Skip to content
DataDonut

Legal

Privacy Policy

This policy explains how Data Donut handles personal information collected through this website, lead magnets, enquiry forms, email, discovery calls, analytics, and early client conversations. Last updated: 18 May 2026.

Who We Are

Data Donut is a launch-stage Australian workflow audit and automation service operated from Queensland, Australia. Formal entity, ABN, and GST details will be added once confirmed.

Privacy contact: [email protected]. General enquiries: [email protected].

Privacy Approach

We aim to handle personal information in a way that is consistent with the Australian Privacy Principles. Where the Privacy Act 1988 applies to Data Donut, we will comply with our obligations under that Act.

We collect the minimum information we reasonably need, use it for clear business purposes, limit access, and avoid placing passwords, API keys, sensitive information, or unnecessary client-identifiable material into public AI tools or unsecured notes.

Information We Collect

We may collect:

  • name, email address, phone number, role, business name, website, and location;
  • workflow, operations, tools, bottleneck, or enquiry details you submit;
  • lead magnet signup, download, marketing preference, and unsubscribe information;
  • booking, meeting, discovery-call, proposal, and CRM follow-up notes;
  • technical and analytics data such as device, browser, pages viewed, referring URL, approximate location, and campaign source;
  • client operational material you choose to provide for audits or service discussions.

How We Collect Information

  • directly from you through forms, email, calls, bookings, downloads, and conversations;
  • through website analytics, cookies, and similar technologies;
  • from referral partners or public business sources where relevant to an enquiry;
  • through approved tools used for CRM, email delivery, scheduling, hosting, security, analytics, and service delivery.

Why We Use Information

We use personal information to:

  • send requested downloads, resources, and follow-up information;
  • respond to enquiries and understand where work is getting stuck;
  • schedule calls, manage CRM records, and create follow-up tasks;
  • prepare, deliver, and improve workflow audits, automation services, and support;
  • send marketing emails where permitted and provide a clear unsubscribe path;
  • measure website performance, campaign source, and content usefulness;
  • protect the website, systems, users, and business from misuse or security risks;
  • meet legal, accounting, dispute-resolution, and compliance obligations.

AI-Assisted Service Delivery

Data Donut may use approved AI tools to assist with summaries, drafting, analysis, documentation, workflow mapping, and internal planning. AI-assisted work is subject to human review before it is used for client-facing recommendations or deliverables.

We do not intentionally place passwords, API keys, secrets, or sensitive regulated information into public AI tools. Where identifiable client information may be used with an AI tool, we assess the purpose, access, retention, security, and disclosure requirements first.

Marketing And Email

If you sign up for a checklist, update, or other resource, we may email you that resource and related follow-up content. Commercial electronic messages will identify Data Donut as the sender and include a way to unsubscribe.

We keep consent and suppression records so unsubscribe requests can be honoured. You can also opt out by emailing [email protected].

Cookies, Analytics, And Tracking

We use analytics and similar technologies to understand site usage, campaign source, page performance, downloads, and conversion actions. We do not intentionally send sensitive enquiry details into analytics tools. Browser settings may allow you to block or limit cookies.

Disclosure And Service Providers

We may share information with service providers that help us operate the website and business, such as hosting, database, analytics, CRM, scheduling, email delivery, security, document storage, and AI-assisted work tools.

Current or planned providers may include Supabase, Cloudflare, Google, Klaviyo, Cal.com, Microsoft Clarity, OpenAI, Anthropic, and similar operational tools. Some providers may process or store information outside Australia, including in the United States, Europe, or other regions listed by the relevant provider. We review provider terms, security, retention, and access controls where practical.

Security

We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures may include access controls, multi-factor authentication for administrative systems, encryption where supported by our systems and providers, logging and monitoring, backups, staff access limits, and due diligence over cloud service providers.

Retention And Deletion

We keep personal information only for as long as reasonably needed for the purposes described in this policy, including responding to enquiries, managing customer or prospective customer relationships, security, legal, accounting, dispute-resolution, and compliance purposes. When information is no longer needed and we are not required by law to keep it, we take reasonable steps to delete it, de-identify it, or put it beyond use where immediate deletion from backup or cloud systems is not practicable.

Access And Correction

You may request access to, or correction of, personal information we hold about you by contacting [email protected]. We may need to verify your identity before responding. We will respond within a reasonable period and aim to do so within 30 days. If we refuse access or correction where permitted by law, we will explain the reason where reasonable and tell you how to complain.

Data Breaches

If we become aware of a suspected data breach involving personal information, we will assess it promptly. Where we have reasonable grounds to believe an eligible data breach has occurred, we will notify affected individuals and the OAIC as required under the Notifiable Data Breaches scheme. Notifications will include our contact details, a description of the breach, the kinds of information involved, and recommended steps individuals should take.

Privacy Complaints

If you believe we have mishandled your personal information, contact us at [email protected]. We will assess your complaint and aim to respond within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

Changes To This Policy

We may update this policy as Data Donut's services, tools, legal identity, or regulatory obligations change. The current version will be published on this page. For website-use terms, see the Terms and Conditions.