Privacy & Cookie Policy

Privacy and Cookie Policy

Effective Date: 27 November 2025 · Last Updated: 25 February 2026

1. About This Policy

Moyne Ross ("we," "us," "our") is committed to protecting your privacy in accordance with the Australian Privacy Act 1988 and Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.

Important: Our services involve processing your information through third-party artificial intelligence providers located outside Australia. By submitting building documentation or other personal information for analysis, you provide informed consent to the processing of that information by third-party AI services as described in this policy and in our Terms & Conditions.

Please read this policy carefully before using our services.

2. Personal Information We Collect

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, business address
• Payment Information: Credit card details, billing address (processed securely through Stripe)
• Building Documentation: Property details, plans, photos, maintenance records, compliance certificates
• Communication Records: Emails, support requests, feedback, and correspondence

2.2 Information Collected Automatically

• Website Usage: IP address, browser type, device information, pages visited
• Cookies and Tracking: Analytics data, session information, user preferences
• Technical Logs: Access logs, error reports, performance data

2.3 Building Information and Documentation

When you submit building documentation for analysis, this may include:

• Property addresses and location details
• Technical specifications and system information
• Maintenance records and compliance certificates
• Photos, plans, and technical drawings
• Financial information related to building operations

3. Third-Party AI Processing

3.1 AI Services We Use

Your information is processed by third-party artificial intelligence services including:

• Anthropic (Claude) - US-based AI analysis service
• Google (Gemini) - US-based AI analysis service
• OpenAI (ChatGPT) - US-based AI analysis service
• Other AI providers as we may utilize from time to time

3.2 What Information is Shared with AI Providers

• Building documentation and technical information you provide
• Property details and specifications
• Analysis requests and processing instructions
• Technical metadata required for AI processing

3.3 Cross-Border Data Transfers

Your information will be transferred to and processed in:

• United States (primary location for AI services)
• Other countries where AI service providers operate servers
• Countries where AI service providers have data processing facilities

3.4 Third-Party Data Handling

AI service providers may:

• Store your data on their servers for processing and analysis
• Retain data according to their own privacy policies and retention schedules
• Apply their own security measures and data protection protocols
• Be subject to foreign government data access requirements

Model Training: Claude is accessed via Anthropic's Pro plan with model improvement disabled. Gemini is accessed via Google Workspace Business under the Cloud Data Processing Addendum. Under these arrangements, client data is not used for AI model training. We regularly review provider terms to ensure these protections remain in place. Should any provider change their terms in a way that affects client data use for model training, we will notify affected clients and update this policy accordingly.

Data Preparation: Building documentation submitted for analysis may inherently contain personal information such as property addresses, owner details, and contact information. Where practicable, we remove or redact personal information that is not relevant to the technical analysis before submitting documentation to AI services. However, some personal information (such as property addresses) is integral to the analysis and cannot be removed without compromising the service.

Important Limitations:

• We cannot control third-party AI providers' data handling practices
• We cannot guarantee deletion of your data from third-party AI systems
• Third-party providers may have different privacy standards than ours
• Cross-border transfers may involve countries with different privacy laws

3.5 Your Rights Regarding AI Processing

In addition to the privacy rights set out in Section 8, you have the following rights in relation to AI processing of your information:

• Explainability: You may request written information about the type of AI system used, its basic ways of working and limitations, the due diligence carried out before its adoption, and the way relevant risks are identified and managed. See our Terms & Conditions (Section 2.4) for full details.
• Contest and Redress: You may contest the use of AI in the delivery of your service and seek redress if you believe you have been negatively affected. See our Terms & Conditions (Section 2.4) for the full process and timeframes.
• Opting Out: Capital Strategy cannot be delivered without AI processing. If you are not comfortable with AI processing, Capital Strategy is not suitable for you. Our Due Diligence and Retained Advisory service tiers involve direct professional analysis and carry professional indemnity insurance. Contact us to discuss alternatives.

