Legalese
DefendableReputation (ABN: 11 707 848 965) operates the website defendablereputation.com. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights.
Effective date: 10 March 2026
Last updated: 14 March 2026
This policy covers all interactions with defendablereputation.com.
We collect as little data as possible and are transparent about every piece we do collect. This policy complies with the Australian Privacy Act 1988 and the General Data Protection Regulation (GDPR) for international visitors.
Data We Collect
Information You Provide
- Name and phone number (intake form — required for case communication)
- Email address (contact form, newsletter signup, Phase 2 case correspondence)
- Business name and Google Business Profile URL (intake form)
- Review URLs submitted for assessment
- Proof documents (extortion screenshots, scam service evidence, CRM screenshots) — by submitting these documents, you consent to our collection and use of this information solely for the purpose of assessing and processing your review removal case
- Payment information (processed by third-party payment processor — we do not store card details)
Information Collected Automatically
Our hosting provider’s server logs automatically record:
- IP address
- Browser type and version
- Pages visited
- Referring URL
- Device type
We do not access, retrieve, or store this data. It is collected and retained by Rocket.net (our hosting provider) for up to 30 days as part of standard server infrastructure, after which it is purged from their systems. We have no analytics tools and do not process server log data for any purpose.
Data We Do NOT Collect
- Social media passwords or login credentials
- Google account credentials
- Personal identification documents (unless voluntarily provided as proof)
- Location data beyond IP-derived country
- Biometric data
How We Use Your Data
- To assess whether your review qualifies for removal
- To perform the review removal service you’ve requested
- To communicate with you about your case status
- To send newsletter content you’ve opted into (and only that)
- To process payments through our third-party payment processor
- To comply with legal obligations under Australian law
- To establish, exercise, or defend legal claims if a dispute arises
- To disclose to law enforcement or regulatory authorities where required by law
What We Do NOT Do With Your Data
- We do NOT sell your data to third parties
- We do NOT use your data for targeted advertising
- We do NOT send marketing communications to anyone who has not explicitly opted in to receive them
- We do NOT share your proof documents with anyone other than our verified Google partners as required for the removal process
- We do NOT retain proof documents after case completion (deleted within 30 days of case closure)
Data Retention
We retain personal data only for as long as necessary to fulfil the purpose it was collected for, or as required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Case data (name, phone, review URLs, business name) | Duration of case + 2 years | Service delivery, dispute resolution, legal compliance |
| Proof documents (screenshots, evidence files) | Deleted within 30 days of case closure | Minimise sensitive data holding |
| Email address (newsletter subscribers) | Until you unsubscribe | Consent-based; you can withdraw at any time |
| Email address (case clients) | Duration of case + 2 years | Case communication and follow-up |
| Payment records | 7 years from transaction date | Australian tax and accounting law (Tax Administration Act) |
After the applicable retention period, data is permanently deleted from our systems and from any third-party platforms we have directed to hold it (Kit, HubSpot).
Third Parties
We name every third party that receives your data. No vague “trusted partners.”
| Third Party | Country | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|---|
| Stripe | United States & Ireland | Process payments for review removal service | Payment details only — processed directly, we do not store card details | stripe.com/privacy |
| Kit | United States | Send newsletter and case status emails | Email address, first name | kit.com/privacy |
| Verified Google Partners | Australia | Process review removal requests | Review URLs, business name, relevant proof documents | policies.google.com/privacy |
| Rocket.net | United States | Host the website | Server logs (IP address, browser type, pages visited) | rocket.net/privacy-policy |
| HubSpot | United States | CRM — case management and pipeline tracking | Name, phone, review URLs, case notes | legal.hubspot.com/privacy-policy |
| Twilio | United States | Deliver SMS and WhatsApp case communications | Phone number, first name | twilio.com/en-us/legal/privacy |
| Google Fonts | United States | Serve typography (Playfair Display, Lora) | Visitor IP address transferred to Google’s servers on each page load — no cookie set | policies.google.com/privacy |
Partners are bound by confidentiality. Proof documents shared only as necessary for removal.
