Book a Free Business Audit

Privacy Policy

Effective date: 28 August 2025

This Privacy Policy explains how Build My Idea (“we”, “us”, “our”) collects, uses, discloses, and protects personal information when you visit our websites, work with us on projects, or use our products and services, including AI agents, automation workflows, media & marketing, branding & design, training, and business strategy (together, the “Services”).

We are based in Western Australia and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we process data from other regions, we also aim to meet applicable laws such as the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA).

1. Who we are & how to contact us

Build My Idea
Website: https://buildmyidea.net
Email: info@buildmyidea.net
Phone: 0489 986 145

If you have questions about this Policy or our data practices, contact us at the details above. If you make a privacy complaint, we will respond within a reasonable timeframe (usually 30 days).

2. What this Policy covers (scope)

This Policy applies to personal information we collect in connection with our:

  • Websites, landing pages, forms, and chat/voice interfaces.
  • Client engagements for AI systems, automation, custom apps, branding, media production, marketing, training, and strategy.
  • CRM, sales, and customer support activities.
  • Events, webinars, surveys, and promotions.

It does not cover personal information processed purely on behalf of clients in their own environments where we act as a data processor/service provider under a separate contract (e.g., MS Power Platform, Firebase/Supabase projects, client-owned CRMs or websites). In those cases, the client’s privacy policy and instructions apply.

Related entities & trading names. This Policy also applies to our activities under our related brands and trading names (including any registered DBAs), affiliated businesses (available on our website), and any subsidiaries, unless a project‑specific agreement states otherwise.

3. The information we collect

We collect the following categories of information, depending on how you interact with us:

Identity & contact — name, job title, organisation, email, phone, postal address.

Account & project — login identifiers, role/permissions (where applicable), project briefs, requirements, creative assets, feedback, training records.

Communications — emails, call notes, messages, support chats, meeting recordings/transcripts (where lawful and notified), and survey responses.

Transactional — proposals, quotes, invoices, purchase orders, payment confirmations (we do not store full card numbers; we use secure payment providers).

Usage & technical — browser type, device, IP address, app logs, error reports, analytics, cookies (see Section 8), and interaction data with our websites, chatbots, or AI features.

Content & media — images, video, audio, scripts, brand files, and other materials you provide to deliver the Services.

Operational business data — where you engage our AI & automation Services, we may process business records (e.g., product catalogues, order data, CRM entries) strictly under contract and your instructions.

Sensitive information — Neither we nor our affiliate businesses intentionally seek or collect sensitive information (e.g., health, ethnicity) for primary business services. However, there are specific exceptions. If we require such data for a project, we will obtain your consent or rely on another lawful basis and implement appropriate safeguards. Separately, our affiliates may collect this type of information if it is necessary for social programs they operate.

4. How we collect your information

  • Directly from you: when you enquire, sign a contract, upload assets, join meetings, complete forms, or contact support.
  • Automatically: via cookies/analytics, logs, and telemetry from our sites or Services.
  • From third parties: your teammates, public sources (e.g., your company website), referral partners, social platforms, or service providers (e.g., single sign‑on, calendar, storage).

5. Why we use your information (purposes & legal bases)

We use personal information to:

  • Provide and improve Services: design, build, and support project management, sales projects, AI agents, automations, apps, websites, media, and branding; set up integrations; troubleshoot and enhance performance.
  • Operate our business: client onboarding, CRM, proposals, billing, accounting, and vendor management.
  • Security & compliance: detect/prevent fraud or abuse, maintain logs, meet audit and legal requirements.
  • Communications & support: respond to enquiries, provide updates, and manage client relationships.
  • Research & analytics: understand usage, measure outcomes, and improve user experience.
  • Marketing: send newsletters, event invites, and case studies where permitted. You can opt out at any time. We comply with the Spam Act 2003 (Cth) and other applicable anti‑spam laws.

We do not sell personal information.

