Cookie Policy

TransferToAI Pty Ltd
Last Updated: November 3, 2025
Effective Date: November 3, 2025
Jurisdiction: Australia, Queensland

Cookies are small text files stored on your device (computer, tablet, or mobile phone) when you visit our website. They contain information that helps us recognize you on return visits, understand how you use our platform, and enhance your experience.

Table of Contents

1. What Are Cookies?

2. How We Use Cookies

3. Third-Party Cookies & Partners

4. Free Trial & Dashboard Cookies

5. Your Rights & Choices

6. Cookie Security & Retention

7. Australia-Specific Compliance

8. Changes to This Policy

9. Contact Us

10. Complete Cookie List

1. What Are Cookies?

1.1 Types of Cookies We Use

Session Cookies

• Expire when you close your browser

• Temporary, cleared automatically

Persistent Cookies

• Remain on your device for a set period

• More permanent, until manually deleted or expiry date

First-Party Cookies

• Set by TransferToAI directly

• Our domain only

Third-Party Cookies

• Set by partners like Google, Facebook, Intercom

• External analytics & marketing

1.2 Why We Use Cookies

We use cookies for four main purposes:

1. Essential functionality - Login, authentication, security (required)

2. Analytics - Understanding how users interact with our platform (optional)

3. Marketing - Retargeting ads, campaign tracking (optional)

4. Functional - Remembering your preferences (optional)

2. How We Use Cookies

2.1 Essential Cookies (Required)

Cookie NamePurposeDurationConsent Required?transfersessionidLinks you to your login sessionUntil logoutNOclinicdashboardauthAuthentication token for dashboard12 hoursNOtrialvalidationtokenVerifies trial account statusUntil trial ends (14 days)NOsecuritycsrftokenProtection against CSRF attacksSessionNOapplocaleRemembers your language preference1 yearNO

Impact of blocking essential cookies:

• You cannot disable essential cookies (they are required for the Service to function)

2.2 Analytics Cookies (Optional)

CookiePurposeRetentionProvidergaUser ID for analytics tracking2 yearsGoogle Analytics 4gidSession ID for analytics24 hoursGoogle Analytics 4fbqFacebook analytics pixel (optional)90 daysFacebookhubspotuserhashCRM analytics (optional)1 yearHubSpot

What we measure:

• Anonymized visitor behavior (NOT personally identifiable)

• Aggregated reports only

• Your choice: You can disable analytics cookies anytime without losing platform access

2.3 Marketing Cookies (Optional)

CookiePurposeRetentionProviderfacebookpixelidCross-platform advertising90 daysFacebookgoogleadsconversiontagCampaign performance tracking1 yearGoogle AdsintercomcustomdataCustomer support personalizationSessionIntercomretentionmarketingtokenRetargeting audiences30 daysTransferToAI

Example scenario:
You visit our website (cookie 1), leave without signing up (no action), then see a TransferToAI ad on Facebook later (cookie 2 retargeting).

Your choice: You can disable marketing cookies without losing platform access.

2.4 Functional Cookies (Optional)

CookiePurposeDurationpricingtogglepreferenceRemembers Monthly vs. Annual selection1 yeardashboardthemepreferenceDark mode vs. light mode setting1 yearclinictierselectionRemembers which plan you exploredSessionfeatureflagabtestAB testing for new featuresSession

Your choice: You can disable functional cookies (minor convenience impact).

3. Third-Party Cookies & Partners

We work with external partners who set cookies on our website:

PartnerPurposeCookies SetRetentionOpt-OutGoogle Analytics 4Analytics, user behavior trackingga, gid2 yearshttps://tools.google.com/dlpage/gaoptoutGoogle AdsCampaign performance, retargetinggads, gac1 yearhttps://myadcenter.google.comFacebook PixelCross-platform advertisingfbq, fbp90 dayshttps://www.facebook.com/ads/preferencesIntercomCustomer support, messagingintercom-*Sessionhttps://www.intercom.com/privacyHubSpotCRM, email trackinghubspotutk1 yearhttps://legal.hubspot.com/privacy-policy

Important: Third-party services may transfer data internationally to US servers. However, TransferToAI is not liable for third-party cookie practices, but we contractually require all third-parties to comply with Privacy Act 1988.

