Privacy Policy

This Privacy Policy explains how Support Perth IT Pty Ltd (ABN: 16 696 780 597), operated by Aaron Waltman ("we", "us", or "our"), collects, uses, stores, discloses, and protects your personal information when you:

• Visit our website at supportperth.com.au
• Submit an enquiry through our contact form
• Book a consultation via our Calendly integration
• Engage our IT support services, including remote access sessions
• Interact with us by phone, email, or any other means

We are committed to complying with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Electronic Transactions Act 1999 (Cth), and the Spam Act 2003 (Cth).

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our website or services.

When you submit our contact form, we collect the following personal information that you voluntarily provide:

• Full name — to identify you and personalise communications
• Phone number — to contact you regarding your enquiry
• Email address — to send confirmation emails and respond to your request
• Message / enquiry details — the content of your "How can we help?" message describing your IT support needs
• Services selected — the IT service category or categories you have indicated interest in (e.g., PC/Laptop Repair, Network Setup, Cybersecurity, Cloud Solutions, Data Recovery, General IT Support)
• Electronic signature — your typed name entered as an electronic signature to confirm your identity and consent
• Consent status and timestamp — a record of whether you ticked the consent checkbox, together with the exact date and time (in ISO 8601 format) at which consent was given
• Terms version accepted — the version identifier of the Terms & Conditions you agreed to at the time of form submission

We do not collect sensitive information as defined by the Privacy Act 1988, such as health information, racial or ethnic origin, political opinions, religious beliefs, or sexual orientation.

You are responsible for ensuring that any information you provide is accurate and current.

When you visit our website, certain technical information is collected automatically by the services that host and protect our site. This may include:

• Cloudflare Web Analytics beacon — collects privacy-focused, cookie-free analytics data including page views, referrer URLs, browser type, device type, country-level location, and page load performance. Cloudflare Web Analytics does not track individual users or use cookies.
• Microsoft Clarity — we partner with Microsoft Clarity to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay. Clarity uses first-party and third-party cookies and other tracking technologies to collect data including page interactions (clicks, scrolls, mouse movements), device and browser information, and geographic location. This data helps us improve and market our products and services. Clarity automatically masks sensitive content and does not capture keystrokes in password fields. If your browser sends a Do Not Track (DNT) signal or Global Privacy Control (GPC) header, Clarity will not be loaded on your device.
• Google Analytics 4 (G-DWNB841N7C) — collects website usage data including page views, sessions, traffic sources, geographic location, device and browser information, and engagement metrics. GA4 shares the existing Google tag (gtag.js) with Google Ads and may set first-party cookies to distinguish unique users and sessions.
• Google Ads conversion pixel (AW-17900501163) — a tracking tag loaded via Google Tag Manager that records when a visitor who clicked a Google Ad subsequently completes a key action on our site (such as submitting the contact form). This may set cookies and collect data including your IP address, browser information, referring URL, and pages visited.
• Google Fonts — web fonts are loaded from Google's servers (fonts.googleapis.com and fonts.gstatic.com). When your browser requests these fonts, Google may receive your IP address, browser user-agent string, and the referring page URL.
• Cloudflare infrastructure metadata — as our site is hosted on Cloudflare Pages, Cloudflare processes your IP address, TLS connection details, HTTP headers, and request metadata as part of its CDN and security services.

We do not use this automatically collected information to personally identify you, except where required to investigate security incidents or comply with legal obligations.

We use the personal information we collect for the following purposes:

• Responding to enquiries — to contact you by phone or email regarding the IT support request you submitted
• Delivering IT services — to provide the technical support, remote access sessions, or other services you have requested
• Sending confirmation emails — to send you an automated confirmation email via SMTP2GO acknowledging receipt of your contact form submission
• Internal workflow notification — to send an internal notification to Support Perth via the Telegram Bot API so that we can promptly review and act on your enquiry
• Website experience improvement — to understand how visitors use and interact with our website through Microsoft Clarity's behavioural metrics, heatmaps, and session replay, so that we can improve our website design, content, and user experience
• Website analytics — to measure website traffic, user engagement, traffic sources, and geographic distribution via Google Analytics 4 to inform content and marketing decisions
• Google Ads conversion measurement — to measure the effectiveness of our advertising by tracking whether visitors who arrived via a Google Ad submitted the contact form
• Improving our services — to analyse aggregated, non-identifying analytics data (via Cloudflare Web Analytics) to improve website performance and user experience
• Legal compliance — to comply with applicable laws, regulations, and legal processes

We will not use your personal information for direct marketing unless you have separately and explicitly opted in. All communications from Support Perth are transactional or service-related in nature, consistent with the Spam Act 2003 (Cth).

