding the upload or use of sensitive information unless lawful, necessary and authorised.
• Responding to your own customers, leads, prospects, students and contacts about how you handle their personal information.

If SourCherry or Shammasi Pty Ltd is involved in a business sale, merger, restructure, acquisition, financing, asset transfer or similar transaction, personal information may be disclosed to advisers, prospective buyers, investors or successors where reasonably necessary and subject to appropriate confidentiality or legal requirements.

We may update this Privacy Policy from time to time to reflect changes to our Platform, business, legal obligations, technology, providers or privacy practices. The updated version will be posted on our website or made available through the Platform with a revised 'Last Updated' date.

Where required by law or where changes are material, we may take additional steps to notify you. Your continued use of the Platform after an updated Privacy Policy is posted means the updated policy applies from the date it becomes effective.

For privacy questions, access or correction requests, complaints, unsubscribe requests or concerns about this Privacy Policy, contact us using the details below:

• Business name: Shammasi Pty Ltd trading as SourCherry
• ABN: 92 653 318 202
• Address: 5/531 Hay St, Subiaco WA 6008, Australia
• Phone: +61 485 004 444
• Email: support@sourcherry.ai