Privacy Policy
Last Updated: December 13, 2025
Effective Date: December 13, 2025
Introduction
Web3Connect Pty Ltd ("Web3Connect", "we", "us", or "our") operates web3connect.com, a B2B marketplace platform that helps Web3 founders discover, evaluate, and engage with verified service providers.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services. We are committed to protecting your privacy and handling your data transparently.
Controller Details:
- Entity: Web3Connect Pty Ltd
- ABN: 92 689 696 295
- ACN: 689 696 295
- Registered Address: 110 Mill Point Road, Toorloo Arm, VIC 3909, Australia
- Privacy Contact: [email protected]
Governing Law: This Privacy Policy is governed by the laws of Victoria, Australia.
Quick Summary
Before diving into the details, here are the key points:
| What We Do | Details |
|---|---|
| Data we collect | Account info, reviews, analytics (with consent), payment data |
| Why we collect it | Platform operation, review verification, service improvement |
| Who we share with | Service providers only (no selling of data) |
| Where data is stored | Australia, EU, and US (with appropriate safeguards) |
| Your rights | Access, correction, deletion, portability, and more |
| How to contact us | [email protected] |
1. Information We Collect
1.1 Information You Provide Directly
Account Information
- Name and email address
- Company name and role
- Profile information (bio, photo)
- Password (encrypted)
Partner Information (for registered service providers)
- Organization details (name, description, website, logo)
- Service offerings and pricing
- Team member information
- Business verification documents
Review Information (for reviewers)
- Review content and ratings
- Project details and engagement information
- Verification data (LinkedIn profile, email verification)
- Incentive disclosures (if applicable)
Contact Information
- Messages sent through our contact forms
- Support requests and communications
Payment Information
- Billing address and contact details
- Payment card information (processed by Stripe - we never store full card details)
- Transaction history
1.2 Information Collected Automatically
Technical Data (collected when you visit our website)
- IP address (used for security and geolocation)
- Browser type and version
- Device type and operating system
- Referring website
- Pages visited and time spent
Analytics Data (with your consent)
- User interactions and feature usage
- Session recordings (if enabled)
- Search queries and click patterns
- Conversion events
Cookies and Similar Technologies
We use cookies to provide essential functionality and, with your consent, for analytics and marketing. See our Cookie Policy for details.
1.3 Information from Third Parties
Google (when you sign in with Google)
- Basic profile: name, profile photo
- Email address
- OpenID identifier (for authentication)
LinkedIn (when you authenticate or verify via LinkedIn)
- Basic profile: name, profile photo, email address
- Professional information: current employer, job title
- Account metadata: connection count, account age (for verification)
Moz (for partner website assessment)
- Domain Authority scores (public website metrics only - no personal data)
2. How We Use Your Information
2.1 Purposes and Legal Bases
We process your personal data for the following purposes:
| Purpose | Legal Basis | Data Categories |
|---|---|---|
| Account management | Contract performance | Account data, contact info |
| Platform operation | Contract performance | All account and usage data |
| Review publication | Contract + Consent | Review content, verification data |
| Payment processing | Contract performance | Payment and billing data |
| Email communications | Contract + Consent | Email address, preferences |
| Analytics and improvement | Consent | Usage data, session recordings |
| Security and fraud prevention | Legitimate interest | IP address, login activity |
| Legal compliance | Legal obligation | Transaction records, tax data |
| Customer support | Contract performance | All relevant account data |
Legal Bases Explained:
- Contract Performance (GDPR Art. 6(1)(b) / AU Privacy Act APP 3): Processing necessary to provide our services to you.
- Consent (GDPR Art. 6(1)(a) / AU Privacy Act APP 3): Processing you have explicitly agreed to.
- Legitimate Interest (GDPR Art. 6(1)(f) / AU Privacy Act APP 6): Processing necessary for our legitimate business interests, balanced against your rights.
- Legal Obligation (GDPR Art. 6(1)(c) / AU Privacy Act APP 6): Processing required by law.
2.2 What We Don't Do
- We do not sell your personal data to third parties
- We do not share your data for third-party marketing without your consent
- We do not use your data for automated decision-making that has legal effects on you
- We do not collect special categories of data (health, religion, political opinions, etc.)
