Privacy policy

weauto (“we”, “us”) is operated by Johnny Do, sole trader, ABN 42 459 779 676. We build and host websites for Australian small businesses. This policy explains what personal information we collect, how we use it, and the choices you have. We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth).

What we collect

• Intake information — business name, suburb, services, hours, photos and any details you submit through forms on weauto.org.
• Account information — name, business name, email, phone (when you contact us or sign up).
• Payment information — handled by Stripe. We never see or store full card numbers.
• Site usage data — basic analytics (page views, referrers) to improve the service.
• Email correspondence — anything you send us at hello@weauto.org.

How we use it

• To build, deliver, and maintain the website you ordered.
• To send transactional emails (intake confirmation, preview link, invoices, change requests).
• To respond to support requests.
• To improve the weauto service.

We do not sell your personal information. We do not use your data for unrelated marketing.

Third parties we share data with

• Stripe — payment processing. Stripe's privacy policy: stripe.com/au/privacy
• Brevo (Sendinblue) — transactional email delivery. brevo.com/legal/privacypolicy
• Vercel — site hosting and edge infrastructure. vercel.com/legal/privacy-policy
• Domain registrar — when we register a .com.au or .au domain on your behalf. Registrar disclosed at the time of registration.

These providers are bound by their own privacy obligations. We do not transfer your information to other parties without your consent, except where required by law.

Where data is stored

Site content and intake data are stored on Vercel infrastructure (typically Sydney or Singapore region). Email is processed via Brevo (EU). Payments are processed via Stripe (Australia). Some routine processing may occur outside Australia in the course of using these services.

How long we keep it

• Live website content — for as long as your site is hosted with us.
• Intake data and correspondence — up to 7 years (Australian tax record requirement).
• Payment records — as required by Stripe and Australian law.
• If you cancel and ask us to delete your data, we'll delete everything except records we're legally required to retain.

Your rights

You can ask us to:

• Access the personal information we hold about you.
• Correct anything that's wrong.
• Delete your information (subject to legal retention obligations).
• Stop using your information for any purpose other than delivering the service you bought.

Email hello@weauto.org with the subject “Privacy request” and we'll action it within 30 days.

Marketing email and the Spam Act 2003 (Cth)

Any commercial electronic message we send identifies us as the sender (Johnny Do, ABN 42 459 779 676, hello@weauto.org) and includes a working unsubscribe option in the message itself. You can opt out at any time by replying with “unsubscribe” in the subject line, clicking the unsubscribe link, or emailing hello@weauto.org. We action unsubscribe requests within 5 business days, as required by the Spam Act 2003 (Cth).

Google Ads API

weauto operates an internal Google Ads automation tool to manage its own Google Ads campaigns (the campaigns we run to find new small-business customers). The tool is single-tenant and single-account — we do not manage Google Ads for clients, agencies, or any third party, and we do not resell or sub-license access to our developer token.

• The tool reads campaign, ad group, keyword and conversion metrics from weauto's own Google Ads account only.
• It does not access, read, or store Google Ads data belonging to any other person or business.
• No personal information of any individual is sent to the Google Ads API beyond what is publicly visible in our own ad copy.
• Our developer token is stored as an encrypted environment variable on Vercel, accessible only to the operator.
• All API calls originate from weauto's own server-side infrastructure on Vercel.

Use of the Google Ads API is governed by the Google Ads API Terms and Conditions. Full disclosure of the tool's purpose, scope, functions and access controls is on the Google Ads automation tool page.

Cookies

weauto.org uses minimal cookies — essential session cookies and basic analytics only. We do not use advertising or tracking cookies. The websites we build for you may set additional cookies if you ask us to add features that require them (e.g. booking widgets); we'll tell you when that happens.

Security

We use HTTPS everywhere, payment processing via Stripe, and access controls on internal systems. No system is perfectly secure — but we treat your data as if it were our own.

Complaints

If you believe we've mishandled your information, email hello@weauto.org. If we can't resolve it, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Changes to this policy

We'll update the date at the top of this page when this policy changes. Material changes are emailed to active customers.