Privacy Policy
Last updated: 25 May 2026
Introduction
Synodos Pty Ltd (ABN 35 694 864 590) trading as Inside Voice ("Inside Voice", "we", "us", or "our") is committed to protecting the privacy of individuals in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website, use our services, or otherwise interact with us.
Information We Collect
We may collect the following types of personal information:
- Contact information: name, email address, phone number, business name, and job title when you enquire about our services or subscribe to communications.
- Business information: details about your business, licence type (e.g., AFSL), and content requirements when engaging our services.
- Usage data: information about how you interact with our website, including pages visited, time spent, and navigation patterns.
- Device information: IP address, browser type, operating system, and device identifiers.
How we collect personal information
- Directly from you: when you complete the contact form on this site, email us, or otherwise communicate with us.
- Automatically: when you browse this website, through cookies and similar technologies, your IP address and device information, and Vercel Analytics. Automatic collection is described in section 3.
- From advertising platforms: if you submit a lead form on a Meta platform (Facebook or Instagram), Meta passes the information you entered to us. This is described in section 6.
We do not buy, append, or enrich personal information from data brokers or third-party business-record or contact-enrichment services.
Collection notice (APP 5)
When you submit an enquiry through the contact form on this site, you are providing personal information to Synodos Pty Ltd t/as Inside Voice (ABN 35 694 864 590), which you can contact at info@insidevoiceagency.com. We collect the name, email address, company name, and message you choose to provide. We collect this information so that we can respond to your enquiry and keep a record of our communications. Providing it is voluntary — but if you do not provide it, we may not be able to respond to you. We do not use enquiry information for marketing without your separate consent.
In the ordinary course of providing our services we may disclose personal information to the service providers described in section 6, including overseas recipients in the United States, Ireland, and Germany. This Privacy Policy is the document that describes how we handle personal information; section 11 explains how you can ask to access or correct the personal information we hold about you. We retain enquiry data for 24 months from last contact and then delete it, in accordance with the retention schedule in section 10.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies — including browser storage — to make this website work, to remember your choices, and to understand how the site is used.
Types of technologies we use
- Essential and functional storage: required for the website to work and to remember your preferences, including your cookie consent choice. This cannot be switched off.
- Analytics: we use Vercel Analytics to understand, in aggregate, how visitors interact with the site. Analytics is a non-essential technology and loads only after you accept cookies (see below).
Consent and how non-essential cookies are controlled
When you first visit this site, a cookie consent banner appears. Non-essential technologies, including Vercel Analytics, do not load unless you select "Accept All Cookies". If you select "Decline", or take no action, only essential and functional storage is used. Your choice is remembered in your browser; to change it, clear this site's browser storage and the banner will appear again.
How long cookies last
- Session cookies: deleted when you close your browser.
- Persistent cookies: retained for up to 12 months from the date they are set, unless you clear them earlier.
Third-party analytics and your opt-out options
Vercel Analytics is the only third-party analytics provider used on this site. You can opt out by declining cookies on the consent banner, by enabling the "Do Not Track" signal in your browser, and through the controls described in Vercel's privacy policy at vercel.com/legal/privacy-policy.
We do not use the Meta Pixel or any Meta Conversions API integration on this site. Lead capture through Meta advertising platforms, where used, is collected on Meta's own infrastructure and transmitted to us as described in section 6.
How We Use Your Information
We use personal information for the following purposes:
- To provide and deliver our content infrastructure services
- To respond to enquiries and communicate with you about our services
- To send marketing communications (with your consent)
- To improve and optimise our website and services
- To comply with legal obligations and protect our rights
- To maintain audit trails and records as required for our services
Children's privacy
This site and the services it describes are intended for businesses and individuals aged 18 or over. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided us with personal information, please contact info@insidevoiceagency.com and we will take reasonable steps to delete it. This statement is aligned with the Children's Online Privacy Code currently in development under the Privacy and Other Legislation Amendment Act 2024.
Privacy reform and our handling of personal information
Privacy law in Australia is changing in stages, and we have built this policy around the obligations as they stand.
Privacy Act 2024 amendments — in force now
The Privacy and Other Legislation Amendment Act 2024 received Royal Assent on 10 December 2024. The following measures have already commenced:
- A doxxing offence in the Criminal Code, commenced December 2024, criminalising the malicious release of an individual's personal data.
- A statutory tort for serious invasions of privacy (Schedule 2 of the 2024 Act), commenced 10 June 2025. Individuals can take direct civil action where the conduct was intentional or reckless and the privacy interest was serious.
Privacy Act 2024 amendments — enacted, commencing later
Other measures in the 2024 Act are enacted but commence in the future:
- Automated decision-making transparency obligations (Schedule 1 of the 2024 Act), commencing 10 December 2026.
- A Children's Online Privacy Code, under development by the Information Commissioner.
Tranche 2 (progressing)
A second wave of reform is progressing through the Australian Parliament. On its current trajectory it is expected to:
- Introduce a "fair and reasonable" handling test as an overarching standard.