We share limited personal information with the following third-party service providers, solely for the purposes described below. We do not sell your personal information to any third party.

Our website uses a minimal set of cookies and tracking technologies:

• Google Ads cookies — The Google Ads conversion tracking tag (AW-17900501163) may set first-party and third-party cookies (such as _gcl_au, _gac, and related identifiers) to measure ad conversions and attribute website visits to advertising campaigns. These cookies may persist for up to 90 days.
• Cloudflare security cookies — Cloudflare may set strictly necessary cookies (such as __cf_bm) to manage bot protection and security challenges. These are essential for website operation and cannot be disabled.
• Microsoft Clarity cookies — Clarity uses first-party cookies (such as _clck and _clsk) and third-party cookies to connect user activity across sessions, generate heatmaps, and enable session replay functionality. These cookies support behavioural analysis and site optimisation. If your browser sends a Do Not Track (DNT) signal or Global Privacy Control (GPC) header, Clarity will not be loaded and no cookies will be set.
• Google Analytics 4 cookies — GA4 may set first-party cookies (such as _ga and _ga_<ID>) to distinguish unique users and sessions. These cookies persist for up to 2 years.
• Cloudflare Web Analytics — does not use cookies. Analytics data is collected via a JavaScript beacon without setting any cookies.

Support Perth does not set any first-party cookies of its own beyond those described above. We use cookies for website analytics, behavioural analysis (heatmaps and session replay via Microsoft Clarity), and advertising conversion measurement (Google Ads) as described in this policy.

You can manage cookie preferences through your browser settings. Blocking all cookies may affect your ability to pass Cloudflare security challenges but will not prevent access to our website content. Most modern browsers also allow you to block third-party cookies specifically, which would prevent Google Ads cookies while preserving essential Cloudflare functionality.

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, consistent with Australian Privacy Principle 11.

The security measures we employ include:

• Encryption in transit — all data transmitted between your browser and our website is encrypted using HTTPS (TLS 1.2 or higher), enforced by Cloudflare
• Cloudflare Pages hosting — our website is hosted on Cloudflare's globally distributed infrastructure, which provides enterprise-grade DDoS protection, Web Application Firewall (WAF), and edge security
• Environment variable credential storage — API keys and credentials for third-party services (SMTP2GO, Telegram Bot API) are stored as encrypted environment variables within Cloudflare Pages, not in source code
• Access controls — administrative access to our hosting, email delivery, and notification systems is restricted to authorised personnel only

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information. You transmit data to us at your own risk and should access our website only via secure, trusted networks.

We retain your personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by law. Our retention practices include:

• Contact form submissions — retained for the duration of the client relationship plus a reasonable period afterwards (typically 24 months) to allow for follow-up enquiries and service continuity
• Consent records — consent status, timestamps, electronic signatures, and terms versions are retained for a minimum of 7 years to demonstrate compliance with the Privacy Act 1988, Electronic Transactions Act 1999, and Spam Act 2003
• Telegram notifications — notification messages remain within the Telegram platform subject to Telegram's own retention policies
• Email delivery records — SMTP2GO retains email delivery logs in accordance with their own data retention policy
• Microsoft Clarity data — Clarity retains session replay data and behavioural metrics for up to 30 days. Aggregated analytics and heatmap data may be retained longer. For full details, see Clarity Data Retention.
• Google Analytics 4 data — GA4 retains user-level and event-level data according to our configured retention period (default 2 months for user data, 14 months for event data). Aggregated reports are retained indefinitely.
• Cloudflare & Google Ads analytics data — Cloudflare Web Analytics retains aggregated analytics data for up to 6 months. Google Ads conversion data is retained according to Google's data retention settings.

