Privacy Policy - Ben Ryan

Introduction

Ben Ryan WordPress Maintenance (“we”, “us”, or “our”) is an Australian-based WordPress maintenance service. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at benryan.com.au and our maintenance services.

This policy applies to all visitors to our website, prospective customers, and active clients using our WordPress maintenance dashboard. By using our services, you acknowledge that you have read and understood this Privacy Policy.

We are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and where applicable, the European Union General Data Protection Regulation (GDPR).

Information We Collect

We collect different types of information depending on how you interact with our website and services. The following outlines the categories of information we may collect.

Personal Information

When you sign up for our services, submit a contact form, or go through our onboarding process, we may collect your name, email address, phone number, and business name. This information is provided directly by you and is necessary to deliver our WordPress maintenance services.

Payment Information

Payment processing is handled entirely by Stripe, a PCI Level 1 certified payment processor. Your credit card details, billing address, and other payment information are collected and stored by Stripe — these details never touch our servers. We receive only a confirmation of payment status, transaction IDs, and the last four digits of your card for reference.

Authentication Data

We use Supabase for authentication. When you log in to your dashboard, we collect your email address for magic link authentication. No passwords are stored, as our authentication system is entirely passwordless.

Technical Data

When you visit our website, we may automatically collect technical data including your IP address, browser type and version, device information, operating system, and general location data derived from your IP address. This data helps us understand how our website is used and identify technical issues.

Site Credentials

As part of our maintenance service, you may provide WordPress admin credentials for the sites we manage. These credentials are encrypted and stored securely using Supabase Vault, an encrypted storage solution. Access to stored credentials is strictly limited to service delivery purposes.

How We Collect Information

Directly from you: When you fill out our contact form, complete the client onboarding process, communicate with us via email, or provide site credentials through your dashboard.

Automatically: Through Vercel Analytics, which uses hash-based identification to track anonymous page views without storing personal data or using cookies. We also use Sentry for error monitoring, which may collect technical data such as your IP address, browser information, and error stack traces when an error occurs on our site.

Via third parties: Stripe may provide us with fraud detection signals and payment confirmation data as part of the payment processing workflow.

How We Use Your Information

We use the information we collect for the following purposes:

Service delivery: To provide WordPress maintenance services, including updates, backups, security monitoring, and performance optimisation for your sites.
Billing and invoicing: To process payments, manage subscriptions, and send billing-related communications through Stripe.
Communication: To send you service-related notifications, maintenance reports, security alerts, and responses to your enquiries via transactional email.
Security monitoring: To detect and prevent unauthorised access to your sites and our platform.
Error tracking: To identify, diagnose, and fix technical issues on our website and dashboard using Sentry.
Analytics: To understand how visitors use our website and improve the user experience, using Vercel’s privacy-focused, cookie-free analytics.
Legal compliance: To comply with Australian tax obligations, financial record-keeping requirements, and applicable privacy laws.

Third-Party Service Providers

We use the following third-party services to operate our business. Each service may collect or process certain data on our behalf. We have selected providers with strong privacy practices and appropriate security certifications.

Stripe

Stripe handles all payment processing for our subscription plans. Stripe is PCI Level 1 compliant, the highest level of certification in the payment industry. Stripe collects payment card details, billing addresses, and fraud detection data. Your card information is stored securely by Stripe and never reaches our servers.

Stripe may use data for fraud prevention and to comply with financial regulations. For more information, see Stripe’s Privacy Policy.

Supabase

Supabase provides our authentication system, database hosting, and encrypted credential storage (Supabase Vault). Your email address, user profile data, and encrypted site credentials are stored in Supabase’s infrastructure. Supabase uses industry-standard encryption for data at rest and in transit.

For more information, see Supabase’s Privacy Policy.

Vercel

Vercel provides website hosting, edge network delivery, and privacy-focused web analytics. Vercel Analytics uses hash-based identification rather than cookies, meaning no personal data is stored and no tracking cookies are placed on your device. Vercel’s server logs may record IP addresses and request metadata as part of standard hosting operations.

For more information, see Vercel’s Privacy Policy.

SparkPost (Bird)

SparkPost (now Bird) handles the delivery of our transactional emails, including authentication magic links, billing notifications, and service alerts. SparkPost processes recipient email addresses and may use tracking pixels in emails to confirm delivery status.

For more information, see Bird’s Privacy Policy.

Sentry

Sentry provides error monitoring for our website and dashboard. When an error occurs, Sentry may collect your IP address, browser type and version, device information, operating system, and the error stack trace. This data is used solely to identify and fix technical issues.

