Cradicle Explorer
333Method
/ docs / 09-business / privacy-policy.md
privacy-policy.md
  1  # Privacy Policy
  2  
  3  **Effective Date:** 1 March 2026
  4  **Last Updated:** 3 March 2026
  5  
  6  > **Note:** This document mirrors the live privacy policy in the website repo (`privacy.php`). The PHP file is the canonical source of truth. Keep this in sync when making changes.
  7  
  8  **Audit&Fix** ("we", "us", "our") operates www.auditandfix.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
  9  
 10  ---
 11  
 12  ## 1. Information We Collect
 13  
 14  ### 1.1 Information You Provide
 15  
 16  When you purchase or use our Service, we collect:
 17  
 18  - **Email address** – To deliver your CRO audit report and send transaction receipts
 19  - **Phone number** (optional) – If you choose to provide it
 20  - **Website URL** – The website you want us to analyse
 21  - **Payment information** – Processed securely by PayPal (we do not store card details on our servers)
 22  
 23  ### 1.2 Information Automatically Collected
 24  
 25  We automatically collect limited technical information:
 26  
 27  - **Discount timer cookie** (`af_deal_expires`) – A first-party cookie set on your first visit to remember whether your welcome discount is still active. Contains only a timestamp; expires within ~20 minutes.
 28  - **Email tracking pixel** (Resend.com) – To detect if you opened our delivery emails. You can opt out by disabling image loading in your email client.
 29  - **Server access logs** – Standard web server logs (IP address, browser type, page requested) retained for 30 days for security purposes.
 30  
 31  We **do not** use website analytics software, advertising trackers, or social media pixels.
 32  
 33  ### 1.3 Social Media
 34  
 35  If you contact us via social media (X/Twitter, LinkedIn), we may view your public profile information visible on those platforms.
 36  
 37  ---
 38  
 39  ## 2. How We Use Your Information
 40  
 41  We use your information to:
 42  
 43  - **Deliver the Service** – Generate and email your CRO audit report
 44  - **Process payments** – Via PayPal (PCI-DSS compliant)
 45  - **Provide customer support** – Respond to enquiries and resolve issues
 46  - **Send transactional emails** – Order confirmations and delivery notifications. No marketing emails.
 47  
 48  We **do not** sell, rent, or share your personal information with third parties for marketing purposes.
 49  
 50  ---
 51  
 52  ## 3. Legal Basis for Processing (GDPR)
 53  
 54  For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under:
 55  
 56  - **Contract performance** – To fulfil our agreement to deliver your report (Art. 6(1)(b) GDPR)
 57  - **Legitimate interests** – Server security logs and fraud prevention (Art. 6(1)(f) GDPR)
 58  - **Consent** – For email tracking pixels (opt out by disabling images)
 59  
 60  ---
 61  
 62  ## 4. Data Retention
 63  
 64  - **Email and purchase records** – 7 years (Australian tax compliance)
 65  - **Website analysis data** – 90 days after report delivery, then permanently deleted
 66  - **Payment information** – Stored by PayPal; see [PayPal Privacy Policy](https://www.paypal.com/webapps/mpp/ua/privacy-full)
 67  - **Server access logs** – 30 days
 68  
 69  ---
 70  
 71  ## 5. Your Rights
 72  
 73  Under the Australian Privacy Act 1988 and GDPR, you have the right to:
 74  
 75  - **Access** – Request a copy of your personal data
 76  - **Rectification** – Correct inaccurate information
 77  - **Erasure** – Request deletion (exceptions: legal obligations, tax records)
 78  - **Restriction** – Limit how we use your data
 79  - **Object** – Opt out of email tracking or certain processing
 80  - **Withdraw consent** – Stop receiving communications (except transactional emails)
 81  
 82  To exercise these rights, email the address listed in Section 11. We will respond within 30 days.
 83  
 84  ---
 85  
 86  ## 6. Data Security
 87  
 88  We implement industry-standard security measures:
 89  
 90  - **Encryption** – All data transmitted via HTTPS/TLS
 91  - **Secure payment processing** – PayPal handles all payment data (PCI-DSS certified)
 92  - **Access controls** – Limited access to personal data
 93  
 94  No system is 100% secure. We cannot guarantee absolute security but will notify you of any data breach as required by law.
 95  
 96  ---
 97  
 98  ## 7. International Data Transfers
 99  
100  Our servers are located in Australia and USA. If you are in the EEA, UK, or Switzerland, your data is transferred to and processed in Australia and USA. We operate as a small business with limited data processing activities; we rely on the necessity of transfer for contract performance (GDPR Art. 49(1)(b)) to lawfully transfer your data outside the EEA.
101  
102  ---
103  
104  ## 8. Third-Party Services
105  
106  We use the following trusted third parties who may access your data:
107  
108  | Service                       | Purpose                                          | Privacy Policy                                                             |
109  | ----------------------------- | ------------------------------------------------ | -------------------------------------------------------------------------- |
110  | **PayPal**                    | Payment processing                               | [paypal.com/privacy](https://www.paypal.com/webapps/mpp/ua/privacy-full)   |
111  | **Resend.com**                | Email delivery & tracking                        | [resend.com/legal/privacy-policy](https://resend.com/legal/privacy-policy) |
112  | **OpenRouter / AI providers** | AI analysis (website URL only; no personal data) | [openrouter.ai/privacy](https://openrouter.ai/privacy)                     |
113  
114  ---
115  
116  ## 9. Children's Privacy
117  
118  Our Service is not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately.
119  
120  ---
121  
122  ## 10. Changes to This Policy
123  
124  We may update this Privacy Policy periodically. Changes will be posted on this page with a new "Last Updated" date. For material changes affecting your rights, we will notify you via email if you have a recent purchase.
125  
126  ---
127  
128  ## 11. Contact & Complaints
129  
130  **Audit&Fix**
131  Email: [legals@auditandfix.com](mailto:legals@auditandfix.com)
132  NSW, Australia
133  
134  **Australian Privacy Complaints:** Office of the Australian Information Commissioner (OAIC) — [oaic.gov.au](https://www.oaic.gov.au/) · 1300 363 992
135  
136  **EU/UK Complaints:** You have the right to lodge a complaint with your local Data Protection Authority (DPA).
137  
138  ---
139  
140  ## 12. Compliance
141  
142  This Privacy Policy is designed to comply with the _Australian Privacy Act 1988_ (Australian Privacy Principles), GDPR (EU Regulation 2016/679), UK GDPR and Data Protection Act 2018, and the CCPA (where applicable).