Legal

Privacy Policy

Effective date: 22 April 2026 (DRAFT)

DRAFT — not final legal advice. This is draft business copy. A solicitor review is intended before publication and certainly before any client engagement relies on it. Current protections still apply — AMRIX does not sell personal information, and Australian Privacy Principles remain the baseline.

1. About this policy

AMRIX PTY LTD (ABN 20 693 581 029) ("AMRIX", "we", "us", "our") is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at amrix.com.au or engage our services.

This policy is designed to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). By using our website or engaging our services, you consent to the practices described in this policy.

2. Information we collect

We may collect the following types of personal information:

  • Identity information: name, business name, role
  • Contact information: email, phone, postal address
  • Billing information: invoice details and payment records (payment card data is processed by our payment provider and never stored by AMRIX)
  • Service information: details of your existing domains, hosting, systems, and goals you share during scoping and delivery
  • Technical data: IP address, browser type, pages visited, time on page (when analytics are enabled)
  • Communications: records of emails, enquiry form submissions, and support requests

We collect personal information only where it is reasonably necessary for our functions and activities. We do not collect sensitive information unless required for a specific service and with your explicit consent.

3. How we use your information

We use your personal information for the following purposes:

  • To respond to enquiries and provide quotes
  • To deliver the services agreed in a Statement of Work
  • To issue invoices and process payments
  • To communicate about active engagements and support requests
  • To maintain service records and continuity
  • To comply with legal obligations, including Australian tax record-keeping
  • To improve our website and service offerings in aggregate

We do not sell your personal information. We do not use it for direct marketing without your consent. We do not trade or rent contact lists.

4. Third-party service providers

We use trusted third-party services to operate. Each has its own privacy practices and may process your data as part of service delivery:

  • Cloudflare — website delivery, security, DDoS protection. Processes request metadata including IP addresses. Cloudflare Privacy Policy.
  • Microsoft 365 — email and document storage. Data resides in Microsoft's Australian datacentres where available. Microsoft Privacy Statement.
  • Xero — accounting and invoicing. Invoice data lives in Xero. Xero Privacy Notice.
  • Stripe / Square — payment processing. Card data handled directly by the provider under PCI-DSS. AMRIX does not store card numbers. Stripe · Square.
  • Google Analytics (optional) — aggregate website usage. We use it only when explicitly configured. Google Privacy Policy.

We will not otherwise disclose your personal information to third parties without your consent, except where required by law.

5. Overseas disclosure

AMRIX primarily stores and processes data within Australia. Some third-party services (Microsoft, Cloudflare, Stripe) may process data on infrastructure outside Australia. These providers operate under binding privacy frameworks that meet or exceed Australian Privacy Principle 8.1 requirements.

6. Data retention

We retain personal information for as long as necessary to deliver services and meet legal obligations:

  • Financial records (invoices, payments) — 7 years, per Australian tax requirements
  • Service records — duration of the engagement plus 3 years
  • Enquiry form data — 2 years from enquiry date
  • Analytics data — aggregate only; identifiable data purged after 12 months

When retention periods expire, data is securely deleted or de-identified.

7. Data security

We take reasonable technical and organisational steps to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure. Security measures include:

  • Encrypted communications (TLS) for all web interactions
  • Access controls limiting who can view personal data
  • Multi-factor authentication on internal systems
  • Periodic review of third-party access and data-handling posture

No method of electronic transmission or storage is 100% secure. If you believe a data breach has occurred, please contact us at accounts@amrixgroup.com.au and we will notify you and, where required, the Office of the Australian Information Commissioner.

8. Cookies and tracking

The AMRIX Creative website uses minimal cookies. We do not use advertising cookies, third-party tracking pixels, or profiling cookies. You may configure your browser to refuse cookies; some site features may not function correctly if you do.

9. Digital asset handover and access rights

AMRIX Creative's ownership-first model means, in almost every engagement, you own the personal data associated with your digital presence directly. Your domain is registered in your name; your Google Business Profile is verified to your email; your hosting account is on your card.

Our Digital Asset Handover Schedule sets out exactly what gets handed to you, when. You can request the most recent Schedule version from us at any time.

10. Your rights — access and correction

Under the Australian Privacy Principles, you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of any personal information that is inaccurate, incomplete, or out of date
  • Make a complaint if you believe we have breached the Australian Privacy Principles

To exercise these rights, contact us at accounts@amrixgroup.com.au. We will respond within 30 days.

11. Privacy complaints

If you have a complaint about how we have handled your personal information, please contact us first:

AMRIX PTY LTD
Email: accounts@amrixgroup.com.au
Sydney NSW, Australia

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via the website. The effective date at the top reflects the current version.