4. How We Use Your Information

4.1 Primary Purposes

• Service Delivery: Providing our services
• AI Processing: Analyzing your building documentation through third-party AI services
• Communication: Responding to inquiries, providing support, sending service updates
• Payment Processing: Processing payments through secure third-party payment processors
• Quality Improvement: Enhancing our services and analysis methodologies

4.2 Secondary Purposes

• Legal Compliance: Meeting regulatory requirements and legal obligations
• Business Operations: Record keeping, accounting, business management
• Marketing: Sending relevant information about our services (with consent)
• Research: Improving our analysis methodologies and service offerings

5. Information Disclosure

5.1 Third Parties We May Disclose To

• AI Service Providers: For analysis and processing services
• Payment Processors: Stripe and other secure payment platforms
• Professional Advisors: Lawyers, accountants, insurance providers
• Service Providers: IT support, website hosting, analytics providers
• Regulatory Authorities: When required by law or regulation

5.2 Circumstances of Disclosure

• With your explicit consent
• To provide our services (including AI processing)
• When required or authorized by law
• To protect our rights or safety
• In connection with business transfers or restructuring

5.3 We Will NOT Disclose

• Your information for marketing by third parties (without consent)
• Building-specific details to competitors
• Personal information for unrelated commercial purposes
• Information to unauthorized parties

6. Data Security and Protection

6.1 Our Security Measures

• Secure data transmission using encryption protocols
• Access controls and authentication requirements
• Regular security reviews and updates
• Staff training on privacy and security obligations
• Secure storage and backup procedures

6.2 Third-Party Security Limitations

Important: We cannot guarantee the security measures of third-party AI providers. While we select reputable providers with strong security practices, we cannot control:

• Third-party security protocols and procedures
• Data breaches at third-party AI providers
• Unauthorized access to third-party systems
• Foreign government access to overseas data

6.3 Data Breach Response

In the event of a data breach involving your personal information, we will:

• Assess the breach and take immediate containment action
• Notify relevant authorities as required by law
• Notify affected individuals if there is likely risk of serious harm
• Provide guidance on protective measures you can take

7. Data Retention and Deletion

7.1 Our Retention Periods

• Service Records: 7 years for legal and business purposes
• Payment Information: As required by taxation and business laws
• Communication Records: 3 years unless longer retention required
• Website Analytics: 26 months (Google Analytics default)

7.2 Data Deletion Requests

You may request deletion of your personal information. We will:

• Delete information from our primary systems within 30 days
• Retain information only where required by law or legitimate business needs
• Cannot guarantee deletion from third-party AI provider systems

Important Limitation: Once information is processed by third-party AI services, we cannot control or guarantee its deletion from their systems. Each AI provider has its own data retention and deletion policies.

7.3 Anonymization and Aggregation

We may retain anonymized, aggregated data for:

• Service improvement and research purposes
• Industry benchmarking and analysis
• Statistical reporting and trend analysis

8. Your Privacy Rights

8.1 Access and Correction Rights

You have the right to:

• Access personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request details about how your information is used and disclosed
• Receive information in a commonly used electronic format

8.2 Complaint and Objection Rights

You have the right to:

• Complain about our handling of your personal information
• Object to certain uses or disclosures of your information
• Request restriction of processing in certain circumstances
• Withdraw consent where we rely on consent for processing

8.3 Limitations on Rights

Your rights may be limited where:

• Information is required for legal or regulatory purposes
• Deletion would impact our ability to provide services
• Information is held by third-party AI providers beyond our control
• Exercise of rights would unreasonably impact others' rights

9. Cookies and Website Tracking

9.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Google Analytics for website performance measurement
• Functional Cookies: User preferences and session management
• Payment Cookies: Secure payment processing through Stripe

9.2 Third-Party Cookies

Our website may include cookies from:

• Google Analytics (performance tracking)
• Stripe (payment processing)
• Other service providers essential for website operation

9.3 Managing Cookies

You can control cookies through:

• Browser settings (disable/delete cookies)
• Google Analytics opt-out tools
• Privacy preference centers (where available)
• Direct contact with us for assistance

10. International Considerations

10.1 Overseas Data Processing

Your information will be processed overseas, primarily in the United States. Other countries involved may include:

• Countries where AI service providers operate data centers
• Countries where our service providers are located
• Countries involved in data routing and processing

10.2 Privacy Law Differences

Important: Overseas countries may have different privacy laws and protections than Australia. Your information may be:

• Subject to foreign government access requirements
• Protected by different privacy standards
• Governed by foreign privacy laws and regulations

11. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes to our services or AI providers
• New legal requirements or regulations
• Improvements to our privacy practices
• Business changes or service enhancements

We will notify you of material changes by:

• Email notification to registered users
• Prominent website notices
• Updated effective date on this policy

12. Contact Information

12.1 Privacy Officer Contact

For privacy matters, please use our contact form.

