top of page

Privacy Policy

Last updated: 15 July 2025
 

1. Who we are

Autobiscuit Pty Ltd (“Autobiscuit”, “we”, “our” or “us”) builds AI-powered automation products and resources to help businesses work smarter. We are an Australian-owned company headquartered in Melbourne, Victoria.

2. Our privacy promise

We respect your right to privacy, and we mean it:
 

  • No third-party sales or swaps. We never sell, rent, trade or otherwise share your personal information with third-party marketers.

  • Purpose-limited use. We only use the information you give us to communicate with you about the reason you contacted us (for example, to answer an enquiry, deliver a resource, or set up a project).

  • Security by design. We secure data with industry-standard technical and organisational measures - encryption in transit and at rest, strict access controls, and continuous monitoring.

  • Transparency & control. You can access, correct or delete your information at any time. Just let us know (see Section 9).

3. What information we collect
 

Contact details: Name, email address, phone number, company name.
When you fill out a form, download a resource, book a consultation or email us.

Project information: High-level descriptions you voluntarily share about your workflows or systems.
When you engage us for a discovery call or request a proposal.

Technical data: IP address, browser type/version, device identifiers, pages visited.
Collected automatically via cookies & similar tech (see Section 6)

We do not collect or store payment card numbers, government IDs, sensitive health data, or information about children.

4. How we use your information

  1. Responding to enquiries – to send quotes, answer questions, or arrange meetings.

  2. Delivering resources – to email links to white-papers, templates or other downloads you request.

  3. Account management – if you become a client, to administer the relationship and provide services.

  4. Operational analytics – to understand aggregate website traffic and improve user experience (data is de-identified).

We will only use your details for the purpose you provided them plus any compatible secondary purpose you’d reasonably expect. If we ever need to use your information for something else, we’ll ask first.

5. Legal grounds for processing

Under the Australian Privacy Act 1988 (Cth), our primary basis is consent (you choose to provide information) and legitimate interests (operating our business in a way that does not materially impact your rights). For visitors from the EU/EEA or UK, we also rely on these lawful bases under the GDPR.

6. Cookies & similar technologies

Our site uses a small number of cookies and local-storage items to:

  • remember your preferences (e.g., dark-mode toggle)

  • compile anonymised usage statistics via Google Analytics 4 (IP-anonymisation enabled)

You can block or delete cookies in your browser without affecting core site functionality.

7. Data retention

  • Enquiry emails and CRM records – kept for up to 24 months after our last interaction, then deleted or anonymised.

  • Client project files – retained for the duration of the engagement plus seven years (standard professional record-keeping) unless you request earlier deletion and no law requires us to keep them longer.

  • Analytics data – stored in aggregate form for 26 months.

8. Security measures

  • TLS 1.3 enforced across the site

  • AES-256 encryption at rest for document repositories

  • Strict least-privilege staff access (MFA required)

  • Continuous vulnerability scanning and quarterly penetration testing

If a data breach is likely to cause serious harm, we will notify affected individuals and the OAIC (or relevant EU supervisory authority) within required statutory timeframes.

9. Your rights

Australia Access, correction, complaint to OAIC

EU/EEA & UK Access, rectification, erasure, restriction, portability, objection, complaint to a supervisory authority

CaliforniaRight to know, delete, and opt-out of “sale” (we don’t sell data)

To exercise any right, email privacy@autobiscuit.io. We will respond within 14 days.

10. Disclosure & international transfers

Our primary servers are in Australia (AWS Sydney). We may use vetted sub-processors in the United States or EU for email delivery, CRM and analytics. All transfers occur under Standard Contractual Clauses or an equivalent safeguard.

11. Changes to this policy

We will post any updates here and, if the changes are significant, email you (if we hold your address) at least 14 days before they take effect.

12. Hosting on Wix

Our website is built and hosted on the Wix platform. While AutoBiscuit never sells or shares your personal data, Wix acts as our infrastructure provider and may place its own functional and analytical cookies. Wix is responsible for its own privacy and cookie practices under its separate Privacy Policy and Data Processing Addendum.
By using this site, you acknowledge that:

  • Your data is stored on Wix’s secure servers and processed under Wix’s terms.

  • Wix-issued cookies (such as session and security cookies) are controlled by Wix, and you can manage or disable them in your browser settings.

For full details, please refer to Wix’s Privacy Policy and Cookie Policy on wix.com.

 

FOR ANY ENQUIRIES REGARDING PRIVACY, CONTACT US ON privacy@autobiscuit.io

bottom of page