Cookies & Tracking
This site sets zero cookies on your device. No session cookies, no analytics cookies, no advertising cookies, no third-party cookies.
We use no tracking pixels, no browser fingerprinting, no analytics tools, and no third-party scripts that collect visitor data.
We do not identify, track, or profile visitors. Server logs are retained by our hosting provider for infrastructure and security purposes only.
We load fonts (Playfair Display and Lora) via Google Fonts, which transfers your IP address to Google’s servers on each page load. No cookie is set by this service. See our Third Parties table above for details.
For full details on our zero-cookie approach, see our Cookies page.
Your Rights
| Right | Description | Applies To |
|---|---|---|
| Access | Request a copy of all personal data we hold about you. We will respond within 7 business days and provide access free of charge. In limited circumstances we may decline access — for example, where providing access would unreasonably impact the privacy of another individual, would prejudice legal proceedings, or where we are required or authorised by law to refuse. If we refuse, we will give you written notice explaining the reason and your options for complaint. | All users |
| Correction | Request correction of inaccurate or out-of-date personal data. If we correct your information, we will take reasonable steps to notify any third parties to whom we have disclosed it. If we decline to correct your information, we will give you written notice of our reasons and information about how to complain. | All users |
| Deletion | Request deletion of your personal data (subject to legal retention requirements) | All users |
| Data Portability | Request your data in a machine-readable format | GDPR — EU/UK users |
| Restrict Processing | Request we limit how we use your data | GDPR — EU/UK users |
| Object to Processing | Object to processing of your data for specific purposes | GDPR — EU/UK users |
| Withdraw Consent | Withdraw consent for newsletter or marketing at any time (unsubscribe link in every email) | All users |
| Complaint | Lodge a complaint with the relevant regulator if unsatisfied with our response | All users |
Regulators:
- Office of the Australian Information Commissioner (OAIC) — Australia
- Information Commissioner’s Office (ICO) — United Kingdom
- For all other jurisdictions, contact your local data protection authority
We will respond to all data rights requests within 7 business days.
Data Security
- SSL/TLS encryption for all data in transit
- Encrypted storage for proof documents and case files
- Access controls — only Defendable Reputation personnel and authorised business partners access case data, on a need-to-know basis
- Proof documents deleted within 30 days of case closure
- Personal information that is no longer needed and has reached the end of its retention period is permanently deleted or de-identified from our systems and any third-party platforms we have directed to hold it
- Payment data processed by PCI-compliant third-party processor
No system is 100% secure. We take reasonable measures to protect your data, but cannot guarantee absolute security.
International Data Transfers
DefendableReputation is operated from Sydney, Australia. By using our service, your personal data may be transferred to and processed in the following countries through our third-party service providers:
- United States — Stripe (payments), Kit (email), Rocket.net (hosting), HubSpot (CRM), Twilio (SMS/WhatsApp)
- Ireland — Stripe (European operations)
Our obligations under APP 8
Under Australian Privacy Principle 8, before disclosing personal information to an overseas recipient, we must take reasonable steps to ensure that recipient does not breach the Australian Privacy Principles in relation to your information. We meet this obligation by:
- Entering into Data Processing Agreements (DPAs) or equivalent contractual arrangements with each overseas provider that require them to handle your personal information in a manner consistent with the Australian Privacy Principles
- Selecting providers that operate under recognised privacy frameworks (GDPR, US-EU Data Privacy Framework, or equivalent)
- Reviewing provider privacy policies and terms before engaging them
Important: our accountability for overseas recipients
Under section 16C of the Privacy Act, if an overseas recipient handles your personal information in a way that would breach the Australian Privacy Principles, that act is taken to have been committed by us. We remain accountable for the conduct of our overseas service providers in relation to your personal information.