12.2 Complaints Process

If you have privacy concerns:

• Contact our Privacy Officer using details above
• We will acknowledge your complaint within 5 business days
• We will investigate and respond within 30 days
• If unsatisfied, you may contact the Office of the Australian Information Commissioner (OAIC)

12.3 OAIC Contact Details

Office of the Australian Information Commissioner:

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

This Privacy Policy was last updated on 25 February 2026. Please review it regularly as we may update it from time to time.

Cookie Policy

Effective Date: 27 November 2025 · Last Updated: 25 February 2026

1. About This Policy

This Cookie Policy explains how Moyne Ross ("we," "us," "our") uses cookies and similar technologies on our website at moyneross.com ("Website"). By using our Website, you consent to our use of cookies as described in this policy.

2. What Are Cookies

2.1 Definition

Cookies are small text files that are stored on your device (computer, tablet, smartphone) when you visit a website. They help websites remember information about your visit and preferences.

2.2 Types of Cookies

• Session Cookies: Temporary cookies deleted when you close your browser
• Persistent Cookies: Remain on your device until they expire or you delete them
• First-Party Cookies: Set by our website directly
• Third-Party Cookies: Set by external services we use (e.g., Google Analytics)

3. Cookies We Use

3.1 Essential Cookies

• Purpose: Required for basic website functionality and security
• Examples: Session management and user authentication, shopping cart and payment processing, security features and fraud prevention, website performance and error tracking
• Legal Basis: Legitimate interest (essential for website operation)
• Retention: Session duration or as needed for functionality
• Can be disabled: No (website may not function properly)

3.2 Analytics Cookies

• Purpose: Help us understand how visitors use our website
• Service Provider: Google Analytics
• Information Collected: Pages visited and time spent on pages, traffic sources and user navigation patterns, device and browser information, geographic location (city/country level), website performance and error data
• Legal Basis: Consent
• Retention: 26 months (Google Analytics default)
• Can be disabled: Yes (see Section 5)

3.3 Functional Cookies

• Purpose: Enhance your website experience and remember preferences
• Examples: Language and region preferences, display settings and accessibility options, form data retention for user convenience, content personalization
• Legal Basis: Consent
• Retention: Varies (typically 6–12 months)
• Can be disabled: Yes (may affect website functionality)

3.4 Payment Processing Cookies

• Purpose: Secure payment processing through Stripe
• Service Provider: Stripe Inc.
• Information Collected: Payment session security tokens, fraud prevention data, transaction processing information
• Legal Basis: Legitimate interest (secure payment processing)
• Retention: As required for payment security and compliance
• Can be disabled: No (required for payment processing)

4. Third-Party Cookies

4.1 Google Analytics

• Provider: Google LLC
• Purpose: Website traffic analysis and performance measurement
• Privacy Policy: https://policies.google.com/privacy
• Data Processing: May include personal information and cross-site tracking
• Location: Data processed in the United States and other Google locations

4.2 Stripe Payment Processing

• Provider: Stripe Inc.
• Purpose: Secure payment processing and fraud prevention
• Privacy Policy: https://stripe.com/privacy
• Data Processing: Payment and transaction data
• Location: Data processed in the United States and other Stripe locations

4.3 Other Third-Party Services

We may use additional third-party services that set cookies, including:

• Content delivery networks (CDNs)
• Security and anti-fraud services
• Customer support tools
• Marketing and advertising platforms

Important: Third-party cookies are governed by the privacy policies of their respective providers. We recommend reviewing these policies to understand how your information is handled.

