Book a strategy call Book a call
Legal · Privacy

Privacy Policy

How Firewire Digital collects, uses, stores, and protects your personal information when you visit our website, contact us, attend our events, or engage us as a client.

Effective from
23 May 2026
Last updated
23 May 2026
Version
2.0

01About this policy

This Privacy Policy applies to Firewire Digital, a trading name of Valley View (NSW) Pty Ltd. It explains how we collect, use, store and protect personal information across our website, our client engagements, our newsletter, and the events we host or co-host.

Firewire is an Australian business and we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) published by the Office of the Australian Information Commissioner (OAIC). Where this policy and the APPs differ, the APPs prevail.

If you have a question about anything in this policy, contact us by emailing [email protected]. Full contact details are in section 15.

02What personal information we collect

The personal information we hold depends on the relationship you have with us. The categories below describe what we collect from each group of people we interact with.

From website visitors

  • IP address, approximate geographic region derived from IP, and the date and time of each visit.
  • Browser type, browser language, operating system, screen size and device type.
  • The pages you view on our site, the order you view them in, how long you stay, and the referring URL that brought you here.
  • Behavioural data collected by analytics tools (see section 8).

From people who contact us

  • Your name and email address.
  • Your phone number, if you choose to provide one.
  • Your company name and website, if you choose to provide them.
  • The monthly marketing budget band you select on the contact form.
  • The content of any message you send us, and anything else you voluntarily share in subsequent emails or calls.

From newsletter subscribers

  • The name and email address you provide when subscribing to AI On Fire.
  • Engagement data: whether you open our emails and which links you click.
  • The date you subscribed, the date you unsubscribe if you do, and your subscription preferences.

From event attendees

  • Your name, email and company, supplied when registering for an event we host or co-host (including Edge of Search).
  • Ticket type and order details.
  • Dietary requirements or accessibility needs, where the event collects them.

From clients during engagements

  • Billing and invoicing information: company billing details, ABN, and bank or payment platform details.
  • Access credentials and read-or-write permissions to marketing platforms (typically Google Ads, Google Analytics, Google Search Console, Meta Ads Manager and similar) granted by the client to allow us to perform the engaged services.
  • Business and strategy information shared during the course of work, including documents, plans, and recorded meetings where consent has been given.
  • Names, email addresses and roles of client-side staff we communicate with during an engagement.

From staff, contractors and applicants

  • Standard employment-related information: full name, contact details, tax file number, superannuation details, bank account for payment, employment history, references and qualifications.
  • For applicants, the content of any CV, cover letter, portfolio links or interview notes.

03How we collect personal information

We collect personal information through the following channels:

  • The contact form on our website, processed through our customer relationship management platform (see section 6).
  • Direct email correspondence and phone calls with our team.
  • The newsletter signup form for AI On Fire.
  • Event registration platforms: primarily Ticket Tailor for Edge of Search.
  • Analytics tools, principally Google Analytics, deployed on our website (see section 8).
  • Cookies and similar tracking technologies set in your browser when you visit our website (see section 8).
  • Information you voluntarily share with us during a client engagement, including granted access to marketing platforms.
  • Publicly available sources, when researching prospective clients or verifying information about an existing one: for example, ASIC company records, LinkedIn, and the prospect's own website.

We do not buy or otherwise acquire personal information from third-party data brokers.

04Why we collect personal information

We collect and use personal information for the following purposes:

  • To respond to enquiries and provide information about our services to people who contact us.
  • To deliver the services we are engaged to provide: running SEO, Google Ads, GEO and related search marketing work on behalf of clients.
  • To send the AI On Fire newsletter to subscribers who have opted in.
  • To operate and improve our website: analytics, performance monitoring, debugging and accessibility testing.
  • To send marketing communications about our services where the recipient has given appropriate consent and has the ability to opt out at any time.
  • To meet our legal and contractual obligations: including tax record-keeping, contractual reporting to clients, and complying with the APPs.
  • For internal research and business operations: for example, understanding which services attract the most enquiries, or measuring how our content performs.

If we collect personal information for a purpose that is not listed above, we will tell you what that purpose is at or before the time we collect it.

05How we use personal information

Personal information is used internally by Firewire team members and contractors who need access to it to perform their role. Access is granted on a need-to-know basis and reviewed periodically.