When personal information is no longer required, we will take reasonable steps to delete or de-identify it, unless retention is required or authorised by law (for example, for tax, accounting, or legal compliance purposes).

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have the following rights in relation to your personal information:

• Right to access (APP 12) — you may request access to the personal information we hold about you. We will respond to your request within 30 days.
• Right to correction (APP 13) — if you believe the personal information we hold about you is inaccurate, incomplete, out-of-date, or misleading, you may request that we correct it.
• Right to request deletion — you may request that we delete your personal information where it is no longer needed for the purpose for which it was collected, subject to any legal obligation we have to retain it.
• Right to withdraw consent — where we process your personal information based on your consent, you may withdraw that consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
• Right to complain — if you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us directly. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, please contact us at support@supportperth.com.au. We will verify your identity before processing any request and respond within 30 days.

In accordance with the Electronic Transactions Act 1999 (Cth), our contact form implements an electronic consent mechanism that satisfies the requirements for valid electronic signatures and transactions under Australian law.

When you submit our contact form, the following consent records are captured:

• Consent checkbox — you must affirmatively tick a checkbox confirming that you have read and agree to our Terms & Conditions and this Privacy Policy before your form can be submitted
• Electronic signature — you are asked to type your full name as an electronic signature, which serves as your personal attestation of consent under the Electronic Transactions Act 1999
• Consent timestamp — the exact date and time at which you gave consent is recorded in ISO 8601 format and stored alongside your submission
• Terms version — the version of the Terms & Conditions in effect at the time of your submission is recorded to ensure a clear audit trail

These records are maintained as evidence that consent was freely given, specific, informed, and unambiguous, consistent with the requirements of the Privacy Act 1988 and the Electronic Transactions Act 1999.

Consent to the collection and use of your personal information is obtained at the point of form submission. You may withdraw your consent at any time by contacting us at support@supportperth.com.au.

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If we become aware that we have inadvertently collected personal information from a person under 18 without appropriate parental or guardian consent, we will take reasonable steps to delete that information as promptly as possible.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at support@supportperth.com.au so that we can take appropriate action.

When you engage Support Perth for remote IT support, we use Splashtop SOS to establish a temporary remote connection to your device. The following privacy safeguards apply to all remote access sessions:

• Explicit consent required — remote access is initiated only after you explicitly consent by downloading and running the Splashtop SOS application and providing the session code to our technician. You retain full control and may terminate the session at any time by closing the application.
• Session scope — the technician will access only the areas of your device reasonably necessary to diagnose and resolve the issue you have reported. The technician will not intentionally access personal files, financial records, saved passwords, browsing history, or other sensitive data beyond what is required for the support task.
• No persistent access — Splashtop SOS sessions are temporary and one-time. The technician does not retain ongoing access to your device after the session ends. No unattended access agent is installed.
• No data extraction — Support Perth does not copy, download, or store files from your device during a remote session unless you explicitly request a file transfer as part of the support task (e.g., backup recovery, data migration).
• Confidentiality — all information observed or encountered during a remote access session is treated as strictly confidential.

You are advised to close any sensitive applications, documents, or browser sessions before commencing a remote support session. For more information about Splashtop's security practices, visit splashtop.com/security.

Support Perth may update this Privacy Policy from time to time to reflect changes in our practices, services, technology, legal requirements, or regulatory guidance.

The current version will always be available at supportperth.com.au/privacy. The "Last Updated" date at the top of this page will be revised to indicate when the most recent changes were made.

We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy. For material changes that significantly affect how we handle your personal information, we will take reasonable steps to notify you (for example, by updating the date prominently on this page).

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us:

• Business Name: Support Perth IT Pty Ltd
• ABN: 16 696 780 597
• Founder: Aaron Waltman
• Email: support@supportperth.com.au
• Phone: 1300 769 337
• Location: Wembley, WA 6014 — serving all of metropolitan Perth

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au