Who this applies to
This policy explains how DevXweb (based at 27 Holmead Road, Brisbane, QLD 4179) collects, uses, discloses and protects personal information about visitors to devxweb.com and clients we work with across Australia and New Zealand.
We comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth), the New Zealand Privacy Act 2020, and — where relevant — the EU General Data Protection Regulation (GDPR).
What we collect
When you visit devxweb.com, our analytics platform (Google Analytics 4) collects anonymised usage data — pages visited, approximate location, device type. We use this to make the site better. No personally identifying information unless you fill in a form.
Forms & contact
When you submit a form, we store your name, email, message, and any optional fields you fill in. We use this only to reply to you. We do not add you to any list without your explicit opt-in.
Cookies
We use first-party cookies for analytics and to remember your preferences (e.g., dismissed cookie banner). No third-party tracking cookies.
How long we keep it
- Form submissions: 2 years, then deleted
- Analytics data: 14 months, then aggregated
- Newsletter subscribers: until you unsubscribe
- Client project records: 7 years (as required by Australian tax and NZ commercial-records legislation), then deleted
Your rights
Under the Australian Privacy Principles (Privacy Act 1988 · Cth), the NZ Privacy Act 2020, and GDPR (if you're in the EU), you can ask us to:
- Tell you what personal information we hold about you
- Correct anything that's inaccurate, out-of-date or incomplete
- Delete it entirely (where legally permitted)
- Export it in a portable, machine-readable format
- Restrict or object to certain processing
Email info@devxweb.com — we'll respond within 30 days (APP 12) or 20 working days (NZ Privacy Act), whichever is sooner.
Data breaches
We take security seriously. If a data breach occurs that's likely to result in serious harm, we will notify:
- You directly, if your data is affected
- The Office of the Australian Information Commissioner (OAIC), under the Notifiable Data Breaches (NDB) scheme
- The Office of the New Zealand Privacy Commissioner, under the NZ Privacy Act 2020 breach-notification rules
Cross-border transfers
Some of our processors (listed below) are based outside Australia and New Zealand. Where personal information is transferred overseas, we take reasonable steps to ensure the recipient handles it consistent with APP 8 and the NZ Privacy Act's IPP 12.
Third parties
We use the following services that may process your data:
- Google Analytics 4 — anonymised traffic analytics (USA)
- Mailchimp — newsletter (USA)
- Cloudflare — CDN + security (USA · edge in AU/NZ)
- Stripe — payment processing if you pay us (USA · AU-registered entity)
All are GDPR-compliant and bound by their own privacy commitments to Australian and New Zealand law.
Making a complaint
If you're not satisfied with how we've handled your privacy, please raise it with us first at info@devxweb.com. If we can't resolve it, you can complain to:
- Australia: Office of the Australian Information Commissioner — oaic.gov.au
- New Zealand: Office of the Privacy Commissioner — privacy.org.nz
Changes
If we update this policy, we'll bump the "last updated" date at the top. Material changes will be flagged in a banner on the site.
Contact
Questions? Email info@devxweb.com or write to 27 Holmead Road, Brisbane, QLD 4179, Australia.