We also use the third-party platforms named in section 6 to process personal information. Those platforms operate under their own privacy policies, which we link to in that section.

Where you have subscribed to a marketing list or consented to marketing communications, we may send you emails about our services, blog posts, events and similar topics. You can unsubscribe at any time using the link in every marketing email, or by emailing [email protected].

We do not sell personal information to any third party. We do not trade or rent your information. The third parties named in section 6 are platforms we use to process information on our behalf; they are service providers, not recipients of data we have transferred for their own use.

06Third parties we share information with

Firewire uses third-party platforms to process personal information on our behalf. The table below lists the platforms that process personal information and what each is used for. Each platform operates under its own privacy policy, linked below.

ActiveCampaign
United States
Customer relationship management and email marketing. Stores contact form submissions, newsletter subscriber data, engagement and email automation records.
Google Analytics
United States
Website analytics. Stores anonymised behavioural data collected via cookies and JavaScript snippets on our site.
Google Workspace
United States
Email, calendar, document storage and team collaboration. Stores correspondence with clients, prospects and internal records.
Google Ads
United States
For any retargeting or paid advertising Firewire runs on its own behalf, Google Ads receives audience data derived from visits to our website.
Meta (Facebook / Instagram)
United States
For any retargeting or paid advertising Firewire runs on its own behalf, Meta receives audience data derived from visits to our website.
Cloudflare
United States
Content delivery network, DNS, DDoS protection and email security in front of our website. Receives request-level data including IP addresses.
Railway
United States
Hosting and infrastructure for the Firewire website and supporting services.
Notion
United States
Internal documentation, project management and client knowledge bases.
Slack
United States
Internal team communication and, with client agreement, shared client channels.
Ticket Tailor
United Kingdom
Event registration and ticketing for Edge of Search. Stores attendee name, email, company, ticket details and any dietary or accessibility information collected at registration.
Xero
New Zealand
Accounting, invoicing and financial record-keeping. Holds client billing information and payment records.
Stripe
United States
Payment processing for client invoices and event tickets.

Where we engage other professional services in the ordinary course of business (for example, lawyers, accountants, auditors or insurers) we may disclose information to those providers, who are independently bound by confidentiality obligations.

07Cross-border data flows

Several of the third-party platforms we use (listed in section 6) store data on servers outside Australia, primarily in the United States, with some data also processed in the United Kingdom and European Union.

Under Australian Privacy Principle 8, before personal information is transferred overseas we are required to take reasonable steps to ensure the overseas recipient does not breach the APPs in relation to that information. We rely on the contractual protections offered by each provider, the privacy policies they publish, and the privacy frameworks they operate under in their respective jurisdictions.

By providing personal information to Firewire (for example, by submitting the contact form, subscribing to a newsletter, or engaging us as a client) you consent to the processing of that information by the third parties named in section 6, including processing that occurs outside Australia.

08Cookies and tracking technologies

Our website uses cookies and similar technologies to operate, analyse usage and run advertising. The cookies we set are listed below.

Essential / session cookies
Necessary
Required for the site to function. Maintain the security of form submissions and remember basic preferences across pages of a single visit. These cannot be turned off in our cookie controls.
Google Analytics (_ga, _gid, _gat)
Analytics
Measure how visitors use the site so we can improve it. Persist for up to 2 years (_ga), 24 hours (_gid), or 1 minute (_gat).
Google Ads conversion tag
Marketing
Set only if you click through to our site from a Google Ad we have placed. Persists for up to 90 days. Used to measure the effectiveness of our paid advertising.
Meta Pixel
Marketing
Set when you visit our website to allow retargeting on Facebook and Instagram. Persists for up to 90 days. Can be opted out using your browser settings or Meta's ad preferences.

How to control cookies

Most browsers let you view, delete and block cookies. Visit aboutcookies.org for instructions for your specific browser.

To opt out of Google Analytics tracking specifically, install the Google Analytics Opt-out Browser Add-on. To control Meta advertising preferences, visit your Facebook ad settings.

09How we store and secure personal information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Our security measures include:

  • Storing data on reputable third-party platforms (see section 6) that maintain their own current security controls and certifications.
  • Encryption in transit: our website is served exclusively over HTTPS, and all platform integrations require TLS.
  • Access controls: staff and contractors are granted access only to the information they need to perform their role, with access reviewed when roles change.
  • Multi-factor authentication on every account that stores client data.
  • Periodic team training on privacy obligations, phishing and credential hygiene.
  • An incident response process for handling data breaches, designed to meet our obligations under the Notifiable Data Breaches scheme administered by the OAIC.

