1. Who we are
Valocity Apps (‘we’, ‘us’, ‘our’) is an Australian app development company. We operate the website [DOMAIN] and provide app development, website development, design, and marketing services to clients in Australia and internationally.
Our registered details:
- Legal name: Valocity Apps
- Australian Business Number (ABN): [ABN]
- Australian Company Number (ACN, if applicable): [ACN]
- Registered address: [REGISTERED ADDRESS]
- Privacy contact: [CONTACT EMAIL]
This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights. It applies to information collected through our website, during business engagements, and through any other interaction with our company.
We handle personal information in accordance with: the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs); the EU General Data Protection Regulation (GDPR) where applicable; the California Consumer Privacy Act (CCPA) where applicable; the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) where applicable.
2. What personal information we collect
Information you provide directly
- Contact details: name, email, phone, company, job title
- Project information: business details and engagement requirements you share during Founder Calls
- Payment information: billing details (card numbers processed through Stripe — we do not store them)
- Communications: emails, messages, and content you send us
- Marketing preferences: newsletter subscription status
Information collected automatically
- Technical data: IP address, browser type, device type, operating system
- Usage data: pages visited, time spent, click patterns
- Location data: approximate location from IP (country/region level)
- Cookies and tracking — see Cookie Policy
Information from third parties
- Marketing platforms: Google Ads, Meta Ads, LinkedIn Ads where you’ve interacted with our ads
- Analytics: aggregated data from Google Analytics or similar
- Public sources: LinkedIn, ASIC records when researching potential clients
- Referrals: information shared by mutual contacts
3. Why we collect and use your information
We collect and use personal information for these purposes (which also serve as our ‘lawful bases’ under GDPR):
To provide our services (contract performance)
- Respond to enquiries and Founder Call requests
- Deliver services you engage us for
- Manage our relationship with you
- Send service-related communications (project updates, invoices)
To run our business (legitimate interests)
- Improve our website, services, and offerings
- Develop case studies (only with your explicit consent before publication)
- Internal analytics and reporting
- Detect and prevent fraud or security incidents
- Recover unpaid invoices
To market our services (consent or legitimate interests)
- Send marketing emails — only if you’ve opted in
- Show relevant advertising on third-party platforms (retargeting) — subject to your consent
- Personalise website content
To comply with legal obligations
- Tax, employment, and corporate regulatory requirements
- Lawful requests from courts, regulators, government agencies
5. Where your information is stored
Our primary servers are located in Australia (AWS Sydney region). Some service providers are based overseas, meaning your information may be processed in:
- United States (AWS, Stripe, Google, Meta, LinkedIn)
- European Union (Cloudflare, Postmark)
- Other countries depending on the service provider
When transferring overseas, we use appropriate safeguards:
- Contractual obligations via Data Processing Agreements
- Providers operating under recognised frameworks (EU-US Data Privacy Framework, ISO 27001)
- Standard Contractual Clauses (SCCs) for EU transfers per GDPR
By using our services, you consent to these transfers where necessary.
6. How long we keep your information
| Data category | Retention period |
|---|---|
| Active client data | Engagement duration + 7 years (tax/legal) |
| Prospect / lead data | 3 years from last interaction |
| Newsletter subscribers | Until unsubscribed, deleted within 30 days |
| Website analytics | 26 months (GA default) or less |
| Cookies | See Cookie Policy |
| Marketing platform data | Active duration + 12 months |
| Invoices and financial records | 7 years (ATO requirement) |
| Contract documents | 7 years post-end (statute of limitations) |
After these periods, we securely delete or anonymise the data.
7. Your rights
Rights for all individuals (Australian Privacy Principles)
- Right to access — request a copy of what we hold
- Right to correction — request correction of inaccurate data
- Right to complain — to us first, then to OAIC at oaic.gov.au
- Right to be informed — ask how we handle your data (30-day response)
Additional rights for EU/UK residents (GDPR)
- Right to erasure (‘right to be forgotten’) in certain circumstances
- Right to restrict processing
- Right to data portability — receive your data machine-readable
- Right to object to legitimate-interests processing
- Right to withdraw consent at any time
- Right to complain to your local data protection authority
Additional rights for California residents (CCPA/CPRA)
- Right to know what’s collected
- Right to delete personal information
- Right to opt out of sale/sharing (we do not sell — we do share with ad partners; see Cookie Policy)
- Right to correct inaccurate information
- Right to limit use of sensitive information
- Right to non-discrimination for exercising rights
Additional rights for Canadian residents (PIPEDA)
- Right to access personal information
- Right to challenge accuracy
- Right to withdraw consent (subject to legal restrictions)
To exercise rights, contact [CONTACT EMAIL]. We verify identity and respond within 30 days.
8. How we protect your information
- Encryption: TLS 1.2+ in transit, AES-256 at rest where supported
- Access control: role-based, least privilege
- Authentication: multi-factor on all admin accounts
- Monitoring: security event logging and intrusion detection
- Vendor due diligence: we vet provider security
- Staff training: regular privacy and security training
- Incident response: documented breach procedures
We work to industry standards aligned with ISO 27001 principles. However, no internet transmission is 100% secure — we cannot guarantee absolute security.
9. Data breach notification
If we experience a breach likely to result in serious harm, we will notify you and the OAIC within 72 hours of becoming aware, per the Notifiable Data Breaches scheme under the Privacy Act.
For EU residents, we notify your supervisory authority within 72 hours per GDPR Article 33.
10. Children’s privacy
Our services are not directed to children under 16. We do not knowingly collect their information. If you believe we have inadvertently collected information from a child, please contact [CONTACT EMAIL] and we’ll delete it promptly.
11. Changes to this Policy
We may update this Privacy Policy. When we make material changes, we will:
- Update the ‘Last updated’ date
- Notify you by email if changes materially affect your rights
- Post a notice on our website for at least 30 days
Continued use after changes constitutes acceptance. If you disagree, you may discontinue use.
12. Contact us
Questions, requests, or complaints about this Privacy Policy:
- Email: [CONTACT EMAIL]
- Postal: [REGISTERED ADDRESS]
If unsatisfied with our response, you may also contact:
- Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
- EU/UK: Your local data protection authority (edpb.europa.eu)
- California: California Attorney General — oag.ca.gov/privacy
- Canada: Office of the Privacy Commissioner — priv.gc.ca
Questions?
Email [CONTACT EMAIL] — we respond within two business days.