GEVADE CRM Privacy Policy

Privacy Policy — GEVADE CRM

Last Updated: 4 December 2025
Operated by GEVADE Pty Ltd (ABN 87 638 447 097)

This Privacy Policy explains how GEVADE Pty Ltd (“GEVADE CRM”, “we”, “our”, “us”), based in Adelaide, South Australia, collects, uses, discloses, stores and protects your personal information when you interact with our websites, CRM platform, applications, marketing systems, AI automation tools and services.

We comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), relevant South Australian laws, and international best-practice standards including the GDPR and CCPA/CPRA where applicable.

1. About GEVADE Pty Ltd

GEVADE CRM is an AI-driven customer management, automation, scheduling, marketing and business operations platform serving home-services companies across Australia and internationally.

Business Legal Name: GEVADE Pty Ltd
ABN: 87 638 447 097
Registered Address:
Level 30, Westpac House
91 King William St
Adelaide SA 5000
South Australia

For privacy matters, GEVADE Pty Ltd is the data controller for platform-wide personal information and the data processor for all personal information uploaded by customers into GEVADE CRM.

2. Purpose of This Privacy Policy

  • what personal information we collect;
  • how we collect it;
  • how we use, share and store it;
  • how long we retain it;
  • how we protect it;
  • your rights and choices;
  • how AI automation interacts with personal information;
  • how to lodge complaints.

3. What This Policy Covers

  • our websites;
  • GEVADE CRM platform and apps;
  • email and SMS communications;
  • marketing and analytics systems;
  • integrations and APIs.

4. Definitions (Legal)

  • Personal Information
  • Sensitive Information
  • Customer
  • End Customer Data
  • Processing
  • Data Controller
  • Data Processor

5. Personal Information We Collect

We collect different types of data depending on how you use the GEVADE CRM Platform.

5.1 Account Information

  • Full name
  • Phone number
  • Email address
  • Business name, ABN, trading names
  • Industry category and business profile

5.2 Billing & Subscription

  • Billing name, email and address
  • Plan type (Starter, Growth, Empire)
  • Invoices, receipts, payment confirmations
  • Credit card or payment information processed by PCI-DSS compliant third parties

5.3 Technical & Device Information

  • IP address and geolocation metadata
  • Device type, OS version, browser info
  • Login events, failed logins, security events
  • Tracking events, funnel events, session data

5.4 Usage & Behavioural Data

  • Features used in the CRM
  • Automations triggered
  • Calendar activity
  • Pipeline and sales activity
  • AI assistant interactions

5.5 End Customer Data (CRM Contacts)

You may upload, create or sync contact data for your clients. This may include:

  • names, emails, phone numbers
  • service history and job notes
  • addresses and appointments
  • invoices and payments
  • tags, forms and custom fields
  • SMS and email communications

You remain the controller of this data, and GEVADE acts strictly as your processor.

5.6 Communications

  • support chats
  • training calls
  • email support history
  • social media interactions

5.7 Marketing & Lead Generation

  • form submissions (demo, trial, contact forms)
  • waitlist opt-ins
  • campaign tracking parameters
  • advertising analytics

6. Sensitive Information

GEVADE CRM does not intentionally collect sensitive information such as health data, racial origin, political opinions or biometric data.

If you voluntarily upload such information (e.g., a photo containing personal attributes), you are responsible for ensuring that doing so complies with the Privacy Act. We will process it only as part of delivering the CRM services.

7. How We Collect Personal Information

  • Directly from you when you create an account or use the platform.
  • Automatically via cookies, tracking scripts and device logs.
  • Through integrations (Google, Meta, calendars, payment gateways).
  • Through forms such as free trial, demo, contact forms and surveys.
  • From your employer if you are added as a team member inside an account.
  • From publicly available sources (business directories, etc.).

8. Legal Basis for Processing

While GEVADE is an Australian company, we adopt global privacy standards.

  • Consent — for marketing, cookies, optional features.
  • Contract — to provide CRM services you subscribed to.
  • Legitimate Interests — fraud prevention, service improvement.
  • Legal Obligation — tax, accounting, law enforcement requests.

9. How We Use Personal Information

We use your information to:

  • create and maintain your GEVADE CRM account
  • process payments and manage subscriptions
  • deliver CRM tools, messaging, pipelines & automations
  • perform analytics to improve the platform
  • enhance security and prevent fraud or abuse
  • send product updates, notices and security alerts
  • conduct marketing where permitted by law

10. AI & Machine Learning Data Processing

GEVADE CRM includes AI-based and automation features. When you use them, inputs may be processed by AI systems to generate outputs.