Despite reasonable precautions, no method of internet transmission or electronic storage is completely secure. If we become aware of a data breach that affects personal information we hold, we will investigate it, contain it, and, where required by the Notifiable Data Breaches scheme, notify the affected individuals and the OAIC.

10How long we keep personal information

Under APP 11.2, we are required to destroy or de-identify personal information when it is no longer needed for any purpose for which we are permitted to use or disclose it. Our approximate retention periods are below.

Website analytics data
Up to 26 months
In line with the default retention period set in Google Analytics for our property.
Enquiry / contact form data
2 years
Retained for follow-up, business records and to track repeat enquiries. Anonymised or deleted after this period if no engagement has resulted.
Newsletter subscriber data
Until unsubscribe + 12 months
Active subscribers remain on the list while subscribed. After unsubscribe we keep minimal data for 12 months for analytics and to honour suppression lists.
Client engagement records
7 years from end of engagement
Aligned with Australian taxation and business record-keeping requirements. Includes invoicing, scope documents and major deliverables.
Event registration data
24 months after the event
Retained for post-event communications, attendee analytics and future event invitations where consent permits.
Staff and contractor records
Per employment law requirements
Retained for the period required by Fair Work, taxation, superannuation and workers' compensation law, generally 7 years after the end of employment.
Job applicant records
12 months from application
Retained in case of subsequent suitable openings. Deleted on request at any time.

11Your rights

Under the Australian Privacy Principles, you have the following rights in relation to personal information we hold about you:

Access (APP 12)

You can ask us for a copy of the personal information we hold about you. We will respond within 30 days. There is no fee for a reasonable request; we may charge for unusually complex or repeated requests, with the cost agreed in advance.

Correction (APP 13)

You can ask us to correct personal information you believe is inaccurate, incomplete or out of date. We will make the correction or, if we do not agree the information is inaccurate, attach a statement to the record noting your view.

Deletion or anonymisation

You can ask us to delete or anonymise personal information we hold about you. We will comply unless we are required by law to retain the information (for example, tax records we are required to keep for seven years).

Opting out of marketing

You can opt out of marketing communications at any time using the unsubscribe link in any email we send, or by emailing [email protected]. Opting out of marketing does not affect emails about active engagements or services you are paying for.

Complaint

You can complain about how we have handled your personal information. See section 12 for the complaint process and the escalation pathway to the OAIC.

To exercise any of these rights, email [email protected]. We may need to verify your identity before responding to a request.

12How to make a complaint

Step 1: Contact Firewire directly

If you believe we have mishandled your personal information or breached the Australian Privacy Principles, please contact us first by emailing [email protected] or writing to us at the postal address in section 15.

We will acknowledge your complaint within 5 business days and investigate it. Our aim is to respond substantively within 30 days. Where an investigation requires longer, we will tell you why and give you an updated timeframe.

Step 2: Escalate to the OAIC

If you are not satisfied with our response, you can escalate the complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC is the independent national regulator for privacy in Australia.

OAIC website: oaic.gov.au
Phone: 1300 363 992
Online complaint form: oaic.gov.au/privacy/privacy-complaints
Postal address: GPO Box 5288, Sydney NSW 2001

13Children's information

Firewire's services are directed at Australian businesses, and our website is not intended for children under the age of 18. We do not knowingly collect personal information from minors.

If we become aware that we have collected personal information from a person under 18 without verifiable consent from a parent or guardian, we will delete it.

14Changes to this policy

We may update this policy from time to time to reflect changes in our practices, the platforms we use, or the law.

When we make a material change, we will update the Effective from date at the top of the page and, where the change materially affects active clients or subscribers, we will notify those people directly by email.

The version of this policy currently in force is shown at the top of the page. Earlier versions are kept on file and available on request.

15Contact us

For any question about this policy, to exercise a right under section 11, or to make a complaint under section 12, contact us using the details below.

Privacy email
[email protected]
Location
Firewire Digital
Newcastle NSW, Australia
Remote-first team, contact by email
Legal entity
Valley View (NSW) Pty Ltd
ABN 30 633 652 829
End of policy · Version 2.0 · Effective 23 May 2026