Legal

Privacy Policy

Last updated: 30 March 2026

1. Who we are

This Privacy Policy applies to Webstallion Co (ABN 42 852 391 887), a web design studio based in Macquarie Park, NSW, Australia. We build websites for Australian small businesses.

For any questions about this policy or how we handle your information, contact us at [email protected].

2. What information we collect

We collect personal information only when you provide it to us directly or when it is collected automatically through our website.

Information you provide:

  • Contact form and booking enquiries: your name, email address, phone number, and business name when you enquire about our services or book a discovery call.
  • Project communications: information you share during a project engagement — business details, branding assets, content, staff names and photos for your website.
  • Invoicing details: your name, business name, ABN, and billing address for the purpose of issuing invoices and receiving payment.

Information collected automatically:

  • Analytics data: anonymised, aggregated data about how visitors interact with our website — pages visited, time on site, approximate location by country, referring source. This data is not linked to any identifiable individual.
  • Server logs: basic request metadata (IP address, browser type, device type) collected by our hosting provider as part of standard web infrastructure.

We do not collect sensitive information such as health data, financial account numbers, credit card details, or government identifiers.

3. How we use your information

We use personal information only for the purpose for which it was provided:

  • To respond to your enquiry and discuss your project requirements.
  • To deliver the agreed web design or development services.
  • To issue invoices and process payment via bank transfer.
  • To send project updates, milestones, and follow-up communications related to your engagement.
  • To send marketing communications about our services, where you have opted in or where we have a legitimate existing business relationship. You can opt out at any time.
  • To improve our website using anonymised analytics data.

We will never sell, rent, or trade your personal information to third parties.

4. Who we share your information with

We do not share your personal information with any third parties for their own purposes. Your information may be processed by the following services solely to deliver our services to you:

  • Cal.com: for scheduling discovery calls (receives your name and email). See Cal.com's Privacy Policy.
  • Cloudflare: our hosting provider (processes server request data). See Cloudflare's Privacy Policy.
  • Google Analytics: for anonymised website usage analytics. Configured with IP anonymisation. See Google's Privacy Policy.
  • Ahrefs: for anonymised website analytics and search performance monitoring. See Ahrefs' Privacy Policy.
  • Your bank or financial institution: to the extent necessary to process bank transfer payments.

We do not use subcontractors or outsource any part of our client projects.

5. Overseas data transfers

Some of the third-party services listed above are based outside Australia:

  • Cal.com — United States
  • Cloudflare — United States (with global edge network)
  • Google (Analytics) — United States
  • Ahrefs — Singapore / European Union

By using our website or engaging our services, you acknowledge that some of your data may be processed in countries outside Australia. These providers maintain their own privacy and security standards. We take reasonable steps to ensure that overseas recipients handle your information in accordance with the Australian Privacy Principles.

6. Cookies and browser storage

We keep our use of cookies and browser storage minimal.

  • Theme preference: our website stores a single item in your browser's localStorage to remember your light/dark theme choice. This data never leaves your device.
  • Third-party cookies: Google Analytics and Cloudflare may set their own cookies in accordance with their respective privacy policies. We do not use advertising cookies or tracking pixels.

You can clear cookies and localStorage at any time through your browser settings.

7. Marketing communications and the Spam Act 2003

We may send you marketing communications about our services if:

  • You have explicitly opted in to receive them, or
  • We have an existing business relationship with you and the communications relate to similar services.

Every marketing email will include a clear and functional unsubscribe link. If you opt out, we will stop sending marketing communications within 5 business days. This does not affect transactional communications related to an active project.

We comply with the Spam Act 2003 (Cth) and will never send unsolicited commercial messages without consent.

8. Data security

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification, or disclosure.

Our security measures include:

  • All data transmitted through our website is encrypted via HTTPS/TLS.
  • Website files are hosted on Cloudflare Pages with built-in DDoS protection and edge security.
  • Access to client project files is restricted to authorised personnel only.
  • We do not store credit card or payment card information.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Data retention

  • Enquiry and contact form data: retained for up to 2 years from the date of initial contact, then securely deleted.
  • Project files and communications: retained for the duration of the project and for up to 2 years thereafter for record-keeping and support purposes.
  • Invoicing records: retained for 7 years in accordance with Australian tax law (Income Tax Assessment Act 1997).
  • Analytics data: anonymised and aggregated — not linked to individuals and retained indefinitely.

After the applicable retention period, personal information is securely deleted or de-identified.

10. Children's privacy

Our services are directed at businesses, not individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without appropriate consent, we will take steps to delete it promptly.

11. Your rights under the Privacy Act

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Correction of any personal information that is inaccurate, out of date, or incomplete.
  • Deletion of your personal information, subject to any legal obligations we may have to retain it (such as tax records).
  • Opt out of marketing communications at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with how we handle your request, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

13. Contact and complaints

For any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information:

Webstallion Co
ABN 42 852 391 887
[email protected]
+61 422 544 449
Macquarie Park, NSW 2113