6. AI, automation & data handling

  • Customer data stays yours. We process your business data strictly to deliver the Services and under your instructions.
  • No training of public models on your data without express written consent. We may fine‑tune or configure AI components within your environment (or ours) solely for your project.
  • Providers & models: We may use reputable AI providers (e.g., OpenAI, Anthropic, Google) and vector databases/orchestrators (e.g., Pinecone, Supabase, Firebase, n8n) as subprocessors. We review their data handling terms and configure privacy‑protective settings where available.
  • Redaction & minimisation: We encourage redacting or pseudonymising personal information in datasets used for AI features where feasible.
  • Human‑in‑the‑loop: We apply human review for quality assurance where appropriate.
  • Voice & transcription (where enabled): If you use voice features, we may capture audio and generate transcripts to deliver the Service. Transcripts are handled like other communications data.
  • No biometric templates: We do not create or store biometric identifiers (e.g., voiceprints) for identification or authentication purposes.

7. Sharing your information (disclosures)

We may share personal information with:

  • Vendors/sub‑processors assisting with hosting, storage, communications, payments, analytics, error monitoring, and AI/automation infrastructure (examples include: Google Cloud/Workspace/Firebase, Microsoft, OpenAI/Anthropic, Pinecone, Supabase, Vercel, n8n, Stripe, Meta/LinkedIn/X for advertising, email/SMS providers). We require appropriate contractual safeguards.
  • Professional advisers such as accountants, auditors, and lawyers under confidentiality.
  • Authorities when required by law or to protect rights, safety, or security.
  • Business transfers in connection with a merger, acquisition, or restructuring, subject to this Policy’s protections.

We do not permit vendors to use your personal information for their own marketing without your permission.

Subprocessor list. We maintain an up‑to‑date list of our key vendors/sub‑processors and can provide it on request.

Data Processing Addendum (DPA). When we act as a processor/service provider, we will sign a DPA on request incorporating appropriate safeguards (e.g., SCCs for international transfers).

8. Cookies, tracking & analytics

We use cookies and similar technologies to run our sites and Services, remember preferences, measure performance, and support security. You can control cookies via your browser settings and, where offered, our cookie banner.

Analytics and ads tools (e.g., Google Analytics, Meta Pixel, LinkedIn Insight Tag) may set cookies to provide aggregated insights. Where required, we will seek consent before enabling non‑essential cookies.

If enabled, we may use session‑replay/UX tools (e.g., Hotjar or FullStory) configured to avoid capturing sensitive fields. We may also use bot‑protection such as Google reCAPTCHA, which may collect device and usage data in accordance with their privacy policies.

9. International transfers

We may process and store information in Australia and other countries where our vendors operate. When transferring personal data from the EU/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and apply additional measures where necessary.

10. Data security

We implement reasonable administrative, technical, and physical safeguards to protect personal information—such as access controls, encryption in transit/at rest where supported, least‑privilege roles, MFA, log monitoring, and periodic reviews. No method of transmission or storage is 100% secure; if we detect a security incident, we will act promptly.

11. Data retention

We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected. The specific duration depends on the nature of the information and the purposes for which we need it. Our primary reasons for retaining data include:

  • Providing and managing our services: This includes keeping project assets (such as design files, media, and code) for the duration of a project and any subsequent agreed archival period.
  • Fulfilling legal and contractual obligations: We are required to keep certain information, such as financial records, proposals, and invoices, to comply with Australian laws (e.g., for tax and audit purposes).
  • Resolving disputes and enforcing agreements: We may need to retain information to resolve potential disputes or enforce our agreements.
  • Maintaining business operations: This includes retaining communications like support tickets and emails for a reasonable period to ensure service continuity and quality. Security and access logs are also kept to protect our systems.

When we no longer have a legitimate business or legal need to retain your personal information, we will take reasonable steps to securely delete or de-identify it.

You may request the deactivation of your account or the deletion of your personal information at any time, subject to our need to retain certain data to meet our legal or contractual obligations. To make a request, please contact us using the details provided in this policy.

