This Privacy Policy applies to personal information we collect through:

• our website and landing pages;
• contact forms, quote forms, audit forms, booking forms and support forms;
• emails, phone calls, messages and social media enquiries;
• client onboarding, project delivery and account management;
• our WordPress plugins, software tools and support systems;
• maintenance, troubleshooting and support access to client websites;
• analytics, logs, backups, billing and operational systems.

This policy does not automatically cover every client website or every plugin installation operated by third parties. Where required, a client or plugin operator should also maintain their own privacy policy for their own collection and handling of data.

3.1 Information you provide directly

• name, business name and job title;
• email address, phone number and postal address;
• project details, business requirements and support requests;
• billing details and transaction information;
• content, files, images, plugin settings or materials you send to us;
• account credentials or temporary access details you choose to provide for support purposes;
• any other personal information you include in communications with us.

3.2 Information collected automatically

• IP address and approximate location data;
• browser type, operating system and device information;
• referring pages, visited pages, dates, times and usage patterns;
• cookies, session data and analytics identifiers;
• server logs, error logs, performance logs and security logs.

3.3 Information we may handle for clients

In the course of developing websites or plugins, we may incidentally access or process personal information stored within a client’s website, CRM, form system, ecommerce store, membership area, support desk, or database. In many of those cases, the client remains the primary party responsible for that information and we act only as a service provider, contractor or technical support provider.

We collect personal information in a number of ways, including when you:

• submit a form on our website;
• contact us by email, phone, SMS or social media;
• request a quote, proposal, consultation or support service;
• purchase or enquire about a plugin, build, care plan or related service;
• use our website, client portals, plugin interfaces or support tools;
• provide website logins, hosting access, FTP/SFTP access, cPanel access, or WordPress administrator access;
• interact with our newsletters or marketing communications;
• participate in a survey, review or feedback request.

We may also collect limited information from public sources, business directories, social profiles, or third-party providers where reasonably necessary for quoting, verification, fraud prevention, support, or project delivery.

We collect, hold, use and disclose personal information for purposes including to:

• respond to enquiries and provide quotes or proposals;
• deliver website development, plugin development and related services;
• install, configure, test, maintain and support websites or plugins;
• communicate with clients and users about jobs, updates, issues or support matters;
• process invoices, payments, subscriptions and renewals;
• improve our website, plugins, systems, offers and support processes;
• monitor security, detect fraud, prevent misuse and maintain platform integrity;
• comply with legal, tax, accounting and record-keeping obligations;
• send service updates and, where permitted, marketing communications.

Our website may use cookies, pixels, local storage and similar technologies to run the site, remember preferences, improve performance, understand usage, and support security.

These tools may collect information such as:

• pages visited and time spent on pages;
• navigation paths and button clicks;
• browser and device details;
• IP address and approximate region;
• session behaviour and referral sources.

You may be able to disable cookies through your browser settings. However, parts of the site may not function properly if you do so.

Common services we may use

Because we develop and support WordPress websites and plugins, our role can vary depending on the project.

7.1 When we act for our own business

We are responsible for the personal information we collect through our own website, forms, customer communications, accounts and support channels.

7.2 When we act for a client

Where we build, maintain or troubleshoot a client website or plugin, we may access information stored in that system solely to deliver the agreed services. In those cases:

• the client may control the website or plugin and decide what data is collected;
• we only access information as reasonably necessary for development, support, migration, testing or maintenance;
• we expect clients to maintain their own privacy disclosures to their end users where required.

7.3 Support access and credentials

If you provide us with admin logins, hosting access, FTP/SFTP credentials, API keys or similar access details, we will use them only for authorised work, keep them confidential, and restrict access as reasonably practical. We recommend all clients use temporary accounts, strong passwords and two-factor authentication where available.

7.4 Testing and staging

We may create staging copies, test environments, backups or temporary development environments. Where possible, we aim to minimise real personal information in test systems and to secure those environments appropriately.

We may disclose personal information to third parties where reasonably necessary, including:

• hosting providers, domain registrars and infrastructure providers;
• email, CRM, payment, accounting and invoicing providers;
• security, anti-spam, monitoring, analytics and backup providers;
• subcontractors, developers, designers or technical specialists engaged on a confidential basis;
• professional advisers such as accountants, insurers or legal advisers;
• law enforcement, regulators, courts or government bodies where required or authorised by law;
• a buyer or successor in connection with a sale, restructure or transfer of all or part of our business.

We do not sell personal information as a standalone product.

Some of our service providers may store or process data outside Australia. This can happen where we use cloud hosting, email services, backup providers, analytics tools, developer platforms, payment services, helpdesk software or other third-party systems.

Depending on the providers we use from time to time, countries may include [insert countries if known, e.g. Australia, United States, Singapore, European Union countries].

While we take reasonable steps to work with reputable providers, overseas storage or processing may mean personal information is handled in jurisdictions with different privacy protections to Australia.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.

Measures may include:

• secure passwords and access controls;
• restricted admin privileges;
• two-factor authentication where available;
• secure hosting and encrypted connections (such as HTTPS/SSL);
• software updates, backups and security monitoring;
• limiting staff or contractor access on a need-to-know basis;
• confidentiality practices for support and project work.

No method of transmission or storage is completely secure. Because of this, we cannot guarantee absolute security.

We keep personal information only for as long as reasonably necessary for the purpose it was collected, including for service delivery, support history, security, accounting, tax, legal and dispute-resolution purposes.

When personal information is no longer reasonably required, we may delete it, destroy it, de-identify it, archive it securely, or remove access to it, subject to legal and operational requirements.

Backups and archived materials may continue to exist for a period after deletion in accordance with our backup and disaster recovery practices.

You may request access to personal information we hold about you, and you may ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading.

To request access or correction, please contact us using the details below and provide enough information to identify you and the relevant records.

We may need to verify your identity before processing your request. In some circumstances permitted by law, we may refuse access or decline a correction request, in which case we will explain the reasons in writing where required.

We may send you marketing or promotional communications about our services, plugins, maintenance plans, offers, updates, articles or resources where permitted by law or where you have consented.

You can opt out of marketing communications at any time by using the unsubscribe link, replying with an opt-out request, or contacting us directly.

Service emails relating to active projects, invoices, security issues, support matters or important account information may still be sent where necessary.

If we become aware of a suspected or actual data breach, we will assess the incident promptly and take steps reasonably available to contain, investigate and remediate it.

Where applicable law requires notification, we will notify affected individuals and relevant authorities as required.

If you believe we have breached your privacy or mishandled your personal information, please contact us in writing with full details of your complaint.

We will review the matter and aim to respond within a reasonable timeframe. We may ask for further information so we can properly investigate your complaint.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner (OAIC).

We may update this Privacy Policy from time to time to reflect changes to our business practices, legal obligations, technologies, services or risk profile.

The latest version will be published on our website with an updated “Last updated” date.