Privacy Policy
Effective date: 24 March 2026
About this policy
This privacy policy explains how Samwise Studio (ABN 20 939 626 122) collects, holds, uses, and discloses personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Samwise Studio is an Australian digital services and AI automation agency based in South Australia. We provide managed website services, AI agent solutions, managed marketing, and consulting services exclusively to Australian clients through our website at samwise.studio. Our services are governed solely by Australian law.
By using our website or engaging our services, you acknowledge that you have read and understood this privacy policy. If you do not agree with our practices, please do not use our website or provide us with your personal information.
What personal information we collect
We only collect personal information that is reasonably necessary for our business functions and activities, in accordance with APP 3 (Collection of Solicited Personal Information). The types of personal information we may collect include:
2.1 Information you provide directly
- Name (when you submit our contact form or engage our services)
- Email address (for correspondence and service delivery)
- Phone number (optional, if you choose to provide it via our contact form)
- Service interest or enquiry details (the nature of your enquiry, selected from our contact form)
- Message content (the text of your enquiry or communication)
- Business or organisation name (if relevant to a service engagement)
- Billing and payment information (when you subscribe to our services, your payment card details are collected directly by our payment processor, Stripe, and are never received or stored on Samwise Studio's servers. We share your name, email address, and billing address with Stripe to process your subscription)
2.2 Information collected automatically
- IP address (used for rate limiting on our contact form and collected by our hosting provider)
- Browser type, device type, and operating system
- Pages visited and interactions with our website (via Vercel Analytics)
- Page load performance data (via Vercel Speed Insights)
- Referring website or source
- Payment fraud prevention data (Stripe): when you visit pages that include our payment forms, Stripe may automatically collect device and browser information, behavioural signals, and other activity indicators via its Stripe.js script to detect and prevent fraudulent transactions. This data is not used for advertising and is not sold to third parties.
2.3 Information we do not collect
We do not collect sensitive information (as defined under the Privacy Act) such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data. We do not knowingly collect personal information from children under the age of 16.
2.4 Anonymity and pseudonymity (APP 2)
Where it is lawful and practicable, you have the option of not identifying yourself or of using a pseudonym when dealing with us. For example, you may submit a general enquiry via our contact form without providing your real name. However, if you choose not to provide certain personal information, we may not be able to provide you with specific services or respond to your enquiry effectively.
2.5 Unsolicited personal information (APP 4)
If we receive personal information about you that we have not solicited and did not request, we will determine whether we could have lawfully collected that information. If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
How we collect personal information
We collect personal information through the following means:
- Contact form: When you submit an enquiry via our website contact form at samwise.studio/contact
- Email correspondence: When you email us directly at support@samwise.studio
- Service engagements: When you engage us for managed website, AI agent, marketing, or consulting services
- Automatically: Through our hosting platform and analytics tools when you visit our website
Where practicable, we collect personal information directly from you. We will not collect personal information from third parties without your knowledge or consent, unless required or authorised by law.
Why we collect and use your information
We collect and use personal information for the following purposes (APP 6 - Use or Disclosure of Personal Information):
- To respond to your enquiries and communicate with you about our services
- To provide, manage, and improve the services you have engaged us for
- To process payments and manage your subscription or service account
- To send you service-related communications (such as invoices, updates, or support notifications)
- To protect the security and integrity of our website (including rate limiting and spam prevention)
- To analyse website usage and performance so we can improve the user experience
- To comply with our legal obligations under Australian law
We will not use or disclose your personal information for a purpose other than the primary purpose of collection, or a directly related secondary purpose that you would reasonably expect, unless we have your consent or are required by law.
Marketing communications
We may send you marketing communications about our services where you have consented to receive them or where you are an existing client and the communication relates to similar services. All marketing communications comply with the Spam Act 2003 (Cth) and will include a clear and functional unsubscribe mechanism.
You may opt out of marketing communications at any time by using the unsubscribe link in any marketing email, or by contacting us at support@samwise.studio. We will action your opt-out request within 5 business days.
Disclosure and third-party services
We may disclose your personal information to the following categories of third-party service providers who assist us in operating our business and delivering services to you:
| Service provider | Purpose | Data location |
|---|---|---|
| Vercel | Website hosting, analytics, and performance monitoring | United States (with global edge network) |
| Resend | Transactional email delivery (contact form notifications) | United States |
| Stripe | Payment processing, fraud detection and prevention, authentication, and service performance analytics | United States (with Australian entity) |
| Listmonk (self-hosted) | Newsletter and email marketing | Australia (Railway hosting) |
6.1 Payment processing and Stripe
We use Stripe for payments, analytics, and other business services. Stripe processes transactions on our behalf when you subscribe to or pay for our services.
