Helloo
All policies

Data Privacy & Data Handling Policy

This Policy sets out in detail how Helloo.Club, a unit of RemotIQ Pty Ltd (ABN 91 682 628 128), collects, stores, secures, retains, transfers, and governs personal data. It supplements the Privacy Policy (Document 2) and should be read alongside it. Helloo.Club complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the General Data Protection Regulation (GDPR) for users in the European Economic Area.

1. Data Controller and Accountable Entity

The accountable entity for personal data under the Privacy Act 1988 (Cth) is RemotIQ Pty Ltd (ABN 91 682 628 128), ABN 91 682 628 128, with its principal place of business in Perth, Western Australia, Australia. All requests relating to data rights, corrections, or complaints should be directed to the Privacy Officer at privacy@helloo.club.

2. Categories of Personal Data Processed

We process the following categories of personal data:

  • Basic identity and contact data: name, email address, date of birth, country of residence
  • Profile and preference data: interests, language preferences, community memberships, conversation topics
  • Conversation data: message content, AI responses, human agent interaction records, timestamps
  • Connection data: user relationships, matched interests, shared communities
  • Device and technical data: IP address, device identifiers, browser type, operating system, geolocation (city level only)
  • Payment and billing data: subscription tier, billing history, payment method type (held by processor — not stored by us)
  • Behavioural data: feature usage patterns, session duration, click paths, handover requests
  • Safety and moderation data: reports filed, content flags, account sanctions

3. Legal Bases for Processing

We process personal data on the following legal bases:

  • Contract performance: to provide the services you have signed up for
  • Legitimate interests: to improve service quality, detect abuse, and ensure platform safety — balanced against your rights
  • Legal obligation: to comply with Australian taxation, financial reporting, and law enforcement requirements
  • Consent: for non-essential cookies, marketing communications, and any processing beyond the above

4. Data Storage and Infrastructure

All personal data is stored on secure cloud infrastructure hosted in Australia and/or in jurisdictions with equivalent data protection standards. We use reputable third-party cloud providers under contractual data processing agreements. Data is never stored on unsecured or personally owned devices.

5. Security Measures

We implement the following technical and organisational security controls:

  • TLS 1.2 or higher encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Role-based access controls: staff access to personal data is limited to those with a business need
  • Multi-factor authentication for all administrative systems
  • Regular penetration testing and vulnerability assessments
  • Incident response and breach notification procedures
  • Staff training on data privacy and security obligations

6. Data Retention Schedule

We retain personal data only for as long as necessary for the purposes set out in this Policy:

  • Account and identity data: retained while your account is active and for 12 months after account deletion (for fraud and dispute resolution purposes)
  • Conversation data: retained for 24 months from the date of each conversation
  • Connection and community data: retained while your account is active
  • Payment and billing records: retained for 7 years as required under the Income Tax Assessment Act 1997 (Cth)
  • Safety and moderation data: retained for 5 years for legal and regulatory compliance
  • Server and technical logs: retained for 90 days On expiry of the applicable retention period, data is securely deleted or anonymised such that it can no longer be attributed to an individual.

7. Cross-Border Data Transfers

Some of our service providers are located outside Australia, including in the United States and the European Union. When personal data is transferred outside Australia, we ensure that:

  • the recipient country provides a level of privacy protection comparable to the Australian Privacy Principles, or
  • we have binding contractual protections in place with the recipient (such as standard contractual clauses), or
  • you have been informed of the transfer and its risks and have consented We do not transfer personal data to jurisdictions without adequate protections unless a specific exception under the Privacy Act 1988 (Cth) applies.

8. Third-Party Data Processors

We use the following categories of third-party data processors, all subject to written data processing agreements:

  • Cloud hosting and infrastructure providers
  • Payment processing providers (they process payment card data independently under PCI-DSS standards)
  • Analytics and performance monitoring providers (data is anonymised or pseudonymised where possible)
  • Identity and age verification providers
  • Email and notification delivery providers A current list of data processors is available on request from privacy@helloo.club.

9. Data Minimisation and Purpose Limitation

We collect only the personal data that is necessary for the stated purpose. We do not use personal data for purposes that are incompatible with those for which it was collected without obtaining fresh consent or establishing a new legal basis.

10. Data Subject Rights

You have the following rights in relation to your personal data, which we will action within 30 days of a valid request:

  • Right of access: obtain a copy of the personal data we hold about you
  • Right to correction: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data, subject to legal retention obligations
  • Right to restriction: request that we limit the processing of your data in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests
  • Right to withdraw consent: withdraw previously given consent at any time, without affecting the lawfulness of prior processing To exercise any of these rights, contact our Privacy Officer at privacy@helloo.club. If we are unable to resolve your concern, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or, for EEA users, with your relevant national data protection authority.

11. Data Breach Response

In the event of a data breach that is likely to result in serious harm to individuals, we will notify the OAIC and affected individuals as soon as practicable and no later than 30 days after becoming aware of the breach, in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). Notifications will include the nature of the breach, the data involved, and the steps we are taking to address it.

12. AI and Automated Decision-Making

We use AI to personalise conversation experiences and to detect content policy violations. Where automated processing produces decisions that significantly affect you (such as account suspension), you have the right to request human review of that decision by contacting legal@helloo.club.

13. Privacy by Design

Helloo.Club is built with privacy by design principles. Privacy considerations are embedded into product development from the outset. We conduct privacy impact assessments for new features or processing activities that may involve significant personal data or risk.

14. Updates to This Policy

We will notify you of material changes to this Policy via email or in-app notification at least 14 days before they take effect. The current version is always available at https://helloo.club/legal/data-privacy.

15. Contact

Privacy Officer · Helloo.Club, a unit of RemotIQ Pty Ltd · ABN 91 682 628 128 · Perth, Western Australia, Australia · privacy@helloo.club

All policies effective 1 May 2025 · Helloo.Club, a unit of RemotIQ Pty Ltd · Perth, Western Australia, Australia For all legal enquiries: legal@helloo.club · https://helloo.club/legal

Back to all policies