Skip to content

Legal

Privacy Policy

How NWARRAH collects, processes, and protects information across our website, contact channels, and engagements. Written in plain engineering language — not legal filler.

Last updated · July 2, 2026
v1.2
Active

Overview

NWARRAH is an engineering studio. We collect the minimum data needed to run our website, respond to enquiries, deliver projects, and improve our services. We do not sell personal data, and we do not run ad-tech profiling.

Data minimisation by default

If a piece of data is not required to deliver a service or meet a legal obligation, we prefer not to collect it at all.

Data we collect

  • Identity & contact data you submit: name, email, phone, company, and message content.
  • Project data shared during an engagement (documents, credentials via secure channels, requirements).
  • Account data if you create a login: email, profile fields, and role.
  • Technical data: IP-derived country, device type, browser, and referring source.
  • Usage data: pages viewed and interactions, in aggregate and cookie-free.

Analytics

We run first-party, cookie-free analytics. We record a per-tab session identifier (not tied to your identity), the page path, device category, approximate country from timezone, and the referring source.

note
event = { path, referrer_source, device, country, session_id }
// no cookies · no cross-site tracking · no ad networks

Cookies

We use only essential cookies required for authentication and preferences (such as your theme). We do not set marketing or third-party advertising cookies. See our Cookie Policy for the full breakdown.

Booking (Calendly)

When you book a call, scheduling may be handled by a third-party calendar provider. The data you enter (name, email, and any notes) is processed by that provider to confirm and manage your meeting. We receive the same details to prepare for the call.

Contact & lead forms

Information submitted through contact, lead, and audit request forms is stored in our CRM to route, respond to, and follow up on your request. We treat this as business-necessary processing.

Email

Transactional emails (confirmations, replies, account emails) are sent to fulfil your request. We do not add you to marketing lists without explicit opt-in.

Third-party processors

ProcessorPurposeData
SupabaseAuth, database, storageAccount & submitted data
Calendar providerMeeting schedulingName, email, notes
Email providerTransactional emailEmail address, message
Hosting/CDNServing the websiteRequest metadata

Processors, not data brokers

Each processor acts on our instructions under a data processing agreement and may not use your data for their own purposes.

Retention

  • Enquiry & lead records: up to 24 months after last contact.
  • Project records: for the duration of the engagement plus contractual/legal retention.
  • Analytics events: aggregated and retained for trend analysis, no personal identity attached.
  • Account data: until you delete your account or request removal.

Your rights

Depending on your jurisdiction you may request access, correction, deletion, export, or restriction of your data, and you may object to certain processing. We respond within statutory timeframes.

International users

We operate globally. Where data is transferred across borders, we rely on appropriate safeguards such as standard contractual clauses with our processors.

Security

We encrypt data in transit and at rest, apply role-based access control, and follow least-privilege principles. See our Security page for the full posture.

Children

Our services are intended for businesses and professionals. We do not knowingly collect data from children under 16.

Changes

We may update this policy as our services evolve. Material changes are reflected in the version and last-updated date at the top of this page.

Frequently asked

Questions about this document? Reach us at our contact page.

Let's build something that compounds.

Tell us about your product, systems or automation goals. We'll map a path forward.