3.2 Third-Party Data Compliance

• All third-party vendors have Data Processing Agreements (DPAs)

• All comply with Australian Privacy Act 1988 APP 1

• Data transfer encrypted TLS 1.3

• Patient call recordings DO NOT go to US vendors (stored in Sydney only)

• Encryption in transit and at rest

• Compliance with GDPR principles (even though not mandatory in AU)

• 24-hour breach notification

4. Free Trial & Dashboard Cookies

4.1 Trial Period Cookie Tracking

When you register for the 14-day free trial without entering a credit card:

CookiePurposeExampletrialsessionidLinks you to your specific trialSession ID abc123-xyztrialactivationdateRecords when trial started2025-11-03T14:30:00ZtrialexpirydateCalculates expiry (14 days later)2025-11-17T14:30:00ZclinictierRemembers which plan you selectedProfessional or EnterprisedashboardtokenAuthentication for dashboard accessEncrypted JWT tokenusagemetricsRecords call volume during trialCalls answered, minutes used

Trial period: 14 days from registration date

4.2 Trial Expiry & Automatic Deletion

• Day 14, 23:59 UTC - Trial period ends

• Day 15, 00:00 UTC - Dashboard access revoked (automatic)

• Day 30 - Trial cookies deleted from our servers

• No reminder emails. Trial simply expires; you must upgrade to continue.

4.3 Trial to Paid Conversion

When you purchase a plan during trial:

• trialsessionid replaced with subscriptionid

• Your data, preferences, and settings are NOT lost

• Seamless continuation of service

5. Your Rights & Choices

5.1 Cookie Consent Banner

On your first visit to our website, you see a consent banner with options:

OptionEffectCookies AllowedAccept AllEnables all non-essential cookiesEssential + Analytics + Functional + MarketingPreferencesCustomize which cookies to allowYou choose individuallyRejectOnly essential cookies remainEssential ONLY (no analytics/marketing)Settings linkAdjust anytime in account settingsEdit preferences later

Essential cookies remain active regardless of your choice (required for platform operation).

5.2 Disable Cookies in Your Browser

Chrome:

• Settings → Privacy and Security → Cookies and other site data → Clear cookies for transfertoai.com.au

Safari:

• Preferences → Privacy → Manage Website Data → Remove cookies for transfertoai.com.au

Firefox:

• Preferences → Privacy → Cookies and Site Data → Clear cookies for transfertoai.com.au

Microsoft Edge:

• Settings → Privacy → Cookies and other site data → Clear cookies for transfertoai.com.au

Impact: Some features may not work (e.g., login will fail if session cookies disabled).

5.3 Opt-Out of Analytics & Marketing

Google Analytics Opt-Out:

• Install Google Analytics Opt-Out Browser Extension: https://tools.google.com/dlpage/gaoptout

• Or disable at Google Ad Settings: https://myadcenter.google.com

Facebook Ads Opt-Out:

• Visit Facebook Ads Preferences: https://www.facebook.com/ads/preferences

• Remove TransferToAI from retargeting audience

Google Ads Opt-Out:

• Google Ad Settings: https://myadcenter.google.com

• Disable personalized ads

5.4 Do Not Track (DNT) Browser Signal

How to enable DNT:

Chrome:

• Settings → Privacy → Send Do Not Track requests

Safari:

• Preferences → Privacy → Ask websites not to track me

Firefox:

• Preferences → Privacy → Tell websites I do not want to be tracked

Our commitment: We honor Do Not Track signals for optional analytics and marketing cookies. Essential cookies remain active for platform functionality. Your service is not affected.

6. Cookie Security & Retention

6.1 Cookie Security Standards

Security FeatureImplementationEncryptionAll session cookies use HTTPS TLS 1.3Secure FlagSession cookies marked Secure (HTTPS-only, cannot be transmitted over plain HTTP)HttpOnly FlagSensitive cookies inaccessible to JavaScript (protection against XSS attacks)SameSite AttributeStrict mode (CSRF protection, cookies only sent with same-site requests)ExpirationAutomatic expiry on set date or logout

6.2 Cookie Data Retention

Cookie TypeRetention PeriodDeletion MethodSession/Trial cookiesUntil trial ends (14 days) or logoutDeleted automatically on expiry or logoutAuthentication cookiesUntil logout or 30 days inactivityEncrypted, deleted on logout; auto-logout after 30 min inactivityAnalytics cookies12-24 monthsAnonymized aggregation, no personal data retainedMarketing cookies90 daysDeleted per campaign end date, manually cleared quarterlyFunctional cookies1 yearUser can delete anytime via browser settings

6.3 After Trial Expiry or Account Deletion

When your trial expires or you delete your account:

• Personally identifiable information (PII): Removed immediately

• Analytics data: Anonymized (cannot identify your clinic)

• Marketing cookies: Cleared from our systems

• Cookies on your device: Remain until you manually delete or expire

TransferToAI complies with the Privacy Act 1988, specifically APP 12 & 13.

