Privacy Policy

PRIVACY POLICY

Privacy Policy

Last updated: 30 April 2026

Allhart Web Design (“Allhart”, “we”, “us”) is operated by Allhart Australian Enterprises Pty Ltd, based in Brisbane, Australia. This policy describes what information we collect when you use this website and the services we provide, how we use it, and the choices you have. We comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

1. What we collect

We collect personal information only when you choose to provide it, and a limited set of technical signals when you visit the site:

  • Form submissions. When you submit a form (lead-magnet signup, audit request, contact form), we collect the information you enter — typically first name, email address, and where applicable a website URL or short message about your business.
  • Email subscriptions. If you opt into our email list, we store your email address and any tags identifying which page or campaign you signed up from. We use these to send the resource you requested and occasional follow-ups about Allhart’s services. You can unsubscribe at any time from any email.
  • Anonymous analytics signals. We log a hashed visitor ID (a cookie value), the page path you viewed, the variant of any A/B test shown to you, the country your request came from (via Cloudflare), and the timestamp. We do not store IP addresses. These signals let us measure which pages perform and improve them.
  • Cookies. We use a small number of first-party cookies for split-test variant assignment (so the page looks the same each time you visit) and for analytics. You can clear cookies in your browser at any time.

2. How we use your information

  • To deliver the resource, audit, or service you requested
  • To respond to enquiries and book consultations
  • To send relevant follow-ups about Allhart’s services (you can opt out at any time)
  • To measure and improve our website and offers
  • To meet our legal obligations under Australian law

We do not sell your personal information, ever. We do not use it for advertising on third-party platforms.

3. Service providers we use

We use a small number of trusted third-party services to operate this site:

  • Cloudflare — hosting (Cloudflare Pages), DNS, and edge security. Cloudflare may log request metadata (country, user-agent, request path) per their privacy policy.
  • EmailOctopus — email delivery for our list. EmailOctopus stores your email address and tags. See their privacy policy.
  • Google APIs (where applicable) — see Section 4 below.

4. YouTube API Services and Google user data

Some Allhart services involve helping clients publish content to their own YouTube channels on their behalf. To do this, we use YouTube API Services and other Google APIs. By using those parts of our service, you also agree to be bound by the YouTube Terms of Service.

Google’s privacy practices are described in the Google Privacy Policy.

What information we receive from Google APIs. When a client connects their Google account to Allhart, we receive an OAuth access token that allows us to upload videos and manage video metadata on the channel they authorise. We also receive basic profile information (display name, channel ID, profile image) so we can show the connected account in our interface.

How we use that information. We use it solely to perform the action the client asked us to perform — uploading a video, updating its title or description, scheduling its publication. We do not use Google user data to train AI/ML models. We do not sell, transfer, or share Google user data with third parties. Allhart staff do not read or transfer Google user data to humans except (a) with the client’s explicit consent, (b) for security reasons such as investigating abuse, (c) where required by law, or (d) where the data has been aggregated and anonymised so it can no longer be used to identify individuals.

Limited Use. Allhart’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Storage and retention. OAuth tokens are stored encrypted at rest. Tokens are retained only while the connection is active and are deleted within 30 days of the connection being revoked or the engagement ending.

Revoking access. You can revoke Allhart’s access to your Google account at any time by visiting https://myaccount.google.com/permissions and removing “Allhart Web Design”. Once revoked, we will delete any OAuth tokens we hold within 30 days.

5. Data retention

We retain personal information only as long as we need it to deliver our services, comply with our legal obligations, and resolve disputes. Anonymous analytics signals are retained for up to 90 days. Email-list contacts are retained until you unsubscribe.

6. Your rights

Under the Australian Privacy Principles you have the right to access the personal information we hold about you, correct it if it’s wrong, and ask us to delete it. To make a request, email hello@allhart.com.au. We will respond within 30 days.

If you believe we have mishandled your information, you can contact us first or lodge a complaint with the Office of the Australian Information Commissioner.

7. Children

This site and our services are intended for business owners and adults. We do not knowingly collect information from anyone under 18.

8. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top reflects the most recent revision. Material changes will be flagged on the homepage for at least 14 days.

9. Contact

Allhart Web Design (Allhart Australian Enterprises Pty Ltd)
Brisbane, Queensland, Australia
Email: hello@allhart.com.au