Privacy Policy

Website Rescues — a trading name of David Bennett (Sole Trader) | ABN 32 562 031 256
Effective date: 16 March 2026 | Last updated: 16 March 2026

We take your privacy seriously. This policy explains how we collect, use, store, and protect your personal information when you use our website or engage our services. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Who We Are

Website Rescues provides website security assessment, hardening, monitoring, and certification services for Australian small and medium businesses. We are operated by David Bennett (Sole Trader) | ABN 32 562 031 256, based in Western Australia.

Contact:
Email: info@websiterescue.com.au
Phone: 0489 900 851
Address: Perth, Western Australia

2. Information We Collect

2.1 Information You Provide Directly

Data Type	When Collected	Purpose
Name, email, phone, business name	When you contact us, request a scan, or engage services	Deliver services, communicate with you
Website URL	When you submit a site for scanning	Perform the scan you requested
Hosting & WordPress credentials	When you engage Discovery assessment	Conduct the credentialed assessment only
Payment information	When you purchase services	Process payment (handled by our third-party payment provider — we never store card details)
Correspondence	When you email or chat with us	Respond to your enquiry

2.2 Information Collected Automatically

Data Type	How Collected	Purpose
IP address	Server logs	Security, analytics, abuse prevention
Browser type, device type, OS	Website analytics	Improve website experience
Pages visited, time on site	Website analytics	Understand how visitors use our site
Referring URL	Website analytics	Understand traffic sources
Cookie data	Browser cookies	See Section 9

2.3 Information Collected During Scans

When you request a security scan, we collect technical data about your website including but not limited to:

Software versions (WordPress core, PHP, plugins, themes)
Server configuration details
SSL/TLS configuration
HTTP security headers
Publicly visible file structures
Known vulnerability matches

This technical data relates to your website’s infrastructure, not your customers’ personal information.

2.4 Information We Do Not Collect

We do not access, collect, or export personal data belonging to your website’s visitors or customers
We do not collect sensitive information (health, political, criminal, biometric, sexual orientation) unless voluntarily disclosed by you in correspondence
We do not collect financial data from your website (e.g., your customers’ payment details)
We do not track you across other websites

3. How We Use Your Information

We use your personal information to:

Deliver services — conduct scans, assessments, hardening, and monitoring you have engaged
Communicate — send scan results, reports, security alerts, invoices, and respond to enquiries
Process payments — via our secure third-party payment provider
Improve our services — analyse website usage patterns in aggregate to improve user experience
Legal compliance — comply with Australian law and protect our legal rights
Security notifications — alert you to critical vulnerabilities affecting your site (where you have opted in)

We do not use your information for any purpose other than those stated above without your consent.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. Full stop.

We may share your information with:

Recipient	Purpose	Safeguards
Payment processor	Process your payment securely	PCI-DSS compliant; we never see or store card numbers
Hosting/infrastructure providers	Store and process data as part of service delivery	Contractual data protection obligations
Email delivery services	Send scan results and reports to you	Encrypted transmission
Analytics platforms	Aggregate website usage data (anonymised)	No personally identifiable data shared
Professional advisors	Legal, accounting, insurance where necessary	Bound by professional confidentiality
Law enforcement/regulators	Where required by law, court order, or to prevent fraud	Only on lawful request

We never share your website credentials with any third party. Ever.

5. Credential Handling

This section is specific to our Discovery assessment service, where you voluntarily provide hosting and WordPress credentials.

Our protocol:

Encrypted transmission — credentials are transmitted via encrypted channels only
Purpose-limited — used exclusively for the agreed security assessment
Time-limited — not stored beyond the duration of the active engagement
Access-limited — accessible only to authorised assessment personnel
Never shared — never disclosed to any third party
Change recommended — we strongly recommend you change all passwords after every assessment

If we discover exposed or improperly stored personal data during an assessment, we document it as a security finding. We do not access, copy, download, or use that data.

