Proven Innovation

Privacy

What I collect, how I use it, where it's stored.

A short, accurate account of how this website handles personal information. Written against the Australian Privacy Principles and the actual technical setup behind proveninnovation.com — not a generic template.

Last updated: 28 April 2026

In one paragraph

This site collects what you type into the contact form (your name, email, and message) and aggregate, cookieless analytics on which pages get viewed. The form content is delivered to me by email and is not shared further. The analytics never see your IP address or build a profile of you. There are no advertising trackers, no cross-site cookies, and no third-party retargeting on this site.

What I collect

Three sources, all narrow.

Contact-form submissions.

When you send a message via the contact form, I collect the name, email address, and message body you supply. Nothing else from that page is captured — no field is hidden or implicit. A single anti-spam token from Cloudflare Turnstile is also sent with the submission and discarded after verification.

Cookieless analytics.

Cloudflare Web Analytics counts page views in aggregate. It runs without cookies and without storing IP addresses against individual visitors. I see counts of how many times each page was viewed; I do not see who you are, what you did before arriving, or where you went after.

First-party event log.

When the contact form successfully sends, the server logs a single line recording that a submission happened, the date, and nothing else. There is no name, email, or message in this log — it exists only so I can count how often the form is used over a month.

What I don't collect.

No advertising cookies, no remarketing pixels, no cross-site identifiers, no social-network tracking, no fingerprinting beyond what Cloudflare Turnstile uses to decide whether a form submission looks like a bot.

How I use it

Contact-form submissions are used for one thing: replying to your enquiry. The email lands in my Google Workspace inbox; I read it and write back. If your enquiry becomes a paid engagement, the same email thread becomes part of the project record — kept for the duration of the engagement and a reasonable period after.

Aggregate page-view counts are used to understand which pages of the site are being read, so I can decide what to refine. They are not used to profile, re-target, or contact anyone.

I do not sell, rent, or share any of this data with third parties for marketing purposes. The only "sharing" is with the technical providers below, which is necessary to run the site at all.

Where it's stored

The site runs on Cloudflare Pages, which is a global edge network. That means HTTP requests, including form submissions, transit Cloudflare data centres outside Australia (often closest to where you are visiting from). The form's contents are not held by Cloudflare beyond the time it takes to forward them.

Outbound email is sent via Resend, a transactional email provider with infrastructure in the United States and (for bounce handling) the Asia-Pacific region. Once a message is delivered to my inbox, the copy in Resend's logs is retained per their published policy and is not used by me beyond debugging delivery if needed.

My inbox is on Google Workspace. Once an enquiry arrives, it is held there subject to Google's usual retention.

Anti-bot protection uses Cloudflare Turnstile, which evaluates a short-lived challenge token. Turnstile does not set persistent cookies and does not build a cross-site profile.

Some of these providers process data outside Australia (United States, Asia Pacific, European Union — whichever is closest in the providers' edge network). By submitting the contact form, you consent to that cross-border handling, which is necessary for the site to function. I have no separate database or storage layer beyond what is described here.

How long it's kept

Contact-form emails: kept in my inbox until I judge them no longer relevant. Enquiries that don't lead anywhere are typically archived or deleted within a year. Enquiries that turn into engagements are kept for the duration of the engagement and for a reasonable period after, in line with my obligations to you.

Resend's transient send log: retained per Resend's published policy.

Cloudflare Web Analytics: aggregate counts are retained per Cloudflare's policy. Because the data is aggregated and cookieless, there is no per-visitor record to expire.

First-party event log lines: trimmed when older than 12 months. They contain no personal information.

Your rights

Under the Australian Privacy Principles, you have the right to:

  • Ask what personal information I hold about you.
  • Ask me to correct any of it that's wrong.
  • Ask me to delete it (subject to any record-keeping obligations I owe you).
  • Make a privacy complaint, first to me and then — if you're unsatisfied — to the Office of the Australian Information Commissioner.

For any of these, email [email protected]. I'll reply within a business day, and substantively within thirty days.

If you're not satisfied with how I've handled a privacy concern, you can contact the OAIC at oaic.gov.au/privacy/privacy-complaints.

Changes and contact

If this policy changes, the "last updated" date at the top changes with it. The git history of this page lives in the public deployment record; substantive changes will be noted in a short summary at the top.

For anything privacy-related: [email protected].