AI inputs may include:

  • message text
  • contact details
  • lead details
  • prompt instructions
  • uploaded content

AI outputs may include:

  • suggested replies
  • draft emails and SMS
  • workflow recommendations
  • AI-generated summaries

AI systems may occasionally generate incorrect or unexpected results. You must review AI outputs before use.

GEVADE does not sell or use your data to train third-party AI models.

11. Cookies & Tracking Technologies

We use:

  • Google Analytics 4 (GA4)
  • Meta Pixel & Conversions API
  • GHL tracking scripts
  • Session tracking tools
  • Heatmaps (from time to time)
  • Google reCAPTCHA (fraud detection)

You may disable cookies, but some features will not function.

12. Sharing Personal Information

We may share your personal information with:

  • Service providers — hosting, email/SMS gateways, analytics.
  • Payment processors — Stripe, PayPal, etc.
  • Legal authorities — if required by law.
  • Business transfer entities — in case of acquisition or merger.

GEVADE does not sell personal information.

13. International Data Transfers

GEVADE CRM is hosted on cloud infrastructure located in Australia and internationally. Some providers may store data in:

  • Australia
  • United States
  • European Union
  • Asia-Pacific regions

We ensure adequate protections for all transfers in accordance with Australian laws and GDPR requirements.

14. Data Storage & Security

We take reasonable technical and organisational measures to protect your information, including:

  • encryption in transit (HTTPS)
  • role-based permissions
  • 2FA enforcement for sensitive actions
  • audit logs
  • DDoS and intrusion monitoring

However, no online service is ever 100% secure.

15. Data Retention

We keep information only as long as necessary for legal, operational or contractual purposes:

  • account data — until deletion request
  • billing data — minimum 5 years (legal requirement)
  • support logs — 12–24 months
  • backups — rotated and purged after defined retention cycles

You may request deletion subject to legal restrictions.

16. Access, Correction & Your Rights

Australian, EU and US users may:

  • request access to personal information
  • request correction or updates
  • request deletion
  • request data portability
  • object to certain processing
  • withdraw consent

17. Children’s Privacy

GEVADE CRM is not intended for children under 16. We do not knowingly collect children’s data.

18. Third-Party Links & Integrations

Our platform may contain links to third-party websites and integrations. We do not control their privacy practices.

19. Data Accuracy & User Responsibilities

We take reasonable steps to ensure the personal information we store is accurate, complete and up-to-date. However, you are responsible for ensuring that:

  • the information you enter into GEVADE CRM is correct;
  • the data you upload about your customers complies with Australian privacy law;
  • all contact lists imported into the CRM are lawfully obtained;
  • your customer communications comply with the Spam Act 2003 (Cth);
  • your stored information is regularly updated or corrected as needed.

If you become aware that data stored in your account is incorrect or outdated, you must correct it promptly. You may request GEVADE support assistance if required.

20. Email, SMS & Communications Compliance

GEVADE CRM provides communication tools including SMS, email broadcasts, marketing funnels, automated messages and AI-generated replies. These features must be used in compliance with:

  • Spam Act 2003 (Cth) — Australia’s anti-spam legislation;
  • TCPA (United States) where relevant;
  • GDPR e-privacy requirements for EU contacts;
  • Carrier and telecom rules for SMS delivery;
  • Meta/Google messaging policies when sending via integrated channels.

You are solely responsible for ensuring messages sent from your account comply with the laws of your jurisdiction and the jurisdiction of your recipients.

21. Automated Decision-Making

GEVADE CRM contains AI-driven tools that may automate actions such as:

  • lead scoring or prioritisation;
  • automated follow-up messaging;
  • task or reminder creation;
  • workflow execution based on conditions;
  • predictive suggestions.

These automations operate under rules you configure within the CRM. You may disable or modify each automation individually. None of these automations remove your responsibility to review and validate outputs when required by law.

22. Voice, Call Tracking & Call Recording

GEVADE CRM may integrate with call tracking systems that collect:

  • caller ID information;
  • call duration and status;
  • call recording (if enabled and lawful).

If you use call recording features, you are responsible for:

  • complying with South Australian listening device laws;
  • obtaining consent from all call participants if required;
  • clearly disclosing that calls may be monitored or recorded.

GEVADE does not listen to or transcribe recordings unless requested for support and only with authorisation.

23. Web Chat, Forms & Lead Collection

When you use GEVADE CRM website widgets or forms, we process:

  • form submissions;
  • tracking metadata;
  • page behaviour (scroll, click, dwell time);
  • browser and device identifiers.

You must provide your customers with your own privacy notice informing them of these tracking methods.

