Studio
Legal

Privacy Policy

Last updated: May 2026

1. Introduction

Pixelpond Studio ("Pixelpond Studio", "we", "us", or "our") (ABN 27 735 827 398) operates this website and provides custom design and development services. We are based in Australia and are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth).

This Privacy Policy explains what personal information we collect, why we collect it, how we use and store it, and the choices and rights you have. It applies to our website at studio.pixelpond.au and to the services we provide to applicants and clients.

By using our website or submitting an application, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We only collect personal information that is reasonably necessary for our functions and activities. Depending on how you interact with us, this may include:

  • Application information: when you submit a project application, we collect your name, email address, your business or brand name, any social or website links you provide, and the details you share about your project — its purpose, audience, desired features, timeline, budget range, and any legal, compliance, or regulatory considerations you choose to tell us about.
  • Account information: if you are invited to create a client account, we collect your email address and an encrypted (hashed) password, along with basic profile details. Authentication is handled by our infrastructure provider; we do not store passwords in plain text.
  • Project and communication data: messages, files, feedback, revision requests, and approvals that you exchange with us during a project, including through the client portal.
  • Payment information: billing details needed to process payments and issue invoices. Card payments are handled directly by our payment processor (Stripe). We receive confirmation of payment and limited transaction details, but we do not collect or store full card numbers.
  • Technical and usage data: limited technical information such as your approximate location, browser type, device, and pages visited, collected through privacy-preserving analytics and standard server logs used for security and to operate the site.

You do not have to provide the information we request, but if you choose not to, we may be unable to assess your application or provide our services.

3. How We Use Your Information

We use personal information for the purposes for which it was collected, including to:

  • assess, respond to, and follow up on your application;
  • prepare quotes and scope, and deliver and manage our design and development services;
  • process payments and issue invoices and receipts;
  • communicate with you about your project, including updates, previews, and feedback requests;
  • operate, secure, maintain, and improve our website and services;
  • comply with our legal, tax, and record-keeping obligations.

We will not use your personal information for an unrelated purpose without your consent, unless permitted or required by law. We do not use your information for unsolicited marketing, and we do not sell your personal information.

4. Cookies and Analytics

Our public website does not use advertising or cross-site tracking cookies. We use a privacy-preserving analytics service (Cloudflare Web Analytics) that measures aggregate traffic without using cookies and without building individual advertising profiles.

Essential cookies and similar local storage are only used when you log in to a client account, to keep you signed in and to operate the portal securely. You can control or remove cookies through your browser settings, though some account features may not work without them.

5. Disclosure and Service Providers

We do not sell or rent your personal information. We share it only where necessary to operate our services, with trusted providers who are bound to protect it:

  • Hosting and infrastructure: Vercel (website hosting) and Supabase (database, authentication, and file storage).
  • Payments: Stripe, for secure payment processing and invoicing.
  • Email: Resend, for transactional emails relating to your application and project.
  • Analytics and content delivery: Cloudflare.
  • Legal and safety: regulators, law enforcement, or professional advisers, where required or authorised by law, or to protect our legal rights.

We disclose information to these providers only to the extent needed for them to perform their function.

6. Overseas Storage and Disclosure

Some of our service providers store or process data outside Australia, including in the United States and the European Union. Where personal information is disclosed to an overseas recipient, we take reasonable steps to ensure it is handled in a manner consistent with the Australian Privacy Principles. By providing your information, you consent to this overseas storage and processing.

7. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These include encryption of data in transit (TLS), access-controlled storage, and the use of reputable providers with their own security measures. Account passwords are stored in hashed form.

No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security.

8. Data Retention

We keep personal information only for as long as it is needed for the purposes described in this policy, or as required to meet legal obligations. Records related to payments and invoices are retained for the period required by Australian tax and record-keeping law.

Where an application is unsuccessful or a project does not proceed, we delete or de-identify the associated personal information within a reasonable period, unless we are required to retain it.

9. Your Rights

Under the Australian Privacy Principles, you may:

  • request access to the personal information we hold about you;
  • request correction of information that is inaccurate, out of date, or incomplete;
  • request deletion of your personal information, subject to our legal obligations;
  • withdraw consent for processing that relies on consent, where applicable;
  • make a complaint about how we have handled your personal information.

To make a request, contact us using the details in section 12. We will respond within a reasonable period and may need to verify your identity first. There is no charge to make a request, although a reasonable fee may apply for access in limited circumstances.

10. Children's Privacy

Our services are intended for businesses and individuals engaging us for project work, and are not directed at children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The current version will always be available on this page, with the "Last updated" date shown above. We encourage you to review it periodically.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or would like to make a complaint, please contact us at support@pixelpond.au.

If you are not satisfied with our response to a privacy concern, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.