3. Who We Share Your Information With
3.1 Third-Party Service Providers
We use carefully selected service providers to help operate our platform. Each provider processes data on our behalf under Data Processing Agreements (DPAs) that ensure GDPR and Australian Privacy Act compliance.
| Provider | Service | Data Processed | Location |
|---|---|---|---|
| Railway | Hosting | All platform data | US (Virginia) |
| Cloudflare | CDN & Storage | Files, cached content | Oceania (APAC) |
| PostHog | Analytics | Usage data (with consent) | EU (Frankfurt) |
| Customer.io | Email address, preferences | US (DPF certified) | |
| Stripe | Payments | Payment data | US (PCI-DSS) |
| Algolia | Search | Public partner data | EU |
| Authentication | Email, name, profile photo | US | |
| Authentication | OAuth tokens, profile data | US | |
| Moz | Website metrics | Domain names (public) | US |
3.2 Other Disclosures
We may disclose your personal information:
- To partners: When you submit a contact request through our platform
- For legal reasons: To comply with legal obligations, court orders, or regulatory requests
- To protect rights: To prevent fraud, security threats, or violations of our terms
- In business transfers: In connection with a merger, acquisition, or sale of assets (with notice)
4. International Data Transfers
4.1 Where Your Data Is Stored
As an Australian company with a global user base, your data may be transferred to and processed in countries outside Australia and the European Economic Area (EEA).
Data Locations:
- European Union: PostHog (Frankfurt), Algolia (EU cluster)
- United States: Railway (Virginia), Customer.io, Stripe, Google, LinkedIn, Moz
- Oceania/APAC: Cloudflare R2 (file storage)
- Australia: Our company headquarters and operations
4.2 Transfer Safeguards
We protect international data transfers through:
Standard Contractual Clauses (SCCs)
We use the European Commission's Standard Contractual Clauses (2021 version) with all US-based processors. These are legally binding contracts requiring data importers to protect your data to EU standards.
EU-US Data Privacy Framework
Where applicable, we use processors certified under the EU-US Data Privacy Framework (e.g., Customer.io).
Technical Safeguards
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Access controls and authentication
- Regular security audits
Your Right to Request SCCs
You can request a copy of our Standard Contractual Clauses by emailing [email protected].
5. Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy:
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account data | While active + 2 years | Fraud prevention, legal disputes |
| Review content | Indefinitely | Platform integrity, public record |
| Verification documents | 90 days | Verification lifecycle complete |
| Analytics data | 90 days | Technical necessity |
| Payment records | 7 years | Tax and accounting obligations |
| Support communications | 2 years | Quality assurance, dispute resolution |
| Marketing preferences | Until consent withdrawn | Compliance with opt-out requests |
Deletion Process:
When data reaches the end of its retention period, we securely delete or anonymize it. Published reviews may be anonymized rather than deleted to preserve platform integrity.
6. Your Rights
6.1 Rights Under GDPR (EU Users)
If you are in the European Economic Area, you have the following rights under the General Data Protection Regulation:
- Right of Access (Art. 15): Request a copy of your personal data
- Right to Rectification (Art. 16): Correct inaccurate personal data
- Right to Erasure (Art. 17): Request deletion of your personal data
- Right to Restriction (Art. 18): Restrict how we process your data
- Right to Data Portability (Art. 20): Receive your data in a portable format
- Right to Object (Art. 21): Object to processing based on legitimate interests
- Right to Withdraw Consent (Art. 7): Withdraw consent at any time
- Right to Lodge a Complaint: Contact your supervisory authority
6.2 Rights Under Australian Privacy Act
If you are in Australia, you have the following rights under the Privacy Act 1988:
- Right of Access (APP 12): Request access to your personal information
- Right to Correction (APP 13): Request correction of inaccurate information
- Right to Complain: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)
6.3 Rights Under US State Laws
If you are in California or other US states with privacy laws (CCPA, VCDPA, etc.):
- Right to Know: What personal information we collect and how it's used
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of "sale" or "sharing" of personal information (note: we do not sell personal information)
- Right to Non-Discrimination: Equal service regardless of privacy choices
6.4 How to Exercise Your Rights
Email: [email protected]
Dashboard: For account-related data, use your dashboard settings to:
- Update your profile information
- Download your data
- Delete your account
- Manage consent preferences
Cookie Preferences: Use our cookie consent banner (available on every page) to manage analytics and marketing cookies.
Response Time: We will respond to verified requests within 30 days (or sooner where required by law).
Verification: We may need to verify your identity before processing your request to protect against unauthorized access.