Foreign law disclosure
Overseas recipients may be subject to foreign laws — including US national security and surveillance laws — that could require or authorise the disclosure of your personal information to government authorities in those countries. These foreign laws may operate in ways that do not align with Australian privacy protections, and in such circumstances you may have limited ability to seek redress. If this is a concern, please contact us before submitting personal information.
For EU/UK visitors: data transfers outside the EEA are subject to appropriate safeguards as required by GDPR (Standard Contractual Clauses or equivalent).
Data Breach Notification
We take the security of your personal information seriously. In the event of a data breach that is likely to result in serious harm to you, we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme (Part IIIC, Privacy Act 1988).
Applicability note: The NDB scheme formally applies to organisations with annual turnover above $3 million, or those that handle certain categories of sensitive information. As a small business that handles sensitive personal information — including proof documents relating to extortion, harassment, and business disputes — we treat ourselves as bound by the NDB scheme and commit to its obligations regardless of our current turnover.
What this means in practice:
- If we become aware of a suspected eligible data breach, we will conduct an assessment within 30 calendar days to determine whether notification is required.
- If notification is required, we will notify both you (the affected individual) and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
- Our notification will include: a description of the breach, the types of information involved, and recommended steps you can take to reduce your risk.
To report a suspected privacy breach or data security concern, contact us at support@defendablereputation.com.
For more information about the NDB scheme, visit oaic.gov.au.
Anonymity and Pseudonymity
Where it is lawful and practicable, you have the option of interacting with us anonymously or using a pseudonym. In practice:
- General enquiries (email to support@defendablereputation.com) can be made without providing your real name
- Review removal service — we cannot perform the core service anonymously. To assess and process a review removal case, we need your name, phone number, business details, and review URLs. Without this information, we cannot act on your behalf
If you have concerns about providing your real name, please contact us before submitting a case and we will discuss what options are available.
Unsolicited Personal Information
Occasionally we receive personal information that we did not request — for example, if a client emails additional documents beyond what was asked for, or includes third-party personal details we do not need.
If we receive unsolicited personal information that we could not have lawfully collected under APP 3, we will assess whether it is reasonably necessary for our functions. If it is not, we will destroy or permanently de-identify that information as soon as practicable, provided it is lawful to do so.
Data Accuracy
We take reasonable steps to ensure the personal information we hold about you is accurate, up to date, complete, and relevant to the purpose for which we use it.
If your details change during a case — for example, a new phone number or email address — please notify us at support@defendablereputation.com so we can update our records. You can also request correction of any inaccurate information at any time (see Your Rights above).
Minimum Age
Our services are intended for business owners and are not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has submitted information to us, please contact us at support@defendablereputation.com and we will delete it promptly.
Changes to This Policy
- Material changes communicated via email to newsletter subscribers at least 14 days before taking effect
- Policy updated date displayed prominently at top of page
- Previous versions available on request by emailing support@defendablereputation.com
- Continued use of the site after material changes does not constitute acceptance — we will seek fresh acknowledgement for any changes that materially affect how we handle your personal information
Collection Notice (APP 5)
At the time we collect your personal information — including via the review submission tool on /get-help/ — we are required under Australian Privacy Principle 5 to notify you of the following:
- Who we are: DefendableReputation (ABN: 11 707 848 965), Sydney, Australia
- Why we collect it: To assess your review removal case, deliver the service, and communicate with you about your case
- Who we share it with: Our third-party service providers (listed in this policy) and verified Google partners as necessary for the removal process
- Overseas disclosure: Your information may be transferred to recipients in the United States and Ireland — see International Data Transfers above
- Access and correction: You have the right to access and correct the personal information we hold about you — see Your Rights above
- Complaints: If you believe we have mishandled your personal information, you have the right to complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
- How to contact us: support@defendablereputation.com
This notice is incorporated into and forms part of this Privacy Policy.
Contact for Privacy Enquiries
Email: support@defendablereputation.com
Response time: Within 7 business days
Regulators:
