Privacy Policy

1. Purpose and scope

This Privacy Policy explains how we collect, use, store and disclose personal information, and how you can access or correct it. We aim to comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and relevant guidance issued by the Office of the Australian Information Commissioner (OAIC).

This policy applies to our website, marketing, client services, events, and any tools or platforms we use in delivering services.

2. What “personal information” means

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

We may also handle sensitive information in limited circumstances (for example, where you voluntarily provide it). We generally do not request sensitive information.

3. What information we collect

We may collect the following types of information:

1. Identity and contact information: name, email, phone, business name, role, company details.
2. Commercial and relationship information: enquiry details, meeting notes, proposals, contracts, billing contacts, payment and invoicing details.
3. Service and performance information: information needed to deliver our services, which may include business performance data, advertising account information, analytics, ecommerce data and customer insights (only where you or your organisation authorises access).
4. Website and device information: IP address, device identifiers, browser type, pages visited, session behaviour, referral source, cookies and similar technologies.

4. How we collect information

We collect information when you:

1. submit a form, request a proposal, sign up for updates, or contact us
2. engage us for services or communicate with our team
3. authorise access to platforms (for example, Meta, Google, Shopify, Klaviyo, analytics tools)
4. browse our site (cookies/analytics)

We may also receive information from third parties where lawful and where you’ve consented or would reasonably expect it (for example, your colleagues, authorised platform integrations, or service providers).

5. Why we collect and use personal information

We use personal information to:

1. respond to enquiries and deliver services
2. manage contracts, invoicing and payments
3. operate, maintain and improve our services and website
4. communicate with you about service delivery, updates, or opportunities (you can opt out anytime)
5. meet legal, regulatory, and risk management obligations (including record keeping, disputes, and fraud prevention)

6. Legal basis and “reasonable expectation”

Where required, we will collect and use personal information with consent. Otherwise, we handle personal information where it is reasonably necessary for our functions and activities and consistent with the APPs.

7. AI, automation and generative tools

We may use AI-enabled tools to improve internal productivity (for example, drafting, summarising, transcription, analysis and workflow automation). The Privacy Act applies to uses of AI involving personal information, and we approach AI with privacy-by-design controls.

Our AI safeguards include:

1. Data minimisation: we do not input personal information into AI tools unless it is necessary for a legitimate purpose connected to service delivery.
2. Client confidentiality controls: we apply need-to-know access and avoid placing client data into public AI tools where terms may allow broader reuse.
3. No “training” promise (client-safe): we do not intentionally use your confidential client datasets to train proprietary AI models. If we ever planned to, we would only do so with explicit written agreement.
4. Human review: AI outputs may be wrong or incomplete. We apply human review, especially where outputs could affect customers, individuals, legal/contract outcomes, or financial decisions.
5. Prompt and upload hygiene: we train staff to avoid pasting unnecessary identifiers (names, emails, phone numbers, addresses, account IDs) into AI tools.
6. Vendor risk checks: we assess AI vendors and configurations (including retention, access controls and logging) where those tools touch personal information.

If we use automation or profiling that materially affects individuals, we will describe that in an updated version of this policy and/or relevant notices as required by law (noting that reforms around automated decision transparency have phased timing).

8. Disclosure of personal information

We may disclose personal information to:

1. our employees and contractors who need it to do their job
2. service providers we use to run the business (for example, hosting, email, CRM, analytics, finance, workflow tools)
3. professional advisers (lawyers, accountants, auditors)
4. regulators, courts, law enforcement, or government agencies where required or authorised by law

We do not sell personal information.

9. Overseas disclosure

Some providers we use may store or process data outside Australia (commonly the United States, EU, or other regions). Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place consistent with the APPs (for example, contractual protections and vendor due diligence).

10. Security and retention

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Our controls may include access management, MFA where available, least-privilege permissions, encryption in transit, secure backups, monitoring, staff training, and vendor due diligence.

We retain personal information only for as long as needed for the purposes described in this policy (and as required by law), then we delete or de-identify it where reasonable.

11. Data breaches and notifications

If we suspect a data breach, we investigate promptly and take steps to reduce harm. Where we are subject to the Notifiable Data Breaches (NDB) scheme and an eligible data breach occurs, we will notify affected individuals and the OAIC as required, and we aim to complete assessments within the required timeframe.

12. Cookies, analytics and tracking

We use cookies and similar technologies to operate our website and understand usage. You can control cookies through your browser settings. If you disable cookies, parts of the website may not function as intended.

13. Direct marketing

We may send marketing communications. You can opt out at any time via the unsubscribe link or by contacting us. We aim to comply with applicable Australian marketing and spam rules.

14. Access and correction

You can request access to personal information we hold about you and request corrections if it is inaccurate, out of date, incomplete, irrelevant or misleading. Contact us using the details below.

15. Complaints

If you believe we have mishandled your personal information, contact us and we will investigate and respond within a reasonable time. If you are not satisfied, you may lodge a complaint with the OAIC.

16. Updates to this policy

We may update this Privacy Policy from time to time. The latest version will be published on our website with the updated date.

17. Contact