Legal

Privacy Policy

Effective Date: April 4, 2026

This Privacy Policy explains how Green Weka ("we", "us", or "our") collects, uses, stores, and protects your personal information. We are committed to protecting your privacy and ensuring transparency in how your data is handled, in strict accordance with the New Zealand Privacy Act 2020 and the requirements of the Apple iOS App Store.

By using the Green Weka app, voice agent, and web dashboard, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

To provide our AI-assisted call, email, and business management services, we collect the following types of information:

  • Account & Profile Information: When you sign up, we collect your first and last name, email address, mobile number, country, and current telecommunications provider.
  • Communications Data: We facilitate and capture your business communications. This includes:
    • Audio Recordings & Voicemails: Audio from inbound and outbound calls, dictations, and voicemails.
    • Transcripts & Text: Transcriptions of your calls, WhatsApp messages, and SMS texts.
    • Email Data (opt-in): If you connect a Gmail or other email account, we access and ingest the following data from your inbox: sender and recipient addresses, message subject lines, message body text, timestamps, and the content of attachments (such as PDFs, documents, and images) where relevant to your business. We do not access draft folders, and we do not access emails sent or received prior to the date you connect your account unless you explicitly request a historical backfill. For full details of how email data from Google accounts is handled, see Section 3 below.
  • Contact Book Data: If you grant the app permission to access your device's contacts, we upload contact names, phone numbers, and email addresses. We do not collect contact photos, notes, physical addresses, birthdays, or other fields. This data is used solely to identify callers and message senders and to associate your communication history with the correct person. Contact data is stored securely in our Cloudflare D1 database, encrypted at rest, and is strictly private to your individual account — it is never visible to, shared with, or matched against the data of other Green Weka users. You can revoke contacts access at any time from within the app. When revoked, contacts with no associated communication history are permanently deleted; remaining contacts are retained with their history but are no longer linked to your device's address book.
  • Business & CRM Data: If you connect third-party integrations (like Fergus), we access job details, site notes, and schedules to enable the AI voice agent to assist you with operations.
  • Device & Technical Information: We collect device identifiers and Apple Push Notification service (APNs) tokens to reliably route incoming VoIP calls to your device.
  • Device Permissions: The app requests access to your device microphone solely to enable VoIP calling, voicemail recording, and the dictation feature. Microphone access is never used in the background.

2. How We Use Your Information

We use the data we collect solely to provide and improve the Green Weka service. Specifically, we use your data to:

  • Route phone calls, voicemails, and messages to your device.
  • Transcribe audio and utilise Artificial Intelligence (AI) to generate call summaries, extract actionable tasks, and schedule calendar events.
  • Build a searchable, private knowledge base of your business communications (via secure vector embeddings).
  • Send you notifications, daily briefings, and alerts regarding your account.
  • Process dictations and automatically log site notes or draft quotes in your connected CRM.
  • Classify inbound emails and WhatsApp messages, extract job references, and surface relevant information through your dashboard and AI agent.

Strict Access Policy: Your data is processed entirely by automated systems. Green Weka staff do not access, listen to, or read your private communications, transcripts, or emails unless explicitly requested by you for technical support.

3. Google API Services — Limited Use Policy

Green Weka's use of information received from Google APIs (including the Gmail API) complies with the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Declaration: Green Weka's access to Google user data is limited to the practices described in this Privacy Policy. We do not use Google user data for any purpose other than providing and improving the features described herein that are visible to the user.

Specifically, with respect to data obtained via Google APIs, Green Weka:

  • Only reads what is necessary: We request read-only access to your Gmail inbox (gmail.readonly) to retrieve messages that may relate to your business operations. We do not request write access and cannot send, modify, or delete emails on your behalf.
  • Does not use data for advertising: Google user data is never used to serve you advertisements, and is never used to build advertising profiles.
  • Does not use data to train AI models: Data obtained from your Gmail account is not used to train any general-purpose AI or machine learning model — neither our own nor any third party's. When data is passed to AI sub-processors (such as OpenAI) for the purpose of classification or summarisation, it is processed under enterprise data processing agreements that prohibit use for model training.
  • Does not sell or transfer data: Google user data is never sold, rented, or transferred to third parties except to sub-processors strictly necessary to deliver the service (listed in Section 4), and only to the extent required for that purpose.
  • Does not allow humans to read your email: Access to your Gmail data by Green Weka personnel is prohibited except in the narrow circumstance where you explicitly request technical support and provide consent for us to review specific messages in order to diagnose a problem.

