The Legal Bits

Privacy Policy

At Gravity Projex, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal information when you visit our website or engage our services.

We are an Australian web development agency specialising in building websites, SaaS (software as a service), digital marketing, and setting up and managing social media accounts and digital platforms for businesses. We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy applies to gravityprojex.com (the "Website") and all web development, SaaS, hosting, digital marketing, and social media services provided by Gravity Projex. By using our Website or services, you consent to the collection and use of information in accordance with this Policy. If you do not agree, please do not use our Website or services.

About Our Services

We provide services including (but not limited to):

  • Website design and development
  • SaaS (Software as a Service)
  • PWAs and mobile applications
  • API integrations
  • Custom digital solutions and interactive interfaces
  • Tourism and hospitality back-of-house platforms
  • Website hosting and maintenance
  • Social media account creation and management
  • Digital marketing services
  • Search engine optimisation (SEO)
  • Search engine marketing (SEM)
  • E-commerce solutions
  • Content management systems
  • Analytics and reporting services

Information We Collect

Personal Information

We may collect personal information when you:

  • Request a quote or consultation
  • Contact us via email, phone, or contact forms
  • Subscribe to newsletters or marketing communications
  • Engage our services

This may include:

  • Name and business name
  • Email address
  • Phone number
  • Billing and payment details
  • Business requirements and project information

Website Visitor Information

When you visit our Website, we may automatically collect:

  • IP address and approximate location
  • Browser type, version, and operating system
  • Pages viewed, navigation patterns, and time spent
  • Device information and screen resolution
  • Referring website details
  • Cookies and similar tracking technologies

Third-Party Client Data

When building websites or managing social media accounts for clients, we may handle end-user data on their behalf. This includes contact form submissions, analytics data, social media engagement data, e-commerce transaction data, and customer databases.

Data Processing Roles

Gravity Projex acts as:

  • Data Controller for personal information collected through our Website, marketing activities, enquiries, and internal business operations.
  • Data Processor when handling personal information on behalf of our clients as part of website development, SaaS platforms, hosting, analytics, or social media management services.

When acting as a data processor, we process personal information only in accordance with client instructions, applicable law, and this Privacy Policy. Our clients remain responsible as data controllers for their end-user data.

How We Use Your Information

  • Service delivery: Designing, developing, hosting, and maintaining digital platforms
  • Communication: Responding to enquiries, project updates, and customer support
  • Business operations: Billing, record-keeping, and internal administration
  • Marketing: Newsletters, service updates, case studies, and promotions (with consent)
  • Analytics: Improving Website performance and user experience
  • Legal compliance: Tax, regulatory, and insurance obligations
  • Security: Preventing fraud, misuse, or unauthorised access

Lawful Basis for Processing

We collect and process personal information based on one or more of the following lawful grounds: performance of a contract, consent where required, compliance with legal obligations, and legitimate business interests balanced against individual privacy rights.

Information Sharing and Disclosure

Third-Party Service Providers

We may share information with trusted service providers, including:

  • Web hosting and cloud infrastructure providers
  • Domain registrars and DNS services
  • Email and marketing platforms
  • Payment processors and banking services
  • Analytics, security, and content delivery services
  • Social media platforms

Overseas Disclosure

Some service providers are located overseas, including in the United States and European Union. We take reasonable steps to ensure overseas recipients are subject to privacy protections substantially similar to the Australian Privacy Principles or bound by appropriate contractual safeguards.

Business Transfers and Legal Disclosure

We may disclose personal information where required by law or in connection with a merger, sale, or acquisition of our business.

We do not sell personal information.

Data Security

We implement reasonable technical, administrative, and physical safeguards including SSL/TLS encryption, secure hosting environments, access controls, staff training, encrypted backups, and incident response procedures. While we take security seriously, no system is completely secure.

Notifiable Data Breaches

Gravity Projex complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). In the event of a data breach likely to result in serious harm, we will take reasonable steps to contain and assess the incident and notify affected clients without undue delay.

Data Retention

  • Client project data: retained for up to 7 years
  • Financial and tax records: retained for at least 5 years
  • Website analytics: typically retained for 2–3 years
  • Marketing communications: retained until consent is withdrawn

Your Rights Under Australian Privacy Law

  • Access and request a copy of your personal information
  • Request correction of inaccurate or incomplete data
  • Withdraw consent for marketing communications
  • Request deletion where legally permissible
  • Make a privacy complaint

Cookies and Tracking

We use essential, analytics, marketing, and preference cookies. You can manage cookies through your browser settings. Disabling cookies may affect Website functionality.

Third-Party and Embedded Content

Our Website may include links or embedded content from third-party websites. These external sites may collect data about you independently. We encourage you to review their privacy policies.

Children's Privacy

Our services are intended for businesses and individuals over 18. We do not knowingly collect personal information from children.

Data Processing Addendum

We offer a Data Processing Addendum (DPA) on request for clients requiring additional data protection assurances, reflecting obligations under Australian privacy law and internationally recognised processor standards.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of our services after any modifications indicates acceptance of the updated policy.

Last updated: February, 2026

Complaints and Contact Information

We will acknowledge complaints within 7 days and respond within 30 days. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC).

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us.

Your Privacy Matters

We are committed to protecting your personal information and maintaining transparency in how we handle your data. If you have any concerns or questions, please don't hesitate to reach out.