Privacy Policy
Last updated: 13 May 2026
Zami Australia Pty Ltd (ABN 46 696 645 888) (“Zami”, “we”, “us”, “our”) respects your privacy and is committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains:
- What personal information we collect,
- How we use and share it,
- How we keep it safe, and
- The rights you have.
It also includes additional information for individuals in the European Economic Area (EEA), the United Kingdom (UK), and California (US).
1. Scope
This Privacy Policy applies to:
- the Zami business platform (including app.zami.com.au, the Zami delivery app, and any related applications and APIs);
- our marketing website at zami.com.au;
- our documentation site at docs.zami.com.au; and
- communications between you and us (e.g., emails to our support team).
Together, these are referred to as the “Service.”
This Privacy Policy does not apply to third-party websites or services we do not control, even if accessed through the Service.
2. Who we are
For Australian privacy law purposes, the entity responsible for information collected through the Service is:
Zami Australia Pty Ltd ABN 46 696 645 888
26 Teton Court, Highett VIC 3190, Australia
Email: legal@zami.com.au
For the EU and UK General Data Protection Regulation (GDPR), Zami Australia Pty Ltd is the controller for information about visitors to our public sites and direct customers, and is a processor for Customer Data uploaded by our customers.
3. Information we collect
We collect different categories of information depending on how you interact with the Service.
3.1 Information you provide
- Account/profile information: name, email, phone (if provided), encrypted password, profile photo, role, timezone, language.
- Company information: company name, ABN, address, business contacts, logo, branding, settings.
- Billing information: billing name, address, plan, and history. (Payment card details are managed by Stripe.)
- Customer Data: uploaded/generated info may include personal data about your customers, suppliers, or employees (e.g., names, contact details, order history).
- Support communications: messages, screenshots, attachments, or other information provided when you contact support.
3.2 Information we collect automatically
- Usage data: pages visited, features used, clicks, searches, time spent, errors encountered.
- Device/log data: IP address, browser type, operating system, device IDs, referring URL, timestamps.
- Cookies: see section 7 below.
- Location data: delivery addresses, device location (with permission).
3.3 Information from third parties
- Integrated services: if connecting Zami to other software (e.g., Xero, Stripe), we receive what you authorize.
- Payment providers: Stripe shares limited transaction info (e.g., last 4 digits of card).
- Authentication providers: if logging in with a third-party, we receive your name, email, and unique ID.
3.4 Sensitive information
We do not seek to collect sensitive information (e.g., health, religious, political). Please only provide such data when necessary and lawful.
4. How we collect personal information
We collect information:
- Directly: when you sign up, configure your account, use the Service, or contact us;
- Automatically: via cookies, logs, telemetry;
- From third parties and integrations you choose;
- From publicly available sources (e.g., ABN lookup).
Unsolicited information will be assessed and securely destroyed or de-identified if not required or lawful.
5. How and why we use personal information
We use personal information for:
- Providing the Service (contract);
- Billing and payments (contract/legal);
- Customer support (contract/legitimate interest);
- Service improvement (legitimate interest);
- Security and prevention (legitimate interest/legal);
- Communications (contract/legitimate interest);
- Marketing (consent/legitimate interest);
- Legal compliance (legal obligation);
- Enforcement of terms (legitimate interest).
We do not sell personal information.
6. AI and automated processing
Some features use OpenAI (in the US). Inputs you submit (including Customer Data) are sent for processing. Inputs/outputs are not used by OpenAI to train general-purpose models. Do not enter sensitive information unless appropriate.
7. Cookies and similar technologies
We use cookies:
- For session security and preferences (essential/functional),
- For analytics,
- For security.
You may control cookies in your browser. Disabling essential cookies may affect Service operation. We will inform you of any future changes to marketing cookies.
8. When we share personal information
8.1 Service providers (sub-processors):
We use:
- AWS for hosting/storage
- Amazon SES for email
- Stripe for billing
- Intuit (QuickBooks), Xero, MYOB for accounting integrations
- OpenAI for AI
- Google Maps for routing
See our service provider list in the policy for updates.
8.2 Other disclosures
We may disclose information:
- With your direction/consent
- To professional advisers under confidentiality
- To enforce terms/protect rights
- To comply with legal obligations
- In the context of corporate actions (e.g., merger/sale)
8.3 Customer Data
We do not access Customer Data without necessity or your direction, or unless required lawfully.
9. International data transfers
Customer Data is stored in Australia (AWS). Some third-party providers process info outside Australia. We ensure data is protected under comparable standards (e.g., Standard Contractual Clauses for EEA/UK data).
10. How long we keep personal information
We retain information only as long as needed, or as required by law:
- Active accounts: as long as active
- After cancellation: Customer Data deleted after 90 days, backups overwritten within 90 days
- Billing: retained per tax laws
- Support/security logs: typically 12 months
- Marketing: until you unsubscribe
Zami is not responsible for retention within connected accounting systems (e.g., Xero, QuickBooks).
11. How we keep personal information secure
Measures include:
- Encryption in transit and at rest
- Access controls, MFA, audit logging
- AWS infrastructure security
- Secure development/code review
- Staff training
- Incident response procedures
We will notify affected parties and authorities in the event of a serious data breach.
12. Your privacy rights
Under law you have a right to:
- Access, correct, and complain about personal information
EU/UK residents also have rights to erasure, restriction, portability, object/withdraw consent, lodge complaints. California residents have notice of collection, access, delete, correct, opt out (though we do not sell/share such info), and non-discrimination rights. To exercise, contact legal@zami.com.au.
13. Direct marketing
We may send you marketing communications; you may opt out any time. Essential service communications will continue regardless.
14. Children
Zami is for users 18 and over. If you believe a child’s information has been collected, contact us to remove it.
15. Changes to this Privacy Policy
We will update this policy as needed, noting the last update. If changes are material, we will notify users in advance. Continued use means acceptance of any updates.
16. How to contact us
Zami Australia Pty Ltd
26 Teton Court, Highett VIC 3190, Australia
Email: support@zami.com.au
We aim to resolve complaints within 30 days.
If unresolved, contact OAIC (Australia), your EU/UK authority, or the California Privacy Protection Agency.
Legal
Privacy
Terms