You may disconnect your Gmail account at any time from the Green Weka dashboard. Disconnecting immediately revokes our access token. Synced email data retained in our systems can be deleted on request — see Section 7 for details.

4. Third-Party Service Providers

To provide our advanced features, Green Weka utilises highly secure third-party infrastructure and AI processors. Your data is shared with these sub-processors only to the extent necessary to perform their specific functions:

  • Telephony & Messaging: Twilio (for routing calls, SMS, and WhatsApp messages).
  • AI & Machine Learning: OpenAI (for summarisation, intent parsing, and embeddings), AssemblyAI and Deepgram (for speech-to-text transcription), and ElevenLabs (for text-to-speech voice generation).
  • Cloud Infrastructure: Cloudflare (for secure hosting, database, and R2 object storage) and Supabase (for secure user authentication).
  • Real-time Audio: LiveKit (for powering the real-time AI voice agent).
  • Integrations (Opt-in only): Google (Gmail API) and Fergus (CRM API). Additional email integrations may be offered in future and will be disclosed here when available.

Note: Data sent to our AI partners (like OpenAI) is processed via enterprise API agreements that prohibit the use of your data for training their public AI models.

5. Data Sharing and Disclosure

We will never sell, rent, or trade your personal information or communication data to data brokers, marketers, or any third party.

We will only disclose your data if legally compelled to do so by a valid New Zealand court order, warrant issued by law enforcement, or to comply with the New Zealand Privacy Act 2020.

6. Call Recording Compliance

Green Weka provides automated call recording features. You are responsible for complying with your local jurisdiction's laws regarding call recording. To assist you, Green Weka provides customisable inbound and outbound audio compliance messages (e.g., "This call is recorded"), as well as settings to disable recording (do_not_record) or bypass announcements for specific contacts.

7. Data Retention and Deletion

You retain full control over your data.

  • Manual Deletion: You can delete specific call records, dictations, voicemails, or contacts at any time directly through the Green Weka dashboard.
  • Account Deletion: You may request complete account deletion from within the app settings. Initiating this process changes your account status to DELETION_REQUESTED, which immediately logs you out and queues your account, personal data, and all associated media for permanent removal from our servers.
  • Email Integration Data: If you disconnect a connected email account (e.g. Gmail), your OAuth access token is immediately revoked. Email messages previously synced to Green Weka are retained in your account unless you explicitly request their deletion. To request deletion of all synced email data, contact us at the address in Section 11. We will complete this within 30 days.
  • Contacts Sync Revocation: When you revoke contacts sync permission, contacts imported from your device that have no communication history in Green Weka are permanently deleted. Contacts with existing call, email, or message history are retained but downgraded to system-inferred contacts and are no longer linked to your device address book.
  • Contacts Retention Period: Contact data (names, phone numbers, and email addresses imported from your device) is retained for the duration of your active subscription. Upon account deletion, all contact data is permanently removed from our servers within 30 days as part of the standard account deletion process described above. You may also request deletion of all contact data at any time without requiring full account deletion by contacting us at the address in Section 11.

8. Security

We take the security of your data seriously. All communications between your device and our servers, as well as data at rest (including R2 audio archives and D1 databases), are encrypted. We utilise Cloudflare Turnstile to prevent automated abuse during signup and secure JWTs for all API and Voice Agent authentication.

OAuth access tokens for connected email accounts are stored encrypted at rest and are never logged or transmitted in plain text. Token refresh and revocation are handled automatically in accordance with each provider's security requirements.

9. Your Privacy Rights

Under the New Zealand Privacy Act 2020, you have the right to:

  • Ask for a copy of the personal information we hold about you.
  • Ask for it to be corrected if you think it is wrong.
  • Request deletion of specific categories of data (such as synced email data) without requiring full account deletion.
  • Revoke access to any connected integration (Gmail, Fergus, etc.) at any time from within the app.

If you wish to exercise these rights, or if you have any questions about how your data is handled, you can contact us at any time.

If you believe we have failed to handle your personal information in accordance with the New Zealand Privacy Act 2020 and we have been unable to resolve your concern, you have the right to make a complaint to the Office of the Privacy Commissioner at privacy.org.nz.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our technology, features, or legal requirements. We will notify you of any material changes by posting the new Privacy Policy within the app and updating the "Effective Date" at the top of this document.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:

Email: [email protected]