Privacy Policy
Audit&Fix ("we", "us", "our") operates www.auditandfix.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
1.1 Information You Provide
When you purchase or use our Service, we collect:
- Email address – To deliver your CRO audit report and send transaction receipts
- Phone number (optional) – If you choose to provide it
- Website URL – The website you want us to analyse
- Payment information – Processed securely by PayPal (we do not store card details on our servers)
1.1a Free Website Scanner
When you use our free website scanner at /scan, we collect:
- Your website URL – to perform the analysis
- Your email address (if you choose to provide it to unlock your full factor breakdown) – to send you your score results and, with your permission, occasional information about improving your website's conversion rate. We will not send you unsolicited commercial messages; you can unsubscribe at any time by replying 'STOP' or emailing us.
1.2 Information Automatically Collected
We automatically collect limited technical information:
- First-visit discount – Tracked server-side using a temporary, privacy-safe fingerprint (a one-way hash of your IP address, never stored as-is). Automatically discarded after 20 minutes.
- Language preference cookie (
af_lang) – A session cookie that remembers your chosen language for the current browser session. Cleared when you close your browser. - Email tracking pixel (Resend.com) – To detect if you opened our delivery emails. You can opt out by disabling image loading in your email client.
- Server access logs – Standard web server logs (IP address, browser type, page requested) retained for 30 days for security purposes.
We use Google Analytics 4 and Meta Pixel (browser-side, activated only with your consent via our cookie banner) and Meta Conversions API (server-side) to understand site usage and measure advertising performance. See our Cookie Policy for details.
1.3 Social Media
If you contact us via social media (X/Twitter, LinkedIn), we may view your public profile information visible on those platforms.
2. How We Use Your Information
We use your information to:
- Deliver the Service – Generate and email your CRO audit report
- Process payments – Via PayPal (PCI-DSS compliant)
- Provide customer support – Respond to enquiries and resolve issues
- Send transactional emails – Order confirmations and delivery notifications. No marketing emails.
- Improve our service – Aggregated, anonymised data from free scanner usage may be used to improve our scoring methodology.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under:
- Contract performance – To fulfil our agreement to deliver your report (Art. 6(1)(b) GDPR)
- Legitimate interests – Server security logs, fraud prevention, and email open tracking pixels (Resend.com) for transactional emails. You can opt out by disabling automatic image loading in your email client. (Art. 6(1)(f) GDPR)
- Consent – Marketing communications from the free scanner email opt-in, and analytics/advertising cookies when you click Accept on our cookie banner (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
4. Data Retention
- Email and purchase records – 7 years (Australian tax compliance)
- Website analysis data – 90 days after report delivery, then permanently deleted
- Payment information – Stored by PayPal; see PayPal Privacy Policy
- Free scanner email and score data – Retained for 12 months from submission, or until you request deletion
- Server access logs – 30 days
5. Your Rights
Under the Australian Privacy Act 1988 and GDPR, you have the right to:
- Access – Request a copy of your personal data
- Rectification – Correct inaccurate information
- Erasure – Request deletion (exceptions: legal obligations, tax records)
- Restriction – Limit how we use your data
- Object – Opt out of email tracking or certain processing
- Portability – Request a copy of data you provided to us in a structured, machine-readable format (where processing is based on consent or contract)
- Withdraw consent – Stop receiving communications (except transactional emails)
Automated Decision-Making
Our free scanner uses automated analysis to generate website scores. These scores are informational only and do not affect your legal rights or access to services. You may request human review of any automated score by contacting us.
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights: the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise these rights, contact us at the email address listed below.
To exercise these rights, use our contact form (select "Privacy / data rights request"). We will respond within 30 days.
6. Data Security
We implement industry-standard security measures:
- Encryption – All data transmitted via HTTPS/TLS
- Secure payment processing – PayPal handles all payment data (PCI-DSS certified)
- Access controls – Limited access to personal data
No system is 100% secure. We cannot guarantee absolute security but will notify affected individuals and relevant authorities of any notifiable data breach within 72 hours of becoming aware of it, or as otherwise required by applicable law.
7. International Data Transfers
Our servers are located in Australia and USA. If you are in the EEA, UK, or Switzerland, your data may be transferred to and processed in these countries. For email delivery, we use Resend.com (US-based), whose Standard Contractual Clauses (incorporated into Resend's Data Processing Agreement) provide an appropriate safeguard for any EEA/UK transfers. For payment processing, PayPal maintains its own cross-border data transfer mechanisms. We are a small business with limited EU data processing activity; we assess each transfer against the requirements of GDPR Art. 44–49.
8. Third-Party Services
We use the following trusted third parties who may access your data:
| Service | Purpose | Privacy Policy |
|---|---|---|
| PayPal | Payment processing | paypal.com/privacy |
| Resend.com | Email delivery & tracking | resend.com/legal/privacy-policy |
| OpenRouter / AI providers | AI analysis (website URL only; no personal data) | openrouter.ai/privacy |
| Google Analytics 4 | Website usage analytics (activated with consent) | Google Privacy Policy |
| Meta Platforms (Facebook) | Advertising measurement and conversion tracking (hashed email, IP address, purchase events) | Meta Privacy Policy |
9. Children's Privacy
Our Service is not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with a new "Last Updated" date. For material changes affecting your rights, we will notify you via email if you have a recent purchase.
11. Contact & Complaints
Audit&Fix
Contact: Contact form
Suite 255, 1 Barratt Street, Hurstville NSW 2220, Australia
Australian Privacy Complaints: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au · 1300 363 992
EU/UK Complaints: You have the right to lodge a complaint with your local Data Protection Authority (DPA).
12. Compliance
This Privacy Policy is designed to comply with the Australian Privacy Act 1988 (Australian Privacy Principles), GDPR (EU Regulation 2016/679), UK GDPR and Data Protection Act 2018, and the CCPA (where applicable).