Privacy Policy & Compliance

Webifex Labs Pty Ltd is a Melbourne-based digital agency building bespoke AI platforms, neural integrations, and autonomous workflows for forward-thinking businesses across Australia and globally.

• ABN: 70 688 899 103
• ACN: 688 899 103
• Privacy Contact: admin@webifex.io

This policy applies to all personal information collected through our website, client engagements, and the platforms we build and operate. We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

We collect only the personal information necessary to deliver our services. This includes:

• Names, email addresses, and phone numbers
• Billing details (processed via certified payment gateways)
• IP addresses and device information (via analytics)
• Project and engagement data shared during service delivery

We do not collect sensitive information (health records, biometrics, government identifiers) unless explicitly required for a specific project and with your informed consent.

We collect personal information through the following channels:

• Directly: Contact forms, email correspondence, onboarding questionnaires, and app interactions.
• Indirectly: Cookies and web analytics (with your consent).
• Third parties: Only under contract or with your consent, for example payment gateways and CRM platforms used in project delivery.

Your personal information is used exclusively for:

• Service delivery and project management
• Invoicing and billing
• Client communications and support
• Improving our platforms and services

We disclose PII only to certified infrastructure providers (Vercel, AWS, Supabase, Cloudflare) and contractors bound by NDA. We do not sell, trade, or share personal information for marketing purposes.

Overseas transfer may occur to the US (Vercel, AWS) and EU (Supabase) under APP-equivalent protections; see Overseas Disclosure below.

All platforms we build and operate implement enterprise-grade security measures as standard, not optional extras:

• Encryption: TLS 1.3 in transit, AES-256 at rest.
• Database: Row Level Security (RLS) enforced at the Supabase layer.
• Application: OWASP Top-10 mitigations built into every Next.js deployment.
• Access: Role-based access controls and audit logging across all systems.

This is a shared-responsibility model. Infrastructure providers maintain their own certifications (see the Trust Strip above). We are responsible for application-layer security.

We use cookies in two categories:

• Essential cookies: Required for core site functionality. These cannot be disabled.
• Analytics cookies: Google Analytics with IP anonymisation, collected only with your consent.

You can manage cookie preferences via your browser settings or through our consent banner. Withdrawing consent does not affect the lawfulness of prior processing.

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate, incomplete, or out-of-date information
• Request deletion where lawfully possible

Submit requests to admin@webifex.io. We respond within 30 days. If you are unsatisfied, you may escalate to the Office of the Australian Information Commissioner at oaic.gov.au.

We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). In the event of a data breach that is likely to result in serious harm to any individual:

• We will notify all affected individuals promptly
• We will notify the Office of the Australian Information Commissioner (OAIC)
• We will take immediate steps to contain the breach and prevent recurrence

Our infrastructure providers (Vercel, AWS, Supabase, Cloudflare) maintain their own breach response protocols under their respective compliance certifications.

Your personal data may be processed by certified infrastructure providers outside of Australia:

• United States: Vercel (edge network), AWS (cloud infrastructure)
• European Union: Supabase (database hosting, optional EU region)

All providers maintain data protection standards that meet or exceed the Australian Privacy Principles. Before disclosing personal information overseas, we take reasonable steps to ensure recipients handle it in accordance with APP 8.1.

We may update this policy periodically to reflect changes in our practices or legal obligations. Material changes will be communicated via email or a prominent notice on this page. Continued use of our services constitutes acceptance of the updated policy.

For any privacy-related questions, access requests, or complaints: