Privacy Policy

1. Introduction

Flow Advisory Group (a registered business name of NAASH CONSULTING PTY. LTD. ABN 82 611 761 981) ("we", "us", "our") is committed to protecting your privacy and complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

This Privacy Policy explains how we collect, use, store, and disclose your personal information when you:

• Visit our website at flowadvisorygroup.com
• Complete the Flow Health Score assessment
• Contact us via email or our contact forms
• Book a consultation through our calendar booking system

2. What Information We Collect

2.1 Information You Provide Directly

We collect personal information you voluntarily provide when you:

• Complete the Flow Health Score: Name, email address, company name (optional), and your responses to the assessment questions
• Book a consultation: Name, email address, phone number (optional), company name, and your availability preferences
• Contact us via email: Name, email address, and any information you include in your message

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• Technical information: IP address, browser type, device type, operating system
• Usage data: Pages visited, time spent on pages, referral source
• Cookies: We use essential cookies for website functionality only (no tracking or advertising cookies)

2.3 Information We Do NOT Collect

We do not collect:

• Sensitive information (health, race, political opinions, etc.)
• Credit card or payment information (payments processed through third-party providers)
• Social media profile data unless you explicitly share it

3. How We Use Your Information

We use your personal information only for the following purposes:

• Provide our services: Deliver your Flow Health Score results, schedule consultations, respond to inquiries
• Communication: Send you your assessment results, appointment confirmations, and follow-up information related to your inquiry
• Service improvement: Analyze aggregate data to improve our assessment tool and services (all analysis uses de-identified data)
• Legal compliance: Meet our legal obligations under Australian law

What We Do NOT Do With Your Information

• We never sell your personal information to third parties
• We never share your information for marketing purposes without explicit consent
• We never use your information for purposes unrelated to the services you requested
• We never send unsolicited marketing emails (all communications are related to your inquiry or assessment)

4. Third-Party Services

We use the following trusted third-party services to operate our website and deliver our services:

4.1 Web3Forms (Email Delivery)

• Purpose: Delivers your Flow Health Score submissions to our email
• Data shared: Name, email, company name, assessment responses
• Location: USA (operates under GDPR compliance)
• Privacy policy: web3forms.com/privacy

4.2 Calendly (Appointment Scheduling)

• Purpose: Enables you to book consultation appointments
• Data shared: Name, email, time zone, appointment preferences
• Location: USA (operates under GDPR compliance)
• Privacy policy: calendly.com/privacy

4.3 Hostinger (Website Hosting)

• Purpose: Hosts our website and stores website files
• Data shared: Technical data (IP addresses, access logs)
• Location: Lithuania (EU, GDPR compliant)
• Privacy policy: hostinger.com/privacy-policy

Important: These third-party services have their own privacy policies. We carefully select providers that maintain strong data protection standards, but we are not responsible for their privacy practices.

5. Data Storage and Security

5.1 Where We Store Your Data

• Email submissions: Stored in our business email account (Gmail, Google Workspace) — servers in USA/Australia
• Assessment responses: Stored in email records only, not in a separate database
• Website data: Hosted by Hostinger (EU servers)

5.2 How We Protect Your Data

• SSL/TLS encryption for all data transmission (https://)
• Password-protected email accounts with two-factor authentication
• Access limited to authorized personnel only
• Regular security updates and monitoring
• No storage of data on unsecured devices or platforms

5.3 Data Retention

• Flow Health Score submissions: Retained for 24 months or until you request deletion
• Consultation booking data: Retained for 12 months after the appointment date
• Email correspondence: Retained as long as necessary for business purposes or as required by law
• Website logs: Retained for 90 days then automatically deleted

6. Your Rights Under Australian Privacy Law

Under the Australian Privacy Act 1988, you have the following rights:

6.1 Right to Access

You can request a copy of the personal information we hold about you. We will provide this within 30 days of your request, free of charge.

6.2 Right to Correction

If your personal information is inaccurate, out-of-date, incomplete, or misleading, you can request that we correct it.

6.3 Right to Deletion

You can request that we delete your personal information. We will comply unless we are required to retain it by law or for legitimate business purposes (e.g., ongoing engagement, legal obligations).

6.4 Right to Withdraw Consent

If you provided consent for us to use your information for a specific purpose, you can withdraw that consent at any time.

6.5 Right to Complain

If you believe we have breached the Australian Privacy Principles, you can lodge a complaint with us (see contact details below) or with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

7. Cookies and Tracking

We use minimal cookies on our website:

7.1 Essential Cookies

• Session cookies: Remember your assessment progress if you navigate away
• Functional cookies: Remember your preferences (e.g., form auto-fill)

7.2 What We Don't Use

• No advertising or tracking cookies
• No third-party analytics (Google Analytics, Facebook Pixel, etc.)
• No social media tracking pixels

You can disable cookies in your browser settings, but this may affect website functionality.

8. Marketing Communications

We will only send you marketing communications if:

• You have explicitly opted in to receive them, or
• You have engaged with our services and we believe the communication is directly relevant to your inquiry

Every email includes an unsubscribe link. You can opt out at any time, and we will process your request within 5 business days.

9. Children's Privacy

Our services are not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Updating the "Last updated" date at the top of this policy
• Sending an email notification if you are an active client or have recently engaged with us

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

11. International Data Transfers

Some of our third-party service providers are located outside Australia (primarily in the USA and EU). When we transfer your information internationally:

• We ensure the recipient country has data protection laws substantially similar to Australia's Privacy Act, or
• We use contractual protections to ensure your data is handled appropriately

By using our services, you consent to these international transfers under the conditions outlined above.

12. Business Transfers

If Flow Advisory Group is acquired, merged, or undergoes a business restructure, your personal information may be transferred to the new entity. We will notify you of any such transfer and ensure the new entity complies with this Privacy Policy.

13. Contact Us About Privacy

14. Consent

By using our website, completing the Flow Health Score, or contacting us, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.