Simple Media Back to app

Simple Media Agency OS

Privacy Policy

Effective date: 7 May 2025 · Last reviewed: 7 May 2025

1. Overview

Simple Media Pty Ltd (“Simple Media”, “we”, “us”, or “our”) operates the Agency OS platform (the “Platform”), an internal operations tool used exclusively by authorised Simple Media staff to manage client relationships, projects, sites, domains, and billing information.

This Privacy Policy explains what data the Platform stores, how it is used, who can access it, and how it is protected. Because the Platform is an internal business system — not a public consumer product — the data it holds relates primarily to our clients (businesses and their key contacts) rather than end consumers.

We are committed to handling all personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What Data We Collect and Store

The Platform stores the following categories of data:

2.1 Business and client data

  • Company names, trading names, and ABN/ACN numbers
  • Business website URLs, industry classifications, and billing email addresses
  • Client status (lead, prospect, active client, archived) and tier
  • Internal notes, account history, and relationship context

2.2 Contact information

  • First and last names of key contacts linked to client businesses
  • Business email addresses and phone/mobile numbers
  • Job titles and roles held at linked companies

2.3 Technical and operational data

  • Domain names, registrar details, renewal dates, and DNS/Cloudflare status
  • Hosted site details: URLs, server assignments, site status, platform type
  • Server infrastructure details (IP addresses, provider, hosting tier)
  • Plugin licences associated with client sites

2.4 Commercial data

  • Care plan subscriptions: plan type, billing cycle, monthly rate, start/end dates
  • Domain registration fees and renewal rates
  • References to Xero invoice IDs (no full financial account data is stored)

2.5 Project and activity data

  • Project names, types, statuses, and associated companies
  • An activity log recording who made what change and when (audit trail)
  • Workflow trigger history (research runs, site launch steps)

2.6 Staff (user) data

  • Name, work email address, and role of Simple Media staff with Platform access
  • Login activity managed via Supabase Auth (email + password or magic link)

3. How We Collect Data

Data enters the Platform through the following means:

  • Manual entryby authorised Simple Media staff via the Platform’s web interface
  • Automated sync from connected systems (e.g. GridPane API for server and site data, n8n automation workflows)
  • Migration from prior data sources such as Google Sheets or legacy CRM records
  • AI-assisted research via the Research workflow, which uses publicly available online sources to compile pre-discovery information about prospective or existing clients

We do not collect data directly from client end-users, website visitors, or any individual who has not been added to the Platform by Simple Media staff.

4. Purpose and Use of Data

Data stored in the Platform is used solely for internal business operations:

  • Managing ongoing client relationships and project delivery
  • Tracking hosted websites, domains, and server infrastructure
  • Billing administration and care plan management
  • Onboarding new clients and conducting pre-discovery research
  • Internal reporting, capacity planning, and revenue forecasting
  • Maintaining an audit trail for accountability and quality assurance

We do not use this data for marketing to third parties, profiling, automated decision-making that affects individuals, or any purpose unrelated to delivering Simple Media’s services.

5. Data Storage and Security

5.1 Where data is stored

All Platform data is stored in Supabase (PostgreSQL), hosted on infrastructure located in Australia or the Asia-Pacific region. Authentication is managed by Supabase Auth. No sensitive personal data is stored in browser local storage or unencrypted cookies.

5.2 Access controls

Access to the Platform is restricted to authorised Simple Media staff via email/password authentication. Role-based access controls limit what each user can view and modify. All connections to the Platform use HTTPS/TLS encryption in transit.

5.3 Third-party integrations

The Platform connects to the following third-party services in the course of normal operation:

  • Supabase — database and authentication (supabase.com)
  • n8n (self-hosted)— workflow automation running on Simple Media’s own VPS; no data leaves our infrastructure
  • Google Workspace— Drive and Docs for brief storage; subject to Google’s own privacy terms
  • Slack — notifications and command interface; client names may appear in channel messages
  • Cloudflare— DNS and CDN for the Platform domain; traffic metadata subject to Cloudflare’s terms

6. Data Retention

Client data is retained for as long as the client relationship is active or for a reasonable period thereafter for accounting and legal purposes (typically 7 years in line with Australian tax obligations). Records marked as “archived” or “deleted” are soft-deleted (flagged, not physically removed) and may be retained for audit purposes.

Staff accounts are deactivated when employment ends. Activity log entries are retained indefinitely as an audit trail.

7. Your Rights (Clients and Contacts)

If you are a person whose information is stored in the Platform — for example, a key contact at a Simple Media client business — you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate or out-of-date information
  • Request deletion of your information (subject to our legal retention obligations)
  • Lodge a complaint if you believe we have mishandled your information

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Complaints

If you are not satisfied with how we handle your privacy request, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the Platform’s capabilities or applicable law. The effective date at the top of this page will be updated accordingly. Continued use of the Platform after any update constitutes acceptance of the revised policy.

10. Contact

Simple Media Pty Ltd
Penrith, NSW 2750, Australia
[email protected]
simplemedia.com.au