Privacy Policy
Version 1.0
Effective Date: 25 March 2026
AI Core CRM Pty Ltd (ACN 670 376 879), trading as Effica (“Effica”, “we”, “us”, or “our”), is committed to protecting the privacy of personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy applies to all users of the Effica platform, including administrators, support workers, participants (where applicable), and visitors to our website.
1. Kinds of Personal Information We Collect
The types of personal information we may collect and hold include:
- Account information: name, email address, phone number, job title, and organisation details
- Billing information: payment method details processed through our secure payment gateway
- Client Data: information uploaded by our clients in the course of using the platform, which may include participant records, rostering data, compliance documentation, and service delivery notes
- Device and usage data: IP address, browser type, operating system, time zone, and platform navigation activity
- Integration data: limited information required to connect Effica with third-party services (e.g. Xero, MYOB, QuickBooks), such as authentication tokens
- App-specific data: with your permission, our mobile applications may access device features such as camera, location services, and microphone for features including signature capture, maps, and photo attachments
We may also collect sensitive information (such as health or disability information) where it is uploaded by our clients as part of their service delivery. Collection and handling of sensitive information is subject to the additional protections under APP 3.
2. How We Collect Personal Information
We collect personal information through the following means:
- Directly from you when you register an account, contact us, or use the platform
- From your employer or organisation when they set up your user account
- Automatically through cookies, server logs, and similar technologies when you interact with our platform or website
- From third-party integrations you or your organisation authorise
Where practicable, we collect personal information directly from the individual concerned. We will not collect personal information unless it is reasonably necessary for, or directly related to, our functions or activities.
3. Purposes of Collection, Use, and Disclosure
We collect, hold, use, and disclose personal information for the following purposes:
- Providing, operating, and improving the Effica platform and related services
- Authenticating users and maintaining account security
- Processing payments and managing subscriptions
- Providing implementation, onboarding, and support services
- Communicating with you about your account, system updates, and security notices
- Generating aggregated or anonymised analytics and benchmarking (which does not identify individuals)
- Complying with legal obligations, including the Notifiable Data Breaches (NDB) scheme
We may send you promotional communications about Effica products and features. You can opt out of promotional messages at any time by using the unsubscribe link in any email or by contacting us.
4. Disclosure of Personal Information
We may disclose personal information to:
- Service providers: third-party providers who assist us with hosting, payment processing, analytics, and operational services, under strict contractual obligations to protect personal information
- Your organisation: if you are an Organisation User, certain information may be visible to your organisation’s administrators
- Regulatory authorities: where required by law or in response to lawful requests from government agencies, including the OAIC
- Professional advisers: legal, accounting, or insurance advisers where necessary
We do not sell personal information to third parties.
5. Overseas Disclosure
Effica hosts all Client Data in data centres located in Australia. We do not transfer personal information to overseas recipients as part of our standard operations.
If this position changes in the future, we will update this Privacy Policy and take reasonable steps to ensure that overseas recipients handle personal information in accordance with the APPs.
6. Data Ownership
All data uploaded by a client (“Client Data”) remains the property of that client. Effica has no ownership rights over Client Data. We process Client Data only to deliver and improve the Services, as set out in our Terms and Conditions.
7. Cookies and Tracking Technologies
Effica uses cookies and similar technologies to:
- Store session identifiers and authentication tokens
- Record usage patterns and platform navigation
- Improve platform performance and user experience
You can manage cookie preferences through your browser settings. Disabling cookies may affect certain platform functionality.
8. Data Security
Effica is certified to ISO/IEC 27001:2022, the international standard for information security management. This certification demonstrates our commitment to maintaining robust administrative, technical, and physical controls to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
Our security measures include:
- Encryption of data in transit and at rest
- Access controls and role-based permissions
- Continuous monitoring and regular security audits
- Staff training on data handling and privacy obligations
While no system is entirely risk-free, Effica applies internationally recognised best practices and continuous improvement to strengthen its security posture.
9. Notifiable Data Breaches
Effica complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth).
In the event of a confirmed data breach that is likely to result in serious harm, Effica will:
- Notify affected clients within 72 hours of confirmation
- Provide details of the breach, the information involved, and actions taken to mitigate harm
- Notify the Office of the Australian Information Commissioner (OAIC) as required by law
- Take all reasonable steps to contain the breach and prevent recurrence
10. Automated Decision-Making
Effica may deploy algorithms, artificial intelligence, or machine learning tools to assist with platform features such as rostering optimisation, compliance monitoring, and operational analytics. These tools are assistive in nature and are not intended to replace professional judgment.
Where automated processes are used in a way that could significantly affect an individual’s rights or interests, human oversight is applied.
11. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access: Request access to the personal information we hold about you (APP 12)
- Correction: Ask us to correct personal information that is inaccurate, out of date, incomplete, or misleading (APP 13)
- Deletion: Request deletion of your personal information where it is no longer needed for the purpose it was collected, subject to any legal retention obligations
- Anonymity: Where practicable, you may interact with us without identifying yourself or by using a pseudonym (APP 2)
- Withdraw consent: Where we rely on your consent to process personal information, you may withdraw that consent at any time by contacting us or adjusting your account settings
To exercise any of these rights, please contact us at support@effica.com.au. We will respond to your request within 30 days.
12. Data Retention
We retain personal information only for as long as it is reasonably necessary to fulfil the purposes for which it was collected, or as required by law.
Upon termination of a client’s subscription, Client Data will remain accessible for 30 days for export. After 30 days, Effica may permanently delete the data unless otherwise agreed in writing. This is consistent with our Terms and Conditions (Section 6.6).
When personal information is no longer needed and no legal obligation requires its retention, it will be securely destroyed or de-identified in accordance with APP 11.
13. Minors and Guardianship
If a user is under 18 years of age or subject to guardianship, Effica requires verifiable consent from a parent, guardian, or authorised representative before collecting their personal information. We may request documentation verifying the authority of the consenting person.
14. Complaints
If you believe we have breached the Australian Privacy Principles or have a concern about how we handle personal information, you may lodge a complaint by contacting us at support@effica.com.au.
We will acknowledge your complaint within 7 days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Online: www.oaic.gov.au/privacy/privacy-complaints
- Phone: 1300 363 992
- Mail: GPO Box 5218, Sydney NSW 2001
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The most current version will always be available on our website at effica.com.au/privacy-policy.
Where changes are material, we will notify affected users by email or through the platform before the changes take effect.
16. Contact Us
For any questions, requests, or complaints regarding this Privacy Policy or how we handle personal information, please contact us:
AI Core CRM Pty Ltd, trading as Effica
Unit 2, 59 Pennington Terrace, North Adelaide SA 5006
Email: support@effica.com.au
Phone: 1300 019 982
Website: effica.com.au
© 2026 AI Core CRM Pty Ltd, trading as Effica. All rights reserved.