For more information, see Sentry’s Privacy Policy.

Data Storage & Security

Your data is stored across our service providers’ infrastructure. User data and authentication records are hosted by Supabase. Our website and dashboard are served through Vercel’s global edge network. Payment data is stored by Stripe in their PCI-compliant environment.

We implement appropriate technical and organisational measures to protect your personal information, including encryption at rest and in transit, access controls limited to authorised personnel, and secure credential storage via Supabase Vault.

Site credentials provided during onboarding are encrypted using Supabase Vault before storage. These credentials are only accessed when performing authorised maintenance tasks on your behalf.

While we take reasonable steps to protect your personal information, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee absolute security of your data.

Cookies & Tracking Technologies

Vercel Analytics does not use cookies. It uses hash-based identification to measure page views and visitor counts without storing any personal data on your device. No third-party advertising or tracking cookies are used on our website.

Supabase Authentication uses essential session cookies that are required for login functionality. These cookies maintain your authenticated session in the dashboard and cannot be disabled without losing the ability to log in. They are strictly necessary cookies and do not track you across other websites.

SparkPost may use tracking pixels (tiny transparent images) in transactional emails to confirm whether emails have been delivered and opened. These pixels do not install cookies on your device.

We do not use any third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies.

Your Rights

You have the following rights regarding your personal information:

Access: You can request a copy of the personal information we hold about you.
Correction: You can request that we correct any inaccurate or incomplete personal information.
Deletion: You can request that we delete your personal information, subject to any legal obligations we may have to retain certain records.
Data portability: You can request your data in a structured, commonly used format.
Withdraw consent: Where we process your data based on consent, you can withdraw that consent at any time.
Lodge a complaint: You have the right to lodge a complaint with the relevant supervisory authority if you believe your privacy rights have been violated.

To exercise any of these rights, please contact us using the details provided in the Contact Us section below.

Australian Privacy Act

We are committed to compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). The APPs regulate how organisations collect, use, disclose, store, and provide access to personal information.

Under the Australian Privacy Principles, you have the right to know why your personal information is being collected, how it will be used, and who it will be disclosed to. You also have the right to access and correct your personal information.

If you believe we have breached the APPs or mishandled your personal information, you have the right to lodge a complaint with us first. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We note that the Australian Government passed Privacy Act reforms in December 2024, which may introduce additional obligations for businesses. We are committed to updating our practices and this policy as these reforms take effect.

Your Rights Under GDPR

If you are a resident of the European Union (EU) or European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides you with additional rights regarding your personal data.

Legal basis for processing: We process your personal data under the following legal bases:

Contractual necessity: Processing required to fulfil our maintenance service agreement with you (e.g., managing your account, delivering maintenance services, processing payments).
Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, ensuring security, and conducting analytics, where these interests are not overridden by your rights.
Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications.

Your GDPR rights include:

Right of access: Obtain confirmation of whether we process your personal data and request a copy.
Right to rectification: Request correction of inaccurate personal data.
Right to erasure (“right to be forgotten”): Request deletion of your personal data under certain circumstances.
Right to restriction: Request that we restrict processing of your personal data in certain situations.
Right to data portability: Receive your personal data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
Rights related to automated decision-making: We do not currently use automated decision-making or profiling that produces legal effects.

Where your data is transferred outside the EU/EEA (for example, to our Australian-based operations or our service providers’ infrastructure), we rely on standard contractual clauses or other appropriate safeguards where applicable.

To exercise your GDPR rights or for any data protection enquiries, please contact us at the email address provided in the Contact Us section below.

Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, and in accordance with our legal obligations:

Account and service data: Retained for the duration of your active service, plus 7 years after account closure to comply with Australian tax and financial record-keeping requirements.
Analytics data: Retained according to Vercel’s default retention period of 30 days. No personal data is stored by Vercel Analytics.
Error logs: Retained according to Sentry’s default retention period of 90 days.
Payment records: Retained by Stripe in accordance with their data retention policies and our tax obligations.
Site credentials: Deleted from Supabase Vault when the associated site is removed from your account or upon account termination.

Upon request, we will delete your personal information where we are not legally required to retain it. Some data may persist in backups for a limited period before being permanently removed.

Children's Privacy

Our services are designed for business use and are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on our website.

The “Last updated” date at the top of this page indicates when the most recent revisions were made. We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint about how we handle your personal information, please contact us:

Email: privacy@benryan.com.au
Website: benryan.com.au/contact

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC):

Website: oaic.gov.au
Phone: 1300 363 992