Privacy policy

Kinds of personal information

We may collect identity and contact details (name, email, phone if supplied), the content of your messages, limited technical information (browser type, IP address in server logs where applicable), and marketing or analytics preferences if you provide them in writing or through a future consent mechanism.

How we collect

Information is collected directly from you via forms, email, telephone, or during booked sessions. We do not buy marketing lists.

Purposes of collection, use, and disclosure (APP 3 and APP 6)

We use personal information to respond to enquiries, prepare and deliver roadmap facilitation, invoice and administer accounts, improve our website, comply with law, and—only where you opt in—analytics or marketing activities described in our Cookies policy.

Overseas disclosure (APP 8)

Some subprocessors may store data in jurisdictions outside Australia (for example, email or hosting). Where practicable we use contractual clauses requiring APP-aligned handling. By continuing to use the site after selecting optional analytics or marketing, you acknowledge this risk profile.

Notifiable Data Breaches scheme

If we become aware of unauthorised access, disclosure, or loss of personal information likely to result in serious harm, we will assess the incident under the Notifiable Data Breaches scheme and, where required, notify the Office of the Australian Information Commissioner (OAIC) and affected individuals without undue delay.

Security (APP 11)

We apply reasonable technical and organisational measures including encrypted transport (HTTPS), access controls, least-privilege administration, and vendor review. No online transmission is completely secure; we mitigate risks proportionate to the sensitivity of planning correspondence.

Retention and destruction

Enquiry and client records are retained for up to twenty-four months unless a longer period is required for Australian taxation, superannuation, or corporation law record-keeping, in which case financial fields may be kept up to seven years. Logs, if collected, are rotated after ninety days unless needed to investigate misuse or defend a legal claim. When retention ends, we delete or de-identify information where reasonable.

Access and correction (APP 12 and APP 13)

You may request access to, or correction of, personal information we hold. We will respond within a reasonable period (typically thirty days) unless an exception under the Privacy Act applies. If we refuse, we will explain why and how you may complain.

Complaints (APP 1)

Contact us first using the details above. If you are not satisfied, you may lodge a complaint with the OAIC at oaic.gov.au or on 1300 363 992. Our internal complaints pathway is described at Complaints.

Anonymity and pseudonymity (APP 2)

Where lawful and practicable, you may interact with us using a pseudonym. Some services (for example, invoiced facilitation) require accurate identity details.

Direct marketing (APP 7)

We only send direct marketing if you have consented or if another exception applies. You may opt out at any time using the unsubscribe link in emails or by writing to the address above.

Automated decision-making

We do not use solely automated decision-making that significantly affects individuals.

Individuals in the European Union or United Kingdom

If EU or UK data protection law applies to you, you may have additional rights (including portability or objection). Contact us and we will assess jurisdiction and respond consistent with applicable law.

Children

Our services target adults. If you believe a minor has submitted personal information, contact us and we will take reasonable steps to delete it unless we are required to retain it.

Changes

We will publish updates on this page with a new “last updated” date. Material changes that require fresh consent under Australian law will be collected through an updated consent mechanism.