All Webbed Labs
Legal

Privacy Policy

Last reviewed: 28 May 2026

All Webbed Labs is committed to handling your personal information responsibly and in accordance with Australian law. This policy explains what information we collect, why we collect it, who we share it with, how we keep it secure, and how you can access, correct or complain about it.

1. Who we are

All Webbed Labs is a trading division of All Webbed Up Pty Ltd (ABN: 86 666 254 771) ("we", "us", "our"). We are an Australian company based in Sydney, NSW, providing custom software, AI, automation, cloud infrastructure and digital transformation services to Australian businesses.

This policy is governed by the Privacy Act 1988 (Cth) ("the Act") and the Australian Privacy Principles ("APPs") contained in Schedule 1 of the Act. References to "personal information" and "sensitive information" carry the meanings given to those terms in section 6 of the Act.

This policy applies to:

  • this website (awlabs.com.au) and any related sub-sites or staging environments we operate;
  • communications with us by phone, email, video conference or messaging;
  • project, consulting and support engagements; and
  • recruitment enquiries and candidate communications.

2. What information we collect

  • Identification & contact details — your name, business name, position or title, email address, phone number and postal address.
  • Project information — details you share about your business, technical requirements, goals, budgets, timelines and source materials supplied to us.
  • Account & access data — where we provision dashboards, repositories or staging environments for you, the usernames and authentication metadata required to give you access.
  • Communications — copies of emails, messages, call notes, meeting summaries and (where applicable, and only with your knowledge) video conference recordings.
  • Billing information — entity name, ABN and billing address. We do not store full credit card numbers; payments are processed by third-party providers (Stripe, bank transfer, etc.) under their own privacy terms.
  • Technical data automatically collected when you visit our website — IP address, browser type and version, device type, operating system, referrer URL, pages visited, time on page and similar diagnostic information.
  • Cookies and similar technologies — see Section 7 below.

We do not intentionally collect sensitive information (such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record or biometric information). If you provide sensitive information to us inadvertently, we will only use it for the purpose for which you provided it and will treat it under the higher protections required by APP 3.3.

3. How we collect your information

  • Directly from you — when you contact us, complete a form on our website, sign an engagement, attend a meeting or send us materials.
  • From people authorised to provide it on your behalf — for example, your colleagues, accountants, lawyers or other vendors involved in a project.
  • Automatically — when you use our website (see Section 7).
  • From publicly available sources — for example, your organisation's website, ABN Lookup, LinkedIn and public business registries.

If we collect information about you from a third party rather than directly from you, we will, where reasonable and practicable, take the steps required by APP 5 to notify you of the collection.

4. Why we collect and use your information

Primary purposes. We collect and use personal information to:

  • respond to enquiries and prepare quotes;
  • perform services under an engagement (planning, designing, building, testing and supporting software);
  • communicate with you about ongoing projects, schedules, billing and support;
  • send operational notices, including security advisories, scheduled maintenance and contract renewals; and
  • maintain records as required by Australian tax, corporate, employment and contract law.

Secondary purposes. We may also use your information for a related secondary purpose where you would reasonably expect us to do so, or where you have consented — for example, marketing our services to you (subject to your right to unsubscribe; see Section 9), improving our products, benchmarking service delivery, and producing case studies or testimonials. Externally visible case studies and testimonials are only published with your prior written consent.

5. Disclosure to third parties (including overseas recipients)

We disclose personal information only where reasonably necessary to deliver our services. Categories of recipients include:

  • Cloud infrastructure & hosting — for example Amazon Web Services, Cloudflare, Cloudways, Vercel and Netlify. Data may be stored in Australia, the United States, the European Union or Singapore.
  • Email, calendar & messaging — for example Google Workspace, Microsoft 365 and Slack.
  • AI & developer tools — for example Anthropic, OpenAI, GitHub and similar providers, used to build, deploy and operate the systems we deliver. We do not voluntarily upload identifiable client material to public model training endpoints, and we will agree project-specific data-handling rules with you on request.
  • Payments & finance — Stripe, Xero, our bank and our accountant.
  • Professional advisors — legal, accounting and insurance providers, where their advice is required in connection with our business.
  • Government and regulators — where required by Australian law, including the ATO, ASIC, the OAIC, courts and law enforcement under a valid notice or warrant.
  • Acquirers — in connection with a sale, merger or restructure of our business; any acquirer will be required to honour the commitments in this policy.

