Privacy Policy

Last updated: January 2025

1. Introduction

Validash ("we", "our", or "us") is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our SEO audit service ("Service").

About This Policy:

  • This policy applies to personal information collected through www.validash.live
  • We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988
  • This policy should be read together with our Terms of Service

2. Information We Collect

2.1 Personal Information You Provide

  • Name and email address (via Google Authentication)
  • Business name and website URL
  • Google Analytics account access (read-only)
  • Payment information (processed and stored by Stripe only)

2.2 Google Analytics Data (With Your Permission)

When you connect your Google Analytics account, we access:

  • Website traffic volume and sources
  • Page view statistics and session duration
  • Geographic location of visitors (country/city level)
  • Device and browser information

We DO NOT access:

  • Personally identifiable information (PII) of your website visitors
  • Email addresses of your customers
  • Payment information
  • Any data not required for SEO analysis

2.3 Automatically Collected Information

  • Browser type and version
  • Device type and operating system
  • IP address (anonymized for analytics)
  • Pages visited on our website and time spent

2.4 Information We Do NOT Collect

  • Credit card details (handled by Stripe)
  • Sensitive personal information (health, race, religion, etc.)
  • Information from children under 18

3. How We Use Your Information and Legal Basis

3.1 To Provide the Service (Contract Performance)

  • Generate your SEO audit report
  • Analyze your website and Google Analytics data
  • Deliver your report via email
  • Process payments and transactions

3.2 With Your Consent

  • Access your Google Analytics account (you can revoke at any time)
  • Send marketing communications (opt-out available)
  • Use cookies for analytics (you can disable in browser)

3.3 For Our Legitimate Business Interests

  • Improve our Service and develop new features
  • Detect and prevent fraud and abuse
  • Ensure security of our systems

3.4 Legal Requirements

  • Respond to legal requests and prevent harm
  • Enforce our Terms of Service
  • Comply with applicable laws and regulations

You can withdraw consent at any time by revoking Google Analytics access in your Google Account settings, contacting us to delete your account, or opting out of marketing emails.

4. Data Storage, Security, and International Transfers

4.1 Where We Store Your Data

  • Primary storage: Google Cloud Platform (Firebase) - Australia region
  • Payment processing: Stripe (PCI-DSS compliant)
  • Backups: Encrypted backups stored in Australia

4.2 Security Measures

We implement industry-standard security measures including:

  • End-to-end encryption for data in transit (TLS/SSL)
  • Encryption at rest for stored data
  • Access controls and authentication
  • Regular security audits and vulnerability assessments
  • Regular backups and disaster recovery procedures

4.3 International Data Transfers

Some of our service providers (Google, Stripe) may process data outside Australia. When data is transferred internationally, we ensure adequate safeguards are in place and comply with APP 8 (Cross-border disclosure).

4.4 Data Breach Notification

In the event of a data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. How We Share Your Information

We do not sell your personal information to third parties.

5.1 Service Providers

We share limited information with trusted service providers:

Google Firebase/Cloud Platform:

  • Data shared: Name, email, website URL, audit reports
  • Purpose: Authentication, data storage, hosting
  • Location: Australia (with backup in Singapore)

Stripe:

  • Data shared: Name, email, payment details (you provide directly)
  • Purpose: Payment processing
  • Location: Global (with Australian entity)

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

5.3 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

6. Data Retention and Deletion

6.1 How Long We Keep Your Data

Account Information:

  • Active accounts: Retained while account is active
  • Inactive accounts: Deleted after 24 months of inactivity (with 30-day notice)

Audit Reports:

  • Retained for 12 months from purchase date
  • You can download your report anytime during this period
  • After 12 months, reports may be anonymized for analytics

Payment Records:

  • Retained for 7 years to comply with Australian tax laws
  • Handled and retained by Stripe according to their policies

6.2 How to Request Deletion

You can request deletion of your data by contacting us. We will respond within 30 days. Some data may be retained if required by law (e.g., tax records).

Note: Deleted data cannot be recovered. Please download your audit report before requesting deletion.

7. Your Privacy Rights Under Australian Privacy Law

Under the Australian Privacy Principles, you have the following rights:

7.1 Right to Access (APP 12)

You can request access to the personal information we hold about you. We will respond within 30 days. Access is usually free, but we may charge a reasonable fee for complex requests.

7.2 Right to Correction (APP 13)

You can request correction of inaccurate or incomplete information. You can update most information in your account settings. For other corrections, contact us.

7.3 Right to Erasure

You can request deletion of your personal information. We will delete within 30 days unless retention is required by law.

7.4 Right to Object

You can object to processing of your information for direct marketing purposes by clicking unsubscribe in any marketing email.

7.5 Right to Complain

If you believe we have breached the Australian Privacy Principles, contact us first. If not satisfied, you can lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

  • Phone: 1300 363 992
  • Website: www.oaic.gov.au
  • Email: enquiries@oaic.gov.au

8. Cookies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us immediately. We will delete such information as soon as practicable.

Under Australian law, children under 18 may not be able to consent to the collection of their personal information in certain circumstances. We recommend parental or guardian consent for users under 18.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For significant changes that may affect your rights, we will:

  • Update the "Last updated" date at the top
  • Send you an email notification (if you have an account)
  • Display a prominent notice on our website for 30 days

Continued use of the Service after changes constitutes acceptance. If you don't agree with changes, you can stop using the Service and request deletion of your account.

11. Google API Services and OAuth

11.1 Google OAuth Authentication

When you sign in with Google, we request read-only access to your basic profile (name, email) and your Google Analytics data. You can review and manage permissions at: https://myaccount.google.com/permissions

11.2 What We Do With Google Data

  • Use it solely to generate your SEO audit report
  • Do not share it with third parties
  • Do not use it for advertising purposes
  • Store it securely on Google Cloud Platform

11.3 How to Revoke Access

You can revoke Validash's access to your Google account at any time by visiting https://myaccount.google.com/permissions and removing Validash from the list.

Google API Limited Use Disclosure:

Validash's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

12. Australian Privacy Law Specifics

12.1 Notifiable Data Breaches (NDB Scheme)

Under the Privacy Act 1988, we are required to notify you and the OAIC of eligible data breaches that are likely to result in serious harm.

12.2 Cross-Border Disclosure (APP 8)

Before we disclose your personal information overseas (e.g., to Google, Stripe), we inform you of the likely countries (USA, Singapore) and ensure they have privacy protections in place.

12.3 Sensitive Information

We do not collect sensitive information as defined by the Privacy Act (e.g., health information, racial or ethnic origin, political opinions, religious beliefs).

12.4 Direct Marketing

If we send you marketing communications, you can opt out at any time via the unsubscribe link. We comply with the Spam Act 2003.

13. Contact Us and Privacy Officer

For any privacy-related questions, concerns, or requests:

  • Website: https://www.validash.live/contact
  • Response Time: We aim to respond to all privacy inquiries within 5 business days

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at 1300 363 992 or www.oaic.gov.au

← Back to Home