5. Managing Your Cookie Preferences

5.1 Browser Controls

All modern browsers allow you to control cookies through settings:

Google Chrome: Settings → Privacy and Security → Cookies and other site data. Choose your preferred cookie settings and manage site-specific permissions.

Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data. Select your cookie preferences and manage exceptions for specific sites.

Safari: Preferences → Privacy → Cookies and website data. Choose your blocking preferences and manage website data.

Microsoft Edge: Settings → Cookies and site permissions. Configure cookie settings and manage site permissions.

5.2 Google Analytics Opt-Out

To specifically opt out of Google Analytics:

• Install Google Analytics Opt-out Browser Add-on
• Available at: https://tools.google.com/dlpage/gaoptout
• Works across all websites using Google Analytics

5.3 Industry Opt-Out Tools

Additional opt-out resources:

• Digital Advertising Alliance: http://optout.aboutads.info/
• Network Advertising Initiative: http://optout.networkadvertising.org/
• European Interactive Digital Advertising Alliance: http://youronlinechoices.eu/

5.4 Mobile Device Controls

• iOS Devices: Settings → Privacy → Advertising → Limit Ad Tracking
• Android Devices: Settings → Google → Ads → Opt out of Ads Personalization

6. Consequences of Disabling Cookies

6.1 Essential Cookies

If disabled, the website may not function properly, including:

• Login and account access issues
• Payment processing failures
• Security features may not work
• Error messages and functionality problems

6.2 Analytics Cookies

If disabled:

• Website functionality unaffected
• We cannot analyze website performance
• User experience improvements may be limited
• Technical issues may be harder to identify

6.3 Functional Cookies

If disabled:

• Website will work but with reduced functionality
• Preferences and settings will not be remembered
• Personalization features unavailable
• May need to re-enter information frequently

7. Cookie Retention Periods

• Essential Cookies: Session or as needed - Website functionality
• Google Analytics: 26 months - Traffic analysis
• Functional Cookies: 6–12 months - User preferences
• Payment Cookies: As required - Transaction security

Note: Some cookies may have shorter or longer retention periods based on specific functionality requirements.

8. Cross-Border Data Transfers

8.1 International Processing

Cookie data may be transferred to and processed in:

• United States (Google Analytics, Stripe)
• Other countries where service providers operate
• Countries involved in content delivery networks

8.2 Data Protection

Third-party cookie providers implement various data protection measures, including:

• Privacy Shield frameworks (where applicable)
• Standard contractual clauses
• Adequacy decisions by relevant authorities
• Internal corporate privacy policies

Important: Different countries may have different privacy laws and data protection standards.

9. Changes to This Policy

9.1 Policy Updates

We may update this Cookie Policy to reflect:

• Changes to cookies we use or third-party services
• New legal requirements or privacy regulations
• Improvements to our privacy practices
• Technical changes to our website

9.2 Notification of Changes

We will notify you of material changes by:

• Email notification (for registered users)
• Prominent website banner or notice
• Updated effective date on this policy

9.3 Continued Use

Continued use of our Website after policy updates constitutes acceptance of the revised Cookie Policy.

10. Contact Information

10.1 Privacy Questions

For questions about this Cookie Policy or our privacy practices, please use our contact form.

10.2 Cookie-Specific Inquiries

If you have specific questions about cookie settings or preferences, disabling specific cookies, third-party cookie policies, or data retention for cookies, please contact us using the details above.

10.3 Complaints

If you have concerns about our cookie practices:

• Contact us using the details above
• We will respond within 30 days
• If unsatisfied, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

11. Regulatory Compliance

11.1 Australian Privacy Law

This Cookie Policy complies with:

• Australian Privacy Act 1988
• Australian Privacy Principles (APPs)
• Spam Act 2003 (where applicable)

11.2 International Compliance

We also consider requirements under:

• European General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable privacy laws

11.3 Industry Standards

Our cookie practices align with:

• International Association of Privacy Professionals (IAPP) guidelines
• Industry best practices for data protection
• Security standards for online services

This Cookie Policy was last updated on 25 February 2026. Please review it regularly as we may update it from time to time. For our complete privacy practices, please also review our Privacy Policy and Terms & Conditions.