24. Advertising Data & Pixel Integrations

GEVADE CRM integrates with advertising platforms including:

  • Google Ads
  • Google Analytics 4
  • Meta (Facebook & Instagram)
  • TikTok
  • LinkedIn

These platforms may collect or receive information such as:

  • page views and events;
  • conversion tracking data;
  • session identifiers;
  • hashed contact details for audience matching (if enabled).

GEVADE does not sell or rent this data. Processing occurs strictly for analytics, attribution and ad optimisation.

25. Online Payments & PCI Compliance

Payment data is securely processed through third-party PCI-DSS certified payment processors (e.g., Stripe, PayPal, or other integrated platforms).

GEVADE does not store:

  • full credit card numbers;
  • CVV codes;
  • bank account access credentials.

We maintain only limited billing metadata for invoicing and compliance purposes.

26. Financial Data & Invoicing Records

We retain invoicing data for a minimum of 5 years in accordance with the Australian Taxation Office (ATO) requirements and corporate recordkeeping standards.

This data includes:

  • invoice numbers and transaction history;
  • billing addresses;
  • subscription plans and add-ons;
  • payment confirmations.

We cannot delete financial records earlier than legally permitted.

27. CRM Contact Synchronisation & API Integrations

When you sync GEVADE CRM with external services (Google, Outlook, Xero, calendars, payment gateways, etc.), data may be transmitted securely to facilitate:

  • contact synchronisation;
  • calendar bookings;
  • invoice creation;
  • workflows and automations;
  • task assignment;
  • lead tracking.

Integrations follow the security standards of their respective platforms.

28. Cross-Border Data Transfers (Australia → Global)

GEVADE CRM is operated from Adelaide but uses a distributed cloud infrastructure. Therefore, data may be processed in:

  • Australia
  • United States
  • European Union
  • United Kingdom
  • Singapore
  • Other secure data regions

All transfers comply with the APPs and comparable GDPR safeguards.

29. Data Breaches & Incident Response

GEVADE follows the Notifiable Data Breaches (NDB) Scheme under Australian law.

If a breach is likely to cause serious harm, we will:

  • promptly investigate the incident;
  • take corrective action;
  • notify affected users;
  • notify the Office of the Australian Information Commissioner (OAIC);
  • document the incident for compliance.

30. Data Portability

You may request a copy of your data in a machine-readable format (CSV, JSON or equivalent) subject to verifying your identity.

Export functions are also available inside GEVADE CRM for contacts, pipelines and reports.

31. Data Deletion & Account Closure

You may request account deletion at any time. Upon deletion:

  • your account is deactivated;
  • your CRM data is flagged for permanent removal;
  • backup systems may retain encrypted copies for up to 90 days;
  • billing records remain for legal compliance.

End Customer Data may also be erased if you request full data purging.

32. Third-Party Service Providers (Full Transparency)

We use reputable service providers for cloud hosting, analytics, email delivery, SMS routing, payment processing and AI functionality. These providers may process personal information solely for the purpose of delivering their service.

Categories of providers include:

  • cloud hosting & compute infrastructure;
  • email & SMS gateways;
  • payment processors;
  • security systems;
  • AI inference engines;
  • data backup systems;
  • marketing attribution platforms.

All providers operate under strict confidentiality obligations.

33. Employee Access Controls

GEVADE staff may access customer data only when necessary for:

  • technical support;
  • security investigations;
  • troubleshooting;
  • service maintenance.

All access requires:

  • multi-factor authentication;
  • role-based permission checks;
  • encrypted connections;
  • internal approvals and logging.

34. Anonymised & Aggregated Data

We may transform collected data into anonymised statistical information for:

  • product improvement;
  • industry benchmarking;
  • AI model optimisation;
  • security risk modelling.

Anonymised data cannot be used to identify individuals and falls outside the scope of personal information under the Privacy Act.

35. Behavioural Analytics & Heatmaps

We may use session replays, heatmaps and behavioural testing tools for UX improvement. These tools may capture:

  • mouse movements;
  • scroll activity;
  • anonymous interaction data;
  • funnel drop-off behaviour.

Keystrokes in sensitive fields (passwords, financial fields) are never collected.

36. AI Chatbots & Virtual Assistants

GEVADE CRM includes AI chatbots that interact with users or customers. These tools may process:

  • chat transcripts;
  • intent recognition patterns;
  • support queries;
  • contact details provided voluntarily.

You are responsible for informing your customers if your website uses AI chat or automated responses.

37. System Logs, Auditing & Security Monitoring

GEVADE CRM automatically collects logs for:

  • authentication attempts;
  • automation executions;
  • API calls and webhook activity;
  • device and location metadata;
  • security events, anomalies, or suspicious behaviour.

