Privacy Policy

Effective date: 13 October 2025

Nexion Software Consulting Pty Ltd (ABN 33 762 706 066) (“Nexion”, “we”, “us”, “our”)

matt@nexionconsulting.com.au | 0412 345 678 | Sydney, NSW 2165

Introduction

We are a Sydney-based software consultancy that builds low-code automation for 20–80-person companies. This policy explains how we collect, use, store and protect your personal information when you visit our website, enquire about our services, or engage us to build software.

What is “personal information”?

Any information or opinion that identifies you (or could reasonably identify you), whether true or not. Examples: name, email, phone, ABN, job title, IP address, screenshots of your current spreadsheets, or any data you share during discovery calls.

Information we collect

Directly from you

Contact form, email, phone, Calendly, Zoom, WhatsApp, signed proposal, support ticket.
Optional: files you upload (e.g., sample quote templates, CRM exports).

Automatically

Google Analytics: pages visited, device, browser, city-level location.
Hosting logs: IP, timestamp, pages requested.
Email pixels: open / click tracking (you can disable images to block).

We do NOT collect or store credit-card numbers; payments are processed by Stripe or direct bank transfer.

Why we collect it

Respond to enquiries and prepare fixed-price proposals.
Build, test and deliver automation scoped to your processes.
Invoice and collect payment.
Send project updates, security alerts or similar service emails (max 2 per month unless urgent).
Meet tax, insurance and legal obligations.
Legal bases (for EU/UK visitors)
Contract performance, legitimate interests (running a small consultancy), legal compliance.

How we use cookies

Essential: Website session cookie.
Analytics: Google Analytics (_ga, _gid) – 24-month retention.
Marketing: none.
You can refuse non-essential cookies through the banner.

Sharing your data

We only share what is necessary and never sell data.
Sub-processors: Google Workspace, Xero, Stripe, Calendly, Zoom, JotForm, Notion, Make.com, Zapier, Pipedrive. All are GDPR-/APP-compliant.
Contractors: local developers under strict NDAs.
Legal: if required by an Australian court or regulator.

Overseas transfers

Some sub-processors store data in the US (Google, Stripe). We rely on EU Standard Contractual Clauses or equivalent safeguards.

Security

All data in transit via TLS 1.3; at-rest encrypted with AES-256.
Laptops encrypted with BitLocker / FileVault; SSO + 2FA on all cloud accounts.
Annual penetration test; backups daily to immutable storage.
Access on a “need-to-know” basis; last-privilege review 30 June each year.

Data retention

Prospects who never engage: delete after 12 months.
Clients: retain for 7 years after final invoice (ATO requirement), then securely destroyed.
Analytics: 24 months.
You may request earlier deletion (see “Your rights” below).

Your rights

Australian Privacy Principles (APPs) and GDPR grant you rights to:
Access: receive a copy of the data we hold.
Correction: fix inaccurate or incomplete data.
Deletion: ask us to erase data (unless legal retention applies).
Restriction / objection: limit certain processing.
Portability: export data in machine-readable form.
Complaint: lodge with OAIC (AU) or your local supervisory authority (EU/UK).

Requests are free and handled within 30 days. ID verification required.

How to exercise your rights

Email matt@nexionconsulting.com.au with the subject “Privacy Request”. For access we will send a .zip within 10 business days.

Third-party links

Our site may link to Xero, Stripe or partner sites. Their privacy policies apply once you leave our domain.

Children

Our services are for businesses; we do not knowingly collect data from anyone under 16.

Changes to this policy

We will post updates here and, if material, email active clients. “Effective date” at the top will change.

Contact us

Privacy Officer: Matthew Benoka
Email: matt@nexionconsulting.com.au
Phone: 0402 167 447
Mail: 60B Lombard St, Fairfield West, Sydney NSW 2165

If you are unsatisfied with our response you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.