Privacy Policy

Last updated: 14 July 2026

1. About This Policy

Athena Web Creation Pty Ltd ("we", "us", "our") operates Athena Automate ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the Service, you consent to the practices described in this Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide

  • Account registration details: name, email address, password
  • Business information: business name, business type, ABN
  • Payment information: processed by Stripe (we do not store card details)
  • CRM data you enter: contact names, emails, phone numbers, notes, deal information
  • Content you create: email templates, automation workflows, campaign copy
  • Call recordings and transcripts you upload for AI scoring

2.2 Information Collected Automatically

  • Log data: IP address, browser type, pages visited, time and date of access
  • Usage data: features used, actions taken within the Service
  • Device information: device type, operating system
  • Cookies and similar tracking technologies (see Section 7)

3. How We Use Your Information

We use your personal information to:

  • Provide, operate, and improve the Service
  • Process payments and manage your subscription
  • Send transactional emails (receipts, password resets, service updates)
  • Provide customer support
  • Analyse usage to improve product features
  • Send marketing communications (you may opt out at any time)
  • Comply with legal obligations
  • Detect and prevent fraud or misuse of the Service

We process your data under the following legal bases: performance of a contract (provision of the Service), our legitimate interests (improving the Service, fraud prevention), your consent (marketing), and compliance with legal obligations.

4. Disclosure of Your Information

We do not sell your personal information. We may share your information with:

  • Service providers: Supabase (database hosting, authentication), Vercel (hosting), Stripe (payment processing), Resend (email delivery), Twilio (SMS delivery), Anthropic (AI processing). These providers are bound by data processing agreements.
  • Legal requirements: When required by law, court order, or government authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before any such transfer occurs.

5. Cross-Border Data Transfers

We store data on servers located in Australia (Sydney, ap-southeast-2 via Supabase). Some of our service providers are located overseas including the United States. Where personal information is disclosed to overseas recipients, we take reasonable steps to ensure those recipients handle your information in accordance with the APPs or under binding contractual protections equivalent to the APPs.

6. Data Security

We implement commercially reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, or destruction, including:

  • Encryption in transit (TLS) and at rest
  • Row-level security policies on our database
  • Access controls limiting who can access production systems
  • Regular security reviews

No method of transmission over the Internet is 100% secure. You share information at your own risk, but we are committed to protecting it.

7. Cookies

We use cookies and similar technologies for authentication (session management) and analytics. You can control cookie settings through your browser, but disabling cookies may affect the functionality of the Service.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After account closure, we retain data for up to 90 days before deletion, unless longer retention is required by law. CRM data (contacts, deals, etc.) is deleted immediately upon account closure if you request it.

9. Your Rights

Under the Privacy Act 1988 and the APPs, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Opt-out: Opt out of marketing communications at any time via the unsubscribe link or by contacting us
  • Complaints: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you are unsatisfied with our response

To exercise any of these rights, contact us at privacy@athenawebcreation.com.au. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice in the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact Us

For privacy-related enquiries or complaints:

Athena Web Creation Pty Ltd

Email: privacy@athenawebcreation.com.au

Website: athenaautomate.com