12. Your privacy rights

Your rights depend on your location and applicable law. Subject to exceptions, you may request to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete information (erasure), or de‑identify it where deletion isn’t feasible.
  • Object to or restrict certain processing.
  • Opt out of marketing.
  • Data portability (receive a copy in a usable format, where applicable).

How to exercise your rights: Contact us using the details in Section 1. We may need to verify your identity. We will respond within the timeframe required by law (e.g., 30 days under the APPs/GDPR).

13. Children’s privacy

Our business services are not directed at individuals under the age of 18, and we do not knowingly collect personal information from children for our own purposes.

However, our affiliate businesses may operate social programs that require the collection of information about children. In all such cases, this information is provided directly by and collected only with the explicit consent of a parent or legal guardian, who must complete and sign the necessary forms on the child’s behalf. The information is used solely for the administration of the specific program.

14. Notifiable Data Breaches (Australia)

If a data breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme.

15. Third‑party links & social media

Our websites and communications may include links to third‑party sites or embedded content. Their privacy practices are governed by their own policies. Please review those policies before submitting personal information.

16. Changes to this Policy

We may update this Policy from time to time. The “Effective date” at the top shows when it was last revised. If changes are material, we will take reasonable steps to notify you (e.g., website notice or email to account holders).

17. Region‑specific disclosures

Australia (APPs): You may complain to us using the details in Section 1. If you are not satisfied with our response, you can contact the OAIC (oaic.gov.au) for guidance or to lodge a complaint.

EU/UK GDPR: Our legal bases include contract, legitimate interests, legal obligations, and consent (where applicable). You have the right to lodge a complaint with your local supervisory authority.

California (CCPA/CPRA): We do not “sell” personal information as defined by the CPRA. California residents may exercise rights to know, delete, correct, and limit the use of sensitive personal information. We will not discriminate against you for exercising any CCPA/CPRA rights.

18. Processor/Service‑Provider terms (when we act for you)

When we process personal information on your behalf (e.g., building an AI agent integrated with your systems), our role is that of processor/service provider. Our contract will include:

  • Processing only on your documented instructions.
  • Confidentiality and security obligations for our personnel and subprocessors.
  • Assistance with data subject requests, audits, and impact assessments where reasonable.
  • Breach notification and cooperation duties.
  • Subprocessor controls and international transfer safeguards.
  • Return or deletion of personal information at the end of the engagement.

19. Client credentials & social media access

When you grant us access tokens or credentials (e.g., to social platforms, ad accounts, website CMS, or third‑party tools), we use them only to perform the agreed Services. We store credentials in secure systems (e.g., encrypted secret stores/password managers), apply least‑privilege access, and restrict sharing to project personnel under confidentiality. We log access and request revocation on project completion or upon your instruction. You remain responsible for providing business‑only accounts where possible and rotating/revoking access.

20. Collaborators & Subcontractors

We operate as a collaborative of businesses and individuals. If we invite you or your business to join our collective as a collaborator or subcontractor, we may collect professional information to facilitate our working relationship. This can include contact details, business information, qualifications, portfolios, and references.

We use this information solely to manage our collaborative projects, assess suitability for specific tasks, and maintain our network of trusted partners. All collaborators and subcontractors are bound by strict confidentiality agreements and may only access personal information that is essential for their assigned project tasks.

If your engagement with our collective ends, we will retain your professional information for a reasonable period for administrative purposes. You may request the deletion of your information at any time after our collaboration has concluded by contacting us.

21. Quick summary (plain English)

  • We collect business contact details and project information so we can deliver our Services.
  • We use reputable cloud and AI providers; your data is not used to train public models without your consent.
  • You can opt out of marketing and request access, correction, or deletion of your information.
  • We disclose data to vendors who help us run our business; we don’t sell your data.
  • If we ever have a serious breach, we’ll notify you and the OAIC where required.