Skip to main content

Privacy Policy

Last updated: 18 March 2026

1. Who We Are

Websites Factory ("we", "us", "our") operates the website websitesfactory.com.au. We are based in Melbourne, Australia. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Contact information (name, email address, phone number)
  • Business information (business name, industry, website requirements)
  • Billing address (for invoicing and tax purposes)
  • Files you upload (logos, images, content for your website)
  • Messages exchanged through our platform
  • Payment information (processed securely by Stripe; we do not store card details)
  • Digital contract signatures (name, IP address, timestamp, user agent)

We automatically collect:

  • Analytics data via Google Analytics (GA4) — including pages visited, time on site, device type, browser, approximate location, and referral source. IP addresses are anonymised by default.
  • Basic performance analytics via Vercel Analytics (page load metrics, no personal identifiers)
  • Authentication session data (JWT tokens for account access)

3. How We Use Your Information

  • To provide our website creation services
  • To process payments and send receipts
  • To communicate with you about your order (email notifications, AI chat)
  • To generate and deliver your website
  • To create and store digital contracts
  • To improve our services and website
  • To comply with legal obligations

4. AI Processing

We use AI (powered by third-party language models) to assist in requirements gathering and website generation. Your messages and business information are processed by AI to understand your website requirements. AI conversations are stored as part of your order record.

5. Third-Party Services

We share your information with trusted third-party service providers, solely to deliver our services. These providers handle:

  • Payment processing (Stripe)
  • Database and authentication hosting (Supabase)
  • Transactional email delivery (Resend)
  • File storage (Google Drive)
  • Website analytics (Google Analytics)
  • Website hosting and performance analytics (Vercel)
  • AI-assisted chat and website generation (Anthropic)

We carefully select providers that maintain appropriate security standards. Service providers may change over time as we improve our platform.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including encrypted connections (HTTPS/TLS), Row Level Security on our database, secure authentication, and access controls. Payment card data is handled entirely by Stripe and never touches our servers.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Order records and contracts are retained for a minimum of 7 years for legal and accounting purposes. You may request deletion of your account and personal data at any time by contacting us.

8. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Opt out of marketing communications
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

9. Cookies

We use two types of cookies:

  • Essential cookies: Authentication session cookies required for the platform to function (login, dashboard access).
  • Analytics cookies: Google Analytics cookies (_ga, _ga_*) to understand how visitors use our website. These help us improve our services. IP addresses are anonymised.

We do not use advertising cookies or sell data to third parties.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: [email protected]