These logs are used strictly for:

  • security monitoring,
  • fraud detection,
  • debugging,
  • platform reliability analysis.

38. Data Encryption Standards

GEVADE implements encryption standards including:

  • TLS 1.2+ HTTPS for all data in transit;
  • AES-256 or stronger encryption for data at rest;
  • hashed passwords with modern algorithms (bcrypt or equivalent);
  • encrypted API tokens and session keys.

We regularly update these standards in accordance with industry best practice.

39. Data Minimisation & Purpose Limitation

GEVADE collects only the personal information required to operate the CRM platform effectively.

We do not collect unnecessary or excessive data, nor do we use your data for any purpose not outlined in this Policy unless required by law or authorised by you.

40. Data Separation Between Accounts

Each GEVADE CRM customer account is logically isolated. No customer may access another customer’s data.

Internal protections ensure:

  • database row-level isolation;
  • user permission and role enforcement;
  • separate encryption keys (where applicable);
  • restricted internal staff access.

41. CCPA & CPRA (California Residents)

If you are a resident of California, you may have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Your rights may include:

  • Right to know what personal information is collected;
  • Right to request deletion;
  • Right to correct data;
  • Right to access your information;
  • Right to data portability;
  • Right to opt out of certain data sharing.

GEVADE does not sell personal information as defined under CCPA/CPRA.

42. GDPR (EU/EEA & UK Residents)

If you are located in the European Union, European Economic Area or United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR).

Your rights include:

  • Right of access
  • Right to rectification
  • Right to erasure (“Right to be Forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent
  • Right not to be subject to automated decision-making

GEVADE operates with GDPR-aligned safeguards for international users.

43. UK & EU Data Representatives (If Applicable)

Where required by law, GEVADE may appoint EU and UK data representatives. If appointed, their details will be published on this page.

44. Do Not Track (DNT) Signals

GEVADE does not currently respond to DNT browser signals, as there is no universally accepted standard. However, users may manage cookie settings directly through their browser.

45. Social Media Data

When interacting with GEVADE CRM through social platforms (Facebook, Instagram, LinkedIn, TikTok), we may receive:

  • public profile data;
  • contact information you provide;
  • engagement analytics;
  • advertising performance data.

Social platforms process your data according to their own privacy policies.

46. Data Collected from Third-Party Sources

GEVADE may receive personal information from:

  • lead generation partners;
  • data enrichment providers;
  • integrated marketing tools;
  • publicly available business databases;
  • referral users or affiliates.

Such data is processed in accordance with applicable law.

47. Business Transfers & Corporate Transactions

If GEVADE Pty Ltd undergoes:

  • merger,
  • acquisition,
  • restructuring,
  • insolvency proceedings,
  • or business asset sale,

your information may be transferred to a successor entity, subject to confidentiality protections.

48. Limits of This Policy

This Policy does not apply to:

  • third-party websites you access via GEVADE CRM;
  • applications integrated by you or your team;
  • external services that independently collect data.

GEVADE is not responsible for the privacy practices of third parties.

49. Privacy Complaints (Australia)

If you believe your privacy has been breached, contact us first using the details at Section 54. We will investigate and respond promptly.

If unresolved, you may lodge a complaint with the:

Office of the Australian Information Commissioner (OAIC)
Website: https://www.oaic.gov.au
Phone: 1300 363 992

50. Privacy Complaints (International)

International users may have the right to lodge complaints with their relevant data authority:

  • EU: Local Data Protection Authority (DPA)
  • UK: Information Commissioner’s Office (ICO)
  • USA: State Attorney General
  • Canada: Office of the Privacy Commissioner

51. Updates & Changes to This Privacy Policy

GEVADE may update this Policy periodically to reflect:

  • changes in laws;
  • updates to technology;
  • new features or integrations;
  • security improvements;
  • business growth or structural changes.

The “Last Updated” date will always indicate when the latest version took effect. Where required, we may notify users of significant changes via email or platform alerts.

52. Interpretation of This Policy

If any part of this Privacy Policy conflicts with applicable law, the law prevails to the extent of the conflict. The remaining provisions continue to apply.

53. Contact Details — GEVADE Privacy Officer

For privacy enquiries, access, correction or deletion requests, please contact:

GEVADE Pty Ltd – Privacy Officer
Level 30, Westpac House
91 King William St
Adelaide SA 5000
South Australia
Email: [email protected]

54. Acceptance of This Policy

By creating an account, accessing our website or using GEVADE CRM, you acknowledge that you have read, understood and agreed to the terms of this Privacy Policy.

End of GEVADE CRM Privacy Policy