Who we are

  • xDev Pty Ltd, ABN 18 981 750 956, is an Australian website design and development company.
  • We provide website building and related services for local service businesses.
  • This privacy policy applies to xdev.com.au and xdev.codes.

What personal information we collect

  • Contact information: Name, email address, phone number, business name, business address, suburb, postcode.
  • Payment information: Email address and payment status (payment processors handle card details securely).
  • Website usage: IP address, browser type, device type, pages visited, referral source, interaction data.
  • Business data: Public information from Google Maps, Fresha, Instagram, Facebook, your website, and other public sources.
  • Communications: Messages, feedback, approval notes, and other information you provide.
  • Preference data: Theme preferences, layout choices, and service customization selections.

How we collect your information

  • Directly from you: When you book services, complete payment, contact us, or submit forms.
  • Public sources: We collect business information from Google Maps, Fresha, Booksy, Bookwell, Instagram, Facebook, Yellow Pages, and similar public platforms.
  • Your website: From your own website and public business profiles.
  • Automatically from your device: IP address, browser information, and usage statistics when you visit our site.
  • From third parties: Your sales representative or other business contacts may provide your information.
  • At point of collection: We display collection notices at the time we collect optional information.

Why we use your personal information

  • Essential services: Design, build, and deploy your website and related deliverables.
  • Communication: Send booking confirmations, payment reminders, project updates, approval requests, and support responses.
  • Payment processing: Facilitate payment transactions and maintain payment records.
  • Legal compliance: Maintain financial records (5+ years for tax purposes), comply with laws, and resolve disputes.
  • Security: Prevent fraud, detect unauthorized access, and protect the platform and your data.
  • Service improvement: Fix bugs, enhance performance, improve user experience, and analyze usage patterns.
  • Marketing: Send promotional updates only if you opt in; you can unsubscribe anytime.

Legal basis for processing

  • Contractual necessity: Processing needed to provide your requested services.
  • Legal obligation: Compliance with tax, consumer protection, and other laws.
  • Legitimate interest: Improving our platform, preventing fraud, and protecting security.
  • Consent: For marketing communications and optional analytics.
  • Your rights: We process only what is necessary and comply with privacy laws.

Who we share your personal information with

  • Payment processors: Stripe and other payment providers to process transactions securely.
  • Web hosting: Vercel, AWS, and similar providers for website hosting and data storage.
  • Domain services: Domain registrars and DNS providers (only if you request management).
  • Communication platforms: Email providers to send transactional and optional marketing messages.
  • Analytics and security: Third-party vendors for platform security and usage analysis.
  • Professional advisors: Accountants and legal advisors (only when necessary and with your permission).
  • Law enforcement: Courts, government agencies, and law enforcement only when legally required.
  • Regulatory bodies: Australian Information Commissioner, consumer protection agencies, or financial regulators when required by law.

Where your personal information is stored

  • Australia: Some operational data is stored in Australia.
  • United States: Payment processors (Stripe) and hosting providers (Vercel, AWS) store data in US data centers.
  • EU: Some hosting services may replicate data to EU data centers.
  • Security: All service providers use HTTPS encryption, firewalls, access controls, and industry-standard security practices.
  • Transfers: When we transfer data internationally, we ensure adequate protections via data processing agreements.

How long we keep your information

  • Contact and communication data: 12 months after our business relationship ends, or when you request deletion.
  • Website content and design files: For the duration of your service, plus 12 months after termination.
  • Payment records: 5 years (required by Australian Tax Office and accounting standards), longer if disputes or audits require it.
  • Server backups: 30 days from deletion.
  • Usage logs and analytics: 90 days.
  • Marketing preferences: Until you unsubscribe.
  • Anonymized data: May be retained indefinitely for analytics and service improvement.

Your privacy rights

  • Access: Request a copy of all personal information we hold about you.
  • Correction: Request that we fix inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information (subject to legal holds and tax retention).
  • Portability: Request your data in a portable format for transfer to another service.
  • Marketing opt-out: Unsubscribe from promotional emails anytime via the unsubscribe link.
  • Restriction: Request that we limit use of your information while reviewing a complaint.
  • Objection: Object to processing for marketing, analytics, or other non-essential purposes.
  • How to request: Email hello@xdev.com.au with "Privacy Request" in the subject line.
  • Timeline: We will respond within 30 days; complex requests may take up to 60 days.

