Privacy Policy.

AppBox Automation Agency Pty Ltd (ABN 46 633 091 997) operates the AppBox website at appbox.agency. Our office is in Melbourne, Australia. For privacy enquiries, contact us at hello@appbox.agency.

We only collect personal information you provide voluntarily, plus a small amount of technical information automatically.

Information you give us when you fill out our contact form, book a call, or email us: name, email address, company name, role, project description, and any details you choose to share about your business.

Information we collect automatically via our hosting provider and analytics tooling: IP address, browser type, device type, pages visited, referral source, approximate location (city-level), and timestamps.

We do not knowingly collect personal information about anyone under the age of 16.

We use your personal information to:

• respond to your enquiry and deliver services you’ve engaged us for;
• schedule and conduct discovery and discussion calls;
• send you materials, proposals, and project communication;
• improve our website and services using anonymised analytics;
• comply with our legal and accounting obligations.

We do not sell your personal information. We do not use it for advertising profiling.

Your information is stored on infrastructure operated by reputable third-party providers (see Third parties). Data is encrypted in transit (TLS) and at rest where the provider supports it. Access within AppBox is limited to staff who need it to do their work.

We have no control over the underlying infrastructure of these providers, but we choose providers who maintain SOC 2, ISO 27001, or equivalent security certifications.

We use the following providers to operate the website and respond to enquiries. Each provider has its own privacy policy.

• Vercel (US/EU) — website hosting and edge analytics.
• Make.com (EU) — receives form submissions and routes them.
• SendGrid (US, Twilio Inc.) — sends transactional emails (e.g. your contact-form confirmation).
• Cal.com (US/EU) — booking calendar embedded on our contact page.
• Cloudflare (US/EU) — DNS & security layer for the appbox.agency domain.

We share with these providers only what is needed for them to perform their function. We do not sell or rent your information to anyone.

We use a minimal set of cookies. Specifically:

• Essential cookies set by Vercel and Cloudflare to deliver the website reliably.
• Analytics cookies for aggregate, anonymised usage data (no individual profiling).
• Cal.com cookies when you interact with the booking widget on our contact page.

You can clear cookies from your browser settings at any time. Doing so won’t affect your ability to use the website.

Some of our providers are based outside Australia (primarily in the EU and the United States). Where data is transferred internationally, we choose providers who operate under recognised legal frameworks for cross-border data transfer (Standard Contractual Clauses, EU-US Data Privacy Framework, etc.).

You have the right to:

• request a copy of the personal information we hold about you;
• ask us to correct or update inaccurate information;
• ask us to delete your personal information (subject to legal retention obligations);
• withdraw any consent you’ve previously given;
• complain to us about our handling of your information — and, if unresolved, to the Office of the Australian Information Commissioner (oaic.gov.au).

To exercise any of these rights, email hello@appbox.agency. We’ll respond within a reasonable period (always within 30 days).

We retain personal information only as long as necessary for the purposes set out above, or as required by law. The retention period depends on the type of information:

• Enquiries that don’t become engagements: retained up to 24 months, then deleted — unless you ask us to delete sooner.
• Customer-instance data (data inside an active subscription): retained for the lifetime of the subscription. On termination, we provide a one-time data export on written request, then delete the customer instance within 90 days of subscription end.
• Account & billing records (invoices, signed agreements, payment data): retained for 7 years from the end of the relationship to comply with Australian tax and record-keeping obligations.
• Email correspondence: retained while operationally relevant, generally up to 7 years for engagement-related threads.
• Anonymised analytics: retained indefinitely in aggregate form (no personal information attached).

You can request earlier deletion at any time. We’ll honour the request unless we’re legally required to retain the information — in which case we’ll tell you what’s being kept and why.

If we become aware of a data breach that’s likely to result in serious harm, we’ll notify you and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme. We maintain logs and access controls specifically so we can respond quickly.

We may update this policy occasionally — to reflect new tools, providers, or legal requirements. The “last updated” date at the top will always show when the most recent change was made. Material changes will be communicated to active clients directly.

For any privacy question or request, email hello@appbox.agency with the subject line “Privacy” and we’ll route it to the right person.

AppBox Automation Agency Pty Ltd
ABN 46 633 091 997
Ivanhoe East, Melbourne, Victoria, Australia