Privacy Policy
Cedar Cipher ("we", "I", "my") is a marketing consultancy operated by Jeremy Wilbur (ABN 33 712 932 559) based in Victoria, Australia. This privacy policy explains how I collect, use, store and protect your personal information when you visit cedarcipher.com or contact me through the website.
This policy is designed to meet the requirements of the Australian Privacy Act 1988 (including the Australian Privacy Principles), the EU General Data Protection Regulation (GDPR), and applicable US state privacy laws including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act, Connecticut Data Privacy Act, and Texas Data Privacy and Security Act.
1. Information I Collect
Information you provide directly
When you submit the contact form on this website, I collect the following personal information:
- Your name
- Your email address
- The content of your message
Information collected automatically
When you visit this website, I use Google Analytics 4 (GA4) to collect anonymised usage data, but only if you have given consent via the cookie banner. This may include:
- Pages visited and time spent on site
- Referring website or source
- General geographic region (country/city level, not precise location)
- Device type, browser and operating system
- Interactions such as button clicks and scroll depth
Google Analytics uses cookies to collect this data. No analytics data is collected until you provide consent. IP anonymisation is enabled by default in GA4.
2. How I Use Your Information
I use the personal information you provide for the following purposes:
- To respond to your enquiry — I will use your name and email to reply to your message and discuss how I might be able to help.
- Business development — With your consent, I may retain your contact details to follow up on potential opportunities or share relevant updates about Cedar Cipher's services.
- Marketing communications — If you opt in, I may occasionally send you information about services, insights or content I think may be useful. You can unsubscribe at any time.
- Website improvement — Anonymised analytics data helps me understand how visitors use the site so I can improve the experience.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, I process your data under the following legal bases:
- Consent — You provide consent when you submit the contact form with the consent checkbox selected, and when you accept analytics cookies via the cookie banner.
- Legitimate interest — I have a legitimate business interest in retaining enquiry details for business development purposes, balanced against your privacy rights.
You may withdraw your consent at any time by contacting me directly.
4. Data Storage and Security
Contact form submissions are processed and stored by Netlify, Inc. (based in the United States) as part of their form handling service. Netlify's infrastructure is hosted on secure, SOC 2-compliant cloud providers.
I may also transfer form submissions to my own records (such as email or a CRM tool) for the purposes described above. I take reasonable steps to protect your personal information from unauthorised access, loss or misuse.
5. Data Retention
I retain your personal information for up to three (3) years from the date of your last contact with me, unless an ongoing business relationship exists. After this period, your data will be securely deleted unless you have given separate consent for continued communications.
Anonymised analytics data does not identify you personally and is retained according to Google Analytics' standard data retention settings.
6. Data Sharing
I do not sell, rent or trade your personal information. Your data may be shared only with:
- Netlify, Inc. — for form submission processing and website hosting (US-based, Privacy Shield compliant)
- Google LLC — for anonymised website analytics via Google Analytics 4 (US-based)
I do not share your personal information with any other third parties unless required by law.
7. Your Rights
All visitors
Regardless of where you are located, you have the right to:
- Request access to the personal information I hold about you
- Request correction of inaccurate information
- Request deletion of your personal information
- Withdraw consent at any time
Australian residents
Under the Australian Privacy Act 1988, you have the right to access and correct your personal information. If you believe I have breached the Australian Privacy Principles, you may lodge a complaint with me directly or with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
EU/UK residents (GDPR)
Under the GDPR, you have additional rights including the right to data portability, the right to restrict processing, and the right to object to processing. You also have the right to lodge a complaint with your local data protection authority. For cross-border processing, the lead supervisory authority is the Office of the Australian Information Commissioner.
US residents
If you are a resident of California, Virginia, Colorado, Connecticut, Texas or another US state with consumer privacy legislation, you have the right to know what personal information I collect, request deletion, and opt out of any sale or sharing of personal data. Cedar Cipher does not sell your personal information. To exercise your rights, contact me using the details below.
8. Cookies
This website uses cookies in the following categories:
- Essential cookies — Required for the website to function (e.g., remembering your cookie consent preference). These do not require consent.
- Analytics cookies — Used by Google Analytics 4 to understand how visitors interact with the site. These are only set after you provide consent via the cookie banner.
You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site, or by using your browser's cookie management settings.
9. International Data Transfers
As Cedar Cipher serves clients globally and uses US-based service providers (Netlify, Google), your personal data may be transferred to and processed in the United States. These transfers are protected by the service providers' compliance with applicable data protection frameworks, including the EU-US Data Privacy Framework where applicable.
10. Children's Privacy
This website is not directed at individuals under the age of 18. I do not knowingly collect personal information from children. If I become aware that I have inadvertently collected data from a child, I will delete it promptly.
11. Changes to This Policy
I may update this privacy policy from time to time to reflect changes in my practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Material changes will be communicated via a notice on the website.
12. Contact
If you have any questions about this privacy policy, wish to exercise your privacy rights, or want to make a complaint, please contact me:
- Email: privacy@cedarcipher.com
- Website: cedarcipher.com