Your payment card details are collected directly by Stripe through their secure payment elements embedded on our website. Samwise Studio does not receive, access, or store your full card number or CVC.
Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, analytics related to the performance of its services, and to enhance and customise the user experience.
You can learn more about Stripe and read its privacy policy at stripe.com/privacy.
We require all third-party service providers to handle your personal information in a manner consistent with the APPs. Where personal information is disclosed to overseas recipients (APP 8 - Cross-border Disclosure of Personal Information), we take reasonable steps to ensure those recipients comply with obligations substantially similar to the APPs.
We will not sell, rent, or trade your personal information to any third party for marketing purposes.
Overseas disclosure of personal information
Our services are offered exclusively to Australian clients, and we do not market to or solicit personal information from individuals outside Australia. However, some of the third-party service providers we use to operate our business are located in the United States, as detailed in Section 6 above.
In accordance with APP 8, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the overseas recipient does not breach the APPs in relation to that information. We assess each overseas provider's privacy practices, security measures, and contractual commitments to ensure your personal information receives protection substantially similar to that required under Australian law.
Data security
We take reasonable steps to protect your personal information from misuse, interference, loss, and from unauthorised access, modification, or disclosure (APP 11 - Security of Personal Information). Our security measures include:
- Encrypted data transmission via HTTPS/TLS across our website and all service communications
- Rate limiting and anti-spam measures (honeypot fields) on our contact form to prevent abuse
- Restricted access to personal information to authorised personnel only
- Use of reputable, security-certified third-party service providers
- Regular review of our data handling practices and security measures
While we take all reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information.
8.1 Notifiable data breaches (APP 9)
In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in accordance with Part IIIC of the Privacy Act 1988 (Notifiable Data Breaches scheme). We will also take reasonable steps to contain the breach and mitigate any resulting harm.
Data retention
We retain personal information only for as long as it is needed to fulfil the purpose for which it was collected, or as required by law. Our general retention practices are:
- Contact form enquiries: Retained for up to 12 months after the enquiry is resolved, then securely deleted
- Client service records: Retained for the duration of the service engagement plus 7 years (to meet Australian tax and business record-keeping obligations)
- Payment records: Retained as required by the Australian Taxation Office (generally 5 years from the date of the transaction)
- Website analytics data: Retained in aggregated, anonymised form by Vercel in accordance with their data retention policies
- Marketing subscriber data: Retained until you unsubscribe, then removed within 30 days
When personal information is no longer needed, we take reasonable steps to destroy or de-identify it in accordance with APP 11.2.
Your rights
Under the Privacy Act 1988 and the APPs, you have the following rights in relation to your personal information:
10.1 Access (APP 12)
You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days. In some circumstances, we may refuse access (for example, where providing access would have an unreasonable impact on the privacy of others, or where the information relates to existing or anticipated legal proceedings). If we refuse access, we will provide you with written reasons.
10.2 Correction (APP 13)
You have the right to request that we correct any personal information we hold about you that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond to correction requests within 30 days. If we refuse to correct your information, we will provide written reasons and offer to attach a statement from you noting the requested correction.
10.3 Complaints
If you believe we have breached the APPs or handled your personal information improperly, you may lodge a complaint with us at support@samwise.studio. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Online: www.oaic.gov.au/privacy/privacy-complaints
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
Cookies and tracking technologies
Our website uses minimal cookies and tracking technologies to ensure functionality and improve performance:
- Essential cookies: Required for basic website functionality (such as session management). These are strictly necessary and cannot be disabled.
- Analytics (Vercel Analytics): Collects anonymous, aggregated website usage data. Vercel Analytics is privacy-focused and does not use third-party cookies or track individual users across websites.
- Performance monitoring (Vercel Speed Insights): Collects page load performance metrics in anonymised form.
- Fraud prevention (Stripe): When our website loads Stripe's payment elements or checkout forms, Stripe may set cookies on your device for fraud detection and prevention purposes. These cookies help Stripe identify potentially fraudulent transactions and are classified as strictly necessary for the secure processing of payments. Stripe's cookie practices are described in their Cookie Policy.
We do not use advertising cookies or tracking pixels. Our payment processor, Stripe, may set cookies for fraud prevention purposes as described above; these are not used for advertising. We do not participate in cross-site tracking or sell data to advertisers.
Links to third-party websites
Our website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of those third-party sites. We encourage you to review the privacy policies of any third-party website you visit.
Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices, technologies, or legal obligations. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify you by email or via a notice on our website. We encourage you to review this policy periodically.
Contact us
If you have any questions about this privacy policy, wish to make an access or correction request, or wish to lodge a complaint, please contact us:
This policy was last updated on 24 March 2026.