Several of these providers store data outside Australia (most commonly the United States, the European Union or Singapore). By providing us with your personal information, you acknowledge that we may transfer that information overseas as described above, and you consent under APP 8.2(b) to that disclosure. We take reasonable steps to ensure overseas recipients handle your information consistently with the APPs, including by selecting reputable providers with established data-protection frameworks.

We do not sell your personal information.

6. Data quality, storage and security (APPs 10 & 11)

We take reasonable steps to keep your information accurate, complete and up to date. Please tell us if your details change so we can correct our records.

We store information in secured cloud services that use industry-standard encryption (TLS in transit; AES-256 or equivalent at rest) and access controls (multi-factor authentication, role-based permissions and audit logging). We restrict internal access to those who need it to do their job.

No system is perfectly secure. If we become aware of an eligible data breach under Part IIIC of the Privacy Act, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

We retain personal information only for as long as we need it for the purpose for which it was collected, or as required by law. Typical retention periods include at least 7 years for business and accounting records (as required by the Income Tax Assessment Act 1997 and the Corporations Act 2001), and longer for employment-related records as required by the Fair Work Act 2009. When we no longer need information, we destroy or de-identify it.

7. Cookies, analytics & tracking

Our website uses cookies and similar technologies for:

  • Essential operation — keeping you signed in to admin areas, remembering form input and providing security tokens;
  • Analytics — measuring traffic, page performance and aggregate user behaviour. We may use providers such as Google Analytics, Plausible, Cloudflare Analytics or similar;
  • Functional & preference — remembering settings such as theme or previously accepted notifications.

We do not currently run advertising or remarketing pixels on this site. If that changes, we will update this policy and surface a cookie-consent mechanism where required by law. You can refuse or delete cookies through your browser settings; doing so may stop some site features from working.

8. Access, correction, anonymity and pseudonymity (APPs 2, 12, 13)

You may, at any time:

  • request access to the personal information we hold about you (APP 12);
  • ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading (APP 13); and
  • withdraw consent to non-essential uses (such as marketing).

We will respond to access and correction requests within a reasonable period — normally within 30 days. We may charge a reasonable fee for the cost of providing access where the request is large or labour-intensive; we will tell you the fee before any work is undertaken. We will not charge for making a correction.

Where lawful and practical, you may interact with us anonymously or under a pseudonym. For service delivery, billing and legal compliance, however, we usually need to know who you are.

9. Direct marketing & Spam Act 2003 (Cth)

We may send you commercial electronic messages (email or SMS) about our services where you have given express or inferred consent under the Spam Act 2003 (Cth). Every commercial message we send will:

  • identify us as the sender;
  • contain accurate contact details; and
  • include a functional unsubscribe mechanism, honoured within 5 business days.

You can opt out at any time using the unsubscribe link in a message or by emailing us at the address in Section 12.

10. Children's privacy

Our services are intended for businesses and adult users. We do not knowingly collect personal information from children under 16. If you believe we hold information about a child, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or the law. The "Last reviewed" date at the top of this page shows when it was last updated, and we encourage you to review this page periodically. Where changes are material, we will take additional steps to bring them to your attention — for example, a notice on the website or an email to current clients.

12. Contact us & complaints

Privacy Officer
All Webbed Up Pty Ltd (trading as All Webbed Labs)
Email: privacy@allwebbedup.com.au
Postal address available on request.

If you have a complaint about how we have handled your personal information, please contact our Privacy Officer first. We will acknowledge your complaint within 5 business days and aim to provide a substantive response within 30 days.

If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Web: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001

This policy is provided in plain English to help you understand your rights and our obligations. It is intended to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, but it is not legal advice. If you have specific questions about how it applies to your situation, please contact us using the details above.