LEGAL · LAST UPDATED 17 APRIL 2026

Privacy Policy

This policy explains what data we collect, why we collect it, how we use it, and your rights. Written in plain English. Compliant with GDPR, CCPA/CPRA, and the Australian Privacy Act 1988.

⚠️ IMPORTANT NOTE FOR OWNER

Have this document reviewed by a qualified lawyer in both US and Australian jurisdictions before going live. It is a strong starting template, but specific provisions may need to change based on your exact business practices, data processors used, and evolving regulations.

1. Who we are

Conversion Doctor ("we", "us", "our") is a digital marketing agency with offices in the United States and Australia. Our registered entities are:

  • United States: [Legal Entity Name], [Street Address], [City, State ZIP]
  • Australia: [Legal Entity Name], [Street Address], [Suburb, State Postcode]

You can contact us at connect@conversiondoctor.co.

2. What data we collect

We collect the following categories of personal data:

  • Contact information you give us: name, email, phone number, company, website URL, role, and any free-text you provide in forms or emails.
  • Business context data: industry, monthly revenue range, ad spend range — when you submit our booking form.
  • Usage data: IP address, browser type, device, referring URL, pages visited, time on page, clicks. Collected via Google Analytics 4, cookies, and server logs.
  • Communications: emails, call recordings (with consent), meeting notes, proposal interactions.
  • Payment data (clients only): billing name, address, and payment method tokens. Actual card numbers are handled by our payment processor (Stripe) and never touch our servers.

3. How we use it

We use your personal data only for the following purposes:

  • To respond to your inquiries and deliver the services you requested.
  • To operate and improve our website (analytics, A/B testing with de-identified data).
  • To send you occasional emails about our work, insights, or offerings — only if you opted in. You can unsubscribe anytime.
  • To comply with legal obligations (tax, accounting, regulatory requests).
  • To protect against fraud, abuse, and security incidents.

We do not sell your personal data. We do not share it with advertisers. We do not use it to train machine-learning models outside of the direct service we provide you.

4. Legal bases (GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Contract: to deliver services you've purchased or requested.
  • Legitimate interest: to operate our business, respond to inquiries, improve our website, and prevent fraud.
  • Consent: for marketing emails and non-essential cookies. You can withdraw consent anytime.
  • Legal obligation: to comply with applicable laws.

5. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Opt out of sale or sharing (CCPA/CPRA — though we don't sell data).
  • Lodge a complaint with your local data protection authority (ICO in UK, OAIC in Australia, your state AG in the US).

To exercise any of these rights, email connect@conversiondoctor.co. We respond within 30 days.

6. Cookies & tracking

We use first-party cookies for essential site functionality and third-party cookies for analytics (Google Analytics 4 with IP anonymization enabled), advertising measurement (Meta Pixel, Google Ads), and embedded widgets (booking calendar, chat).

On first visit, we show a cookie consent banner. You can accept all, reject non-essential, or customize by category. You can change your preferences anytime by clicking "Cookie Settings" in the footer. See our Cookie Policy for full detail.

7. Data retention

We keep personal data only as long as necessary:

  • Inquiry data: up to 24 months if no engagement, unless you request deletion sooner.
  • Client records: for the duration of our relationship plus 7 years for tax and legal purposes.
  • Marketing subscribers: until you unsubscribe.
  • Analytics data: de-identified and aggregated after 14 months (GA4 default).

8. International data transfers

Because we operate in both the US and Australia, your data may be transferred between these countries and processed by vendors in other jurisdictions (notably the EU and UK). All transfers use Standard Contractual Clauses (SCCs) or equivalent safeguards.

9. Data processors we use

We use the following third-party services to run our business. Each has its own privacy policy and is contractually bound to protect your data:

  • Google Workspace (email, docs, drive)
  • Google Analytics 4 (analytics)
  • Stripe (payments)
  • HubSpot or equivalent CRM (client management)
  • Calendly or similar (meeting booking)
  • Slack (internal comms and, if invited, client comms)
  • AWS / Cloudflare (hosting and security)

10. Security

We use industry-standard measures: TLS encryption in transit, encrypted backups, role-based access control, 2FA on all staff accounts, regular security reviews. No system is perfectly secure, but we take this seriously.

11. Children

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, email us immediately at connect@conversiondoctor.co and we will delete it.

12. Changes to this policy

We update this policy when our practices or legal requirements change. The "Last updated" date at the top reflects the most recent change. If a change is material, we'll notify you by email (if you're on our list) or via a banner on the site.

13. Questions or concerns

Email connect@conversiondoctor.co. We take privacy questions seriously and will respond promptly.