- Broaden the definition of personal information.
- Narrow or remove the small business exemption.
We will update this Privacy Policy to reflect Tranche 2 obligations as they are enacted.
How we apply these obligations
Inside Voice writes and applies this Privacy Policy as if it were an APP entity, regardless of whether the small business exemption currently applies to us. We do not rely on that exemption to lower the standard at which we handle personal information.
Our AI privacy commitments
Inside Voice uses AI-assisted tools as part of our content infrastructure services. Our commitments:
- Privacy by design: Our content drafting model does not receive client personal information. Content is drafted from documented voice files, regulatory references, and approved source material. Lead capture and CRM pipelines, which do handle personal information, are governed separately by the controls described in sections 6 and 8.
- No training on client data: We do not use client content, personal information, or business data to train AI models.
- Human oversight: All AI-generated content passes through a two-stage human approval process before publication. AI assists the drafting process. Humans make the decisions.
- Transparency: We maintain clear records of where AI is used in our content pipeline and can provide this information upon request.
Disclosure of Information
We may disclose personal information to:
- Service providers who assist in delivering our services (e.g., hosting providers, analytics services)
- Professional advisers (lawyers, accountants) when necessary
- Regulatory authorities when required by law
Overseas disclosure of personal information (APP 8)
In the course of operating our website and platform, we use the following service providers (sub-processors), some of which are located overseas:
- Vercel Inc. (United States) — website hosting, edge runtime, and Vercel Analytics.
- Anthropic PBC (United States) — the Claude API, used for content drafting.
- Google LLC (United States) — Google Workspace email and Drive.
- Airtable Inc. (United States) — tenant data tables.
- Voyage AI Inc. (United States) — embeddings for anti-duplication memory.
- n8n GmbH (Germany) — workflow automation.
- Meta Platforms Ireland Ltd (Ireland) — Lead Ads and content-publishing API; data subsequently flows to the United States.
- Resend Inc. (United States) — transactional email delivery for contact-form submissions.
Newsletter delivery is not provided by Inside Voice as a sub-processor. Where a paid engagement includes newsletter publishing, we integrate with the newsletter platform the client already uses. Each client's newsletter sub-processor, if any, is set out in the applicable Master Services Agreement and is not pre-listed here. If a newsletter provider becomes a standing part of our stack, it will be added to the list above.
We have entered into Data Processing Agreements with each of the sub-processors listed above. These agreements are based on each sub-processor's standard data protection terms, which are aligned with international privacy frameworks but are not specifically warranted as compliant with each Australian Privacy Principle. We are taking reasonable steps to ensure these recipients handle personal information consistently with the APPs.
By submitting personal information through the contact form on this site, you consent to the disclosure of that information to the overseas recipients listed above, and you acknowledge that Inside Voice cannot guarantee the recipient will handle the information consistently with the APPs in all respects. You may withdraw this consent at any time by contacting info@insidevoiceagency.com, in which case we will explain what services we can continue to provide without overseas disclosure. This consent relates to information you submit through the contact form on this site; personal information submitted through Meta Lead Ads is collected on Meta's platforms and is addressed below.
Enquiry submissions are processed by Resend, which stores message content in the United States for delivery purposes; messages received are then stored in Inside Voice's primary inbox at info@insidevoiceagency.com.
Meta Lead Ads enquiries
Meta Lead Ads. Inside Voice runs lead forms on Meta platforms (Facebook and Instagram). When you submit one of these lead forms, Meta transmits the information you entered to us. This typically includes your name, email address, phone number, and any custom fields the form asked for, such as business name or licence type. We use this information to follow up with you about the services the form advertised and, where you have consented, to send related marketing communications. We retain this enquiry data for 24 months from last contact, in line with the retention schedule in section 10. You can ask us to stop contacting you, or to delete this information, at any time by emailing info@insidevoiceagency.com.
No list broking.Information collected through Inside Voice's lead capture is used by Inside Voice for the purposes set out above. We do not on-sell it, and we do not transfer it to any third-party advertiser or list broker.
Meta's role in the data flow. When you interact with our lead forms on Meta platforms, Meta also collects and uses information under its own data practices, set out in Meta's Privacy Policy. Meta acts as the controller of the information it collects on its own platforms; Inside Voice acts as the controller of that information once it is received by us.
We do not sell, rent, or trade personal information to third parties for marketing purposes.
Meta platform data (Facebook and Instagram)
When a business client engages Inside Voice and authorises us in Meta Business Manager, we receive limited "Platform Data" from Meta to operate the agreed services on the client's behalf. The client retains full control of the underlying accounts and can revoke our access at any time from their own Business Manager.
What we receive
For each client, we receive only what is required to run their agreed services:
- Basic identifying information for the Facebook Page, Instagram Business account, and Ad Account assigned to us (account name, account ID, profile picture).
- Aggregate engagement metrics on the content we publish (impressions, reach, reactions, link clicks, comment counts, saves, shares).
- Where engaged for Meta Lead Ads, lead form submissions from the client's lead forms (name, email, phone, and any custom fields the client has chosen to include on the form).
We do not receive or store login credentials for any client account. We do not access direct messages or the text of individual comments. We do not access accounts that have not been explicitly assigned to Inside Voice by the client.
What we do with it
Inside Voice acts as a data processor on behalf of the client. The data described above is used only to:
- Publish content the client has approved to their Facebook Page and Instagram Business account.
- Report performance back to the client.
- Operate Lead Ads campaigns where engaged, and pass lead submissions to the client's nominated systems (typically the client's CRM or email platform).
How long we keep it
- Account identifying information: held while the client engagement is active, then deleted within 30 days of the engagement ending.
- Engagement and ad performance metrics: 24 months, then deleted.
- Lead form submissions: 24 months from the last contact with the lead, then deleted (per the Meta Lead Ads enquiries section of this policy, section 6).
Revocation and deletion
A client can revoke Inside Voice's access at any time by removing Inside Voice as a Partner in their Meta Business Manager. Revocation takes effect immediately and disables all further publishing, metric retrieval, and ad operations for that client.
To request deletion of any Meta-derived data Inside Voice holds, the client, or any individual whose personal information we hold, can use the deletion request page or email info@insidevoiceagency.com. We action verified deletion requests within 30 days.
Compliance
Inside Voice operates as a Meta-approved Tech Provider and our app is subject to Meta App Review. We follow Meta's Platform Terms and the Developer Data Use Policy, and we apply the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) to all personal information we handle.
Data Security
We take reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure.
Traffic to and from this website travels over encrypted HTTPS/TLS connections. When you submit the contact form on this site, your enquiry is transmitted over TLS to our transactional email provider for delivery to info@insidevoiceagency.com. The overseas recipients involved in that delivery are listed in section 6.
We review our security measures periodically and update them as our service evolves.
Direct Marketing
We send marketing communications only in accordance with Australian Privacy Principle 7 and the Spam Act 2003 (Cth).
- Legal basis: we send marketing communications where you have consented to receive them, or where you are an existing customer and the communication is within your reasonable expectations (the inferred-consent basis recognised by APP 7.3).
- Sender identification: every commercial electronic message we send identifies Inside Voice as the sender and includes our contact details.
- Unsubscribe: every marketing message includes a functional unsubscribe facility. You can also opt out at any time by emailing info@insidevoiceagency.com.
- Acting on opt-outs: we action opt-out requests within 5 business days.
- Records: we keep records of marketing consent and opt-out requests for 7 years, as set out in the retention schedule in section 10.
Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:
- Enquiry data, where an enquiry does not convert to a paid engagement: 24 months from last contact.
- Client service records and audit logs: 7 years from the end of the engagement, aligned with the record-keeping expectations under section 988B of the Corporations Act 2001 (Cth) applicable to our licensed clients, and with AFCA dispute-handling timeframes.
- Analytics data: 12 months.
- Marketing consent and opt-out records: 7 years from collection or last update.
- Session cookies: until you close your browser.
- Persistent cookies: 12 months from the date they are set.
Your Rights
Under the Privacy Act, you have the right to:
- Access personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information (subject to legal requirements)
- Opt out of marketing communications at any time
- Lodge a complaint if you believe we have breached the APPs
Accessing and correcting your information (APP 12 and APP 13)
- How to request: email info@insidevoiceagency.com and tell us what you would like to access or correct.
- Verification: we may ask you to verify your identity, to a degree proportionate to the sensitivity of the information requested.
- Response time: we respond within 30 days, consistent with APP 12.4 and OAIC guidance.
- If we refuse: where we are permitted to refuse access or correction under APP 12.3, we will give you our reasons in writing and tell you how to complain.
- Cost: there is no fee for making a request. We may charge a reasonable amount to recover the cost of giving access where the work involved is substantial, in accordance with APP 12; we will tell you before any such charge applies.
Data Breach Response
We are implementing an internal incident response procedure aligned with the Notifiable Data Breaches (NDB) scheme. Suspected eligible data breaches are assessed within 30 days, in accordance with Part IIIC of the Privacy Act 1988 (Cth). If a breach is assessed as eligible, we will notify the Office of the Australian Information Commissioner and affected individuals as soon as practicable.
Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:
Synodos Pty Ltd t/as Inside Voice
ABN 35 694 864 590
Email: info@insidevoiceagency.com
Website: insidevoiceagency.com
Privacy matters are handled through the same general inbox. We respond to access, correction, and complaint requests within 30 days, in accordance with APP 12.4.
We maintain an internal Standard Operating Procedure covering inbox monitoring, privacy-request triage and logging, response within the timeframes published above, and coverage of the obligation during the primary owner's absence. The procedure is reviewed quarterly.
Complaints
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.