Your rights by location

  • Australia: You are protected by the Privacy Act 1988 (Cth) and Australian Consumer Law. You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
  • California, USA: Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have rights to know, access, delete, correct, and opt out of data sales. Email hello@xdev.com.au with "CCPA Request" to exercise these rights.
  • Do Not Sell My Personal Information: We do not sell personal information, and we honor global opt-out signals (GPC - Global Privacy Control) automatically.
  • Other US states: Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Montana (MCDPA), Delaware (DPDPA), and Oregon (OPA) afford similar rights regardless of where you reside.
  • EU residents: If applicable, GDPR rights (access, rectification, erasure, portability, objection) apply.

Data sale and sharing

  • We do not sell personal information to third parties for marketing or cross-website tracking.
  • We do not use your information for behavioral advertising or audience profiling.
  • We share information only with service providers listed above, only to deliver your requested services.
  • We honor opt-out signals: Global Privacy Control (GPC) and similar privacy preference signals are automatically respected.

Account deletion

  • Request deletion: Email hello@xdev.com.au with "Account Deletion Request" in the subject.
  • What happens: Your account will be deactivated, and personal information will be deleted (except where we must retain for legal or tax purposes).
  • Backups: Server backups may retain deleted data for up to 30 days before permanent removal.
  • Confirmation: We will confirm deletion within 30 days.
  • Website ownership: Deleting your account does not affect your website ownership; you retain all rights to your domain and website.

Security and data protection

  • HTTPS encryption: All data in transit is encrypted using HTTPS with TLS 1.2 or higher.
  • Database security: Databases are secured with encryption at rest, firewalls, and access controls.
  • Access controls: Only authorized team members can access personal information, and access is logged.
  • Incident response: In the event of a data breach, we will notify affected individuals within 30 days and inform regulators as required by law.
  • Third-party security: All service providers are contractually required to maintain equivalent security measures.
  • Limitations: No security method is 100% secure; we cannot guarantee absolute protection against all threats.

Cookies and browser storage

  • Preference storage: We use browser local storage to remember your theme choice (light/dark mode) for convenience.
  • No tracking cookies: We do not use tracking cookies, advertising pixels, or third-party analytics that identify you.
  • Third-party services: If we integrate analytics (like Google Analytics) or chat services, we will display consent notices at the time of integration and update this policy.
  • Cookie controls: You can disable storage in your browser settings; this may affect website functionality.

Third-party links and services

  • External sites: Our website and services contain links to third-party sites (Google Maps, Fresha, Booksy, social media).
  • Not responsible: We are not responsible for the privacy practices of third-party services.
  • Your responsibility: Review third-party privacy policies before sharing information with them.
  • Your website: Your published website may include third-party embeds (Google Maps, Fresha booking, payment buttons), which operate under their own privacy policies.

Preview and demo content

  • Public business information: Demo websites may display your business name, address, phone, hours, photos, and reviews from public sources.
  • No approval assumed: Viewing a demo does not mean you approved or purchased anything; it is an example for your consideration.
  • Your content ownership: You own all content and can request changes or removal anytime.
  • Portfolio use: Unless you object, we may display completed website examples in our portfolio and case studies (client names can be anonymized).
  • Removal request: Email hello@xdev.com.au with the URL and "Demo Removal" in the subject to remove from our portfolio.

Children and minors

  • Not for children: Our services are intended for business owners and decision-makers, not children under 13.
  • No intentional collection: We do not knowingly collect personal information from anyone under 13.
  • Parental consent: If we discover a child under 13 has provided information, we will delete it and request parental consent.

International users

  • Global services: Although xDev is based in Australia, our services are accessed worldwide.
  • Data transfers: Your information may be transferred to the US, EU, or other countries for hosting and processing.
  • Protections: We use data processing agreements, Standard Contractual Clauses, and other protections to safeguard international transfers.
  • Your rights: You retain all privacy rights regardless of location; local laws (GDPR, CCPA, etc.) apply in addition to this policy.

Contact us and complaints

  • Privacy questions: Email hello@xdev.com.au with "Privacy Question" in the subject.
  • Privacy requests: Email hello@xdev.com.au with "Privacy Request" (access, correction, deletion, etc.) in the subject.
  • CCPA requests: Email hello@xdev.com.au with "CCPA Request" in the subject.
  • Response time: We aim to respond within 7 business days; complex requests may take up to 30 days.
  • Australian complaint: If unsatisfied, lodge a formal complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
  • Regulatory bodies: You can also escalate to your local privacy regulator, consumer protection agency, or financial regulator.

Changes to this policy

  • Updates: We may update this policy as laws change, our services evolve, or for security reasons.
  • Notice: Major changes will be announced; minor clarifications are made without notice.
  • Effective date: The date at the top of this page shows when it was last updated.
  • Ongoing validity: Your continued use of our services constitutes acceptance of the updated policy.