7. Australia-Specific Compliance

7.1 Privacy Act 1988 & Australian Privacy Principles

We comply with:

APPRequirementHow We ComplyAPP 1Open and transparent management of personal informationThis Cookie Policy published and publicly available; clear explanation of cookies; links to opt-out options providedAPP 3Collection of solicited personal informationCookies collected with explicit consent banner consent; no cookies without user awareness; essential cookies excluded from consent (necessary for service)APP 6Use or disclosure of personal informationCookies used only for stated purposes; no secondary use without consent; no selling of cookie data to third partiesAPP 11Security of personal informationCookies encrypted TLS 1.3; Secure and HttpOnly flags enabled; regular security auditsAPP 13Correction and complaintsContact privacy@transfertoai.com.au for cookie-related inquiries; complaint resolution process within 10 business days

7.2 Notifiable Data Breaches Scheme (NDB)

• Notification timeline: Within 30 days (if practicable) to "serious harm" standard

• Regulatory notification: Office of the Australian Information Commissioner (OAIC)

• Clinic notification: Email/phone call to account administrator

• Details: What data was exposed, mitigation steps taken

8. Changes to This Policy

We may update this Cookie Policy when:

• New cookies or tracking technologies added

• Changes to Australian Privacy Law

• Platform feature updates

• Third-party service changes

Material changes: We will notify you 30 days in advance via email
Minor updates: Published on this page with "Last Updated" date
Continued use after notice period: Acceptance of new policy

9. Contact Us

9.1 Privacy & Cookie Questions

Email: privacy@transfertoai.com.au
Phone: 0468 854 357
Office: Brisbane, QLD, Mon-Fri 9AM-5PM AEST
Website: https://www.transfertoai.com.au

Response time: We aim to respond to all inquiries within 10 business days.

9.2 Regulatory Complaints

Office of the Australian Information Commissioner (OAIC)

You have the right to lodge a privacy complaint with OAIC if you believe we have violated the Privacy Act 1988.

• Email: enquiries@oaic.gov.au

• Phone: 1300 363 992 (Mon-Fri 9AM-5PM AEST)

• Website: https://www.oaic.gov.au

• Postal Address: GPO Box 5218, Sydney NSW 2001

10. Complete Cookie List

10.1 Essential Cookies (Always Active)

Cookie NamePurposeRetentiontransfersessionidAuthenticationSessionclinicdashboardauthDashboard access12 hourstrialvalidationtokenTrial tracking14 dayssecuritycsrftokenCSRF protectionSessionapplocaleLanguage preference1 yearregistrationtimestampTrial start date14 daystrialexpirytimestampTrial end date14 dayssubscriptionstatusAccount status12 monthsuseridencryptedUser identificationSession

10.2 Analytics Cookies (Can Disable)

Cookie NameRetentionga2 yearsgid24 hoursgaXXXXXXXXXX2 years

10.3 Functional Cookies (Can Disable)

Cookie NameRetentiondashboardlanguage1 yearpricingtogglepreference1 yeardashboardthemepreference1 year

10.4 Marketing Cookies (Can Disable)

Cookie NameRetentionfacebookpixelid90 daysgoogleadsconversiontag1 yearintercomcustomdataSessionretentionmarketingtoken30 daysgoogleadsgclid90 days

Summary of Key Points

✅ Your free trial begins immediately upon registration (no cookies required for signup—only email)
✅ Essential cookies required; cannot be disabled (required for platform function)
✅ Analytics & marketing optional; disable anytime via banner or browser settings
✅ Data stays in Australia; call recordings and clinic data hosted in Sydney only
✅ Transparent practices; all third-party vendors have DPAs and comply with Privacy Act 1988
✅ Your rights protected; opt-out options provided for every non-essential cookie
✅ Security priority; TLS 1.3, HTTPS-only, encrypted storage

Last Updated: November 3, 2025
Jurisdiction: Australia, Queensland
Next Review Date: November 3, 2026

By using TransferToAI, you accept this Cookie Policy and our Privacy Policy.