6. Data Storage and Security

Data is stored on secured, encrypted infrastructure with Australian-based primary storage
We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews
Access to personal information is restricted to authorised personnel on a need-to-know basis
We maintain security monitoring on our own systems

No method of electronic transmission or storage is 100% secure. While we take all reasonable steps to protect your information, we cannot guarantee absolute security — the same honest position we take with your website.

6.1 Retention Periods

Data Type	Retention Period	Reason
Scan results	Duration of engagement + 12 months	Service delivery, follow-up
Security reports & certificates	Duration of engagement + 7 years	Legal and compliance evidence
Contact information	Active client period + 24 months	Service continuity
Credentials	Deleted upon completion of each assessment	Security best practice
Payment records	5 years from transaction	Australian tax law requirement
Website analytics	26 months	Standard analytics retention
Correspondence	3 years from last contact	Service history

You may request earlier deletion of your data at any time, subject to our legal obligations to retain certain records.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

Access — request a copy of the personal information we hold about you
Correction — request correction of inaccurate, incomplete, or outdated information
Deletion — request deletion of your personal information, subject to our legal retention obligations
Opt-out — unsubscribe from marketing communications at any time
Complaint — lodge a complaint if you believe we have breached the Australian Privacy Principles

To exercise any of these rights:
Email info@websiterescue.com.au with your request. We will acknowledge your request within 5 business days and respond substantively within 30 days.

If you are not satisfied with our response:
You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

8. Marketing Communications

We will not send you marketing emails unless you have opted in
Every marketing email includes an unsubscribe link
Opting out of marketing does not affect service-related communications (scan results, reports, security alerts for active engagements)
We do not share your contact details with third parties for their marketing purposes

9. Cookies

Our website uses cookies for the following purposes:

Cookie Type	Purpose	Can You Disable?
Essential	Maintain your session, enable core functionality	No (site won’t function properly)
Analytics	Understand how visitors use our site in aggregate	Yes, via browser settings
Functional	Remember your preferences	Yes, via browser settings

We do not use:

Advertising cookies
Retargeting pixels
Cross-site tracking cookies
Third-party marketing trackers

You can control cookie settings through your browser. Most browsers allow you to refuse cookies or delete them. Disabling essential cookies may affect your experience on our site.

10. Third-Party Services and Links

Our website may contain links to external websites (security resources, government sites, news articles). We are not responsible for the privacy practices or content of those sites. We encourage you to read their privacy policies.

10.1 AI Chat

Our website may include AI-powered chat functionality. Chat content is processed to respond to your enquiry. We do not use chat content to train AI models or share it with third parties for marketing purposes.

10.2 Payment Processing

Payments are processed by our third-party payment provider. Your payment details are handled directly by them under their own privacy and security policies. We receive confirmation of payment but do not see or store your full card details.

11. International Data Transfers

Our primary data storage is in Australia. Some of our service providers may process data in other jurisdictions. Where personal information is transferred internationally, we take reasonable steps to ensure it is handled in accordance with the Australian Privacy Principles, including:

Selecting providers with strong privacy frameworks
Ensuring contractual data protection obligations are in place

12. Children’s Privacy

Our services are designed for business operators. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly.

13. Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will:

Notify affected individuals as soon as practicable
Notify the Office of the Australian Information Commissioner as required under the Notifiable Data Breaches (NDB) scheme
Take reasonable steps to contain the breach and mitigate harm

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes take effect when published on this page. The “Last updated” date at the top indicates when this policy was last revised.

For significant changes, we will make reasonable efforts to notify active clients via email.

15. Governing Law

This Privacy Policy is governed by the laws of Western Australia, Australia.

Contact

Website Rescues
Operated by David Bennett (Sole Trader) | ABN 32 562 031 256

Email: info@websiterescue.com.au
Phone: 0489 900 851
Address: Perth, Western Australia