7. Third-Party Data Processors
We share data with the following third-party processors to provide our services:
7.1 PostHog (Product Analytics)
- Purpose: Understanding how users interact with our platform
- Data Processed: Page views, feature usage, session recordings (with consent)
- Legal Basis: Consent
- Data Location: EU (Frankfurt, Germany)
- Your Control: Opt out via cookie consent banner
7.2 Customer.io (Email Communications)
- Purpose: Transactional and marketing emails
- Data Processed: Email address, name, preferences
- Legal Basis: Contract (transactional) + Consent (marketing)
- Data Location: US (EU-US Data Privacy Framework certified)
- Your Control: Unsubscribe via email link
7.3 Stripe (Payment Processing)
- Purpose: Payment processing for subscriptions
- Data Processed: Payment card info (processed by Stripe), billing address
- Legal Basis: Contract
- Data Location: Global (EU/US storage)
- Note: We never store full card details
7.4 Cloudflare (Content Delivery & Storage)
- Purpose: Website performance, file storage, security
- Data Processed: Cached content, uploaded files
- Legal Basis: Legitimate interest
- Data Location: Oceania/APAC region for R2 storage
7.5 Algolia (Search)
- Purpose: Platform search functionality
- Data Processed: Search queries, public partner data
- Legal Basis: Legitimate interest
- Data Location: EU
7.6 Google (Authentication)
- Purpose: Account sign-in and authentication
- Data Accessed: Email address, name, profile photo (via userinfo.email, userinfo.profile, and openid scopes)
- Data Usage: We use this data solely to create and authenticate your Web3Connect account. Your Google data is not used for any other purpose.
- Data Sharing: Your Google data is not shared with any third parties. It is only used internally for authentication.
- Data Storage: Your email and name are stored in our secure database (Railway US). Your profile photo URL is stored but the image itself remains on Google's servers.
- Data Retention: Retained while your account is active. Deleted upon account deletion request.
- Legal Basis: Consent (you choose to sign in with Google)
- Your Control: You can disconnect Google from your account settings, or delete your account entirely. You can also revoke access via your Google Account settings at myaccount.google.com/permissions
7.7 LinkedIn (Authentication & Verification)
- Purpose: Optional authentication and verification
- Data Processed: Profile info, professional info
- Legal Basis: Consent
- Data Location: US
- Your Control: Disconnect from account settings
7.8 Railway (Hosting Infrastructure)
- Purpose: Hosting applications and database
- Data Processed: All platform data
- Legal Basis: Contract
- Data Location: US (Virginia)
- Security: AES-256 encryption at rest, TLS 1.3 in transit
8. Cookies and Tracking
8.1 Cookie Categories
We use cookies and similar technologies organized into four categories:
| Category | Purpose | Consent Required |
|---|---|---|
| Necessary | Essential site functionality, security | No |
| Preferences | Remember your settings and choices | Yes |
| Analytics | Understand how you use our site | Yes |
| Marketing | Deliver relevant content and measure campaigns | Yes |
8.2 Managing Cookies
Cookie Consent Banner: When you first visit our site, you can choose which cookie categories to accept. You can change your preferences anytime by clicking the cookie icon in the footer.
Browser Settings: You can also control cookies through your browser settings, though this may affect site functionality.
Do Not Track: We respect Do Not Track browser signals.
For full details, see our Cookie Policy.
9. Security
We implement appropriate technical and organizational measures to protect your personal data:
Technical Measures:
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Secure password hashing
- Regular security audits
- DDoS protection (Cloudflare)
Organizational Measures:
- Limited access to personal data (need-to-know basis)
- Employee security training
- Data Processing Agreements with all processors
- Incident response procedures
Data Breach Response:
If a data breach occurs that poses a risk to your rights, we will notify you and relevant authorities in accordance with GDPR Article 33-34 and the Australian Notifiable Data Breaches scheme (within 72 hours where feasible).
10. Children's Privacy
Web3Connect is a B2B platform not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us at [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Emailing you if the changes materially affect how we use your data
We encourage you to review this policy periodically.
12. Contact Us
12.1 Privacy Inquiries
Email: [email protected]
Mail:
Web3Connect Pty Ltd
Privacy Officer
110 Mill Point Road
Toorloo Arm, VIC 3909
Australia
Response Time: We aim to respond within 30 days.
12.2 Complaints
Internal Complaint: If you're unhappy with how we've handled your data, please contact us first at [email protected].
Australian Privacy Commissioner:
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
www.oaic.gov.au | 1300 363 992
EU Supervisory Authorities:
You may lodge a complaint with the supervisory authority in your EU member state. A list of authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Appendix: Legal References
Australian Law
- Privacy Act 1988 (Cth) - Australian Privacy Principles (APPs)
- Spam Act 2003 (Cth)
- Office of the Australian Information Commissioner (OAIC) Guidelines
European Law
- General Data Protection Regulation (EU) 2016/679 (GDPR)
- ePrivacy Directive 2002/58/EC
- Standard Contractual Clauses (Commission Decision 2021/914)
US Law
- California Consumer Privacy Act (CCPA/CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
- Other applicable state privacy laws