Privacy policy

This privacy policy explains how Base66 trading as Base66 ("we", "us", "our"), handles personal information collected through base66.net and related engagements. We are based in Melbourne, Victoria, Australia.

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also recognise the EU General Data Protection Regulation (GDPR) for European Economic Area visitors and the People's Republic of China Personal Information Protection Law (PIPL) for users in mainland China.

What we collect

• Contact submissions. The fields you submit through our contact form: name, work email, company (optional), and message body.
• Server and security logs. IP address, user agent, request path, and timestamp, retained for security, abuse prevention, and reliability.
• Aggregate analytics. When enabled, we use a privacy-respecting analytics provider (Plausible Analytics) that does not set cookies and does not collect personal information. No cross-site profile is built.
• Anti-spam signals. Cloudflare Turnstile may be used to verify form submissions; it processes limited browser signals and does not track users across the web.

We do not use third-party advertising trackers, behavioural advertising cookies, or session-replay tooling on this website.

How we use your information

• To respond to your enquiry and follow up with proposals.
• To deliver and operate the engagements we agree with you.
• To meet legal, accounting, tax, and audit obligations in Australia and any jurisdiction we engage from.
• To detect, prevent, and respond to abuse, fraud, and security incidents on our infrastructure.

We do not sell your personal information. We do not use it for automated decision-making with legal effects.

Service providers and cross-border transfers

To deliver this site we rely on a small number of carefully chosen providers. These may process data outside Australia:

• Resend — transactional email delivery for contact form submissions (United States / EU).
• Cloudflare — Turnstile anti-spam (global edge).
• Plausible Analytics — cookieless aggregate analytics (European Union).
• AWS — hosting, storage, and operational tooling (region selected per engagement).

For users in the EEA / UK, we rely on the Standard Contractual Clauses or equivalent transfer mechanisms with these providers. For users in mainland China, contact submissions are transferred outside China for the purpose of responding to your enquiry; by submitting the form you consent to that transfer (PIPL Article 39).

Retention

Contact submissions are retained for as long as is reasonably necessary to respond to and follow up on your enquiry, and to meet our legal record-keeping obligations. Server logs are retained for a rolling window of up to 90 days unless required for an active investigation.

Your rights

You may ask us to access, correct, or delete personal information we hold about you, subject to applicable law. EEA / UK users have rights under the GDPR including objection, restriction, and portability. Mainland China users have rights under the PIPL including access, correction, deletion, and withdrawal of consent.

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are unhappy with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Security

We protect personal information using industry-aligned controls: least-privilege access, encryption in transit and at rest where practical, secret management, audit logging, and routine review of third parties. No system is perfectly secure; we will notify affected individuals of any eligible data breach in line with the Notifiable Data Breaches scheme.

Changes

We may update this policy from time to time. The "last updated" date above reflects the most recent revision. Material changes will be highlighted on this page.

Contact

Privacy enquiries: [email protected].

See also our terms of use.