PRIVACY POLICY

Effective date: 22 August 2025
Who we are: The Freedom Engine Trust ABN [36 775 753 009], trading as Co-Pilot Hub” (collectively, “CoPilot Hub”, “we”, “us”, “our”).
Website: isyourcryptosafe.com

We respect your privacy and are committed to protecting it. This policy explains what we collect, why we collect it, how we use it, how we protect it, and how you can exercise your rights. It is written to meet Australian Privacy Principles and to address other major privacy regimes where relevant.

1. Scope

This policy applies to our website, emails, forms, events, support channels, and any services that link to it. It does not cover third party websites that we link to.

2. The data we collect

2.1 Information you provide

Contact details, such as name, email, phone, country or region.

Account and profile information, if you create an account or enroll in a program.

Purchase details, such as items, invoice data, and limited billing details. We use a third party payment processor for card data, and we do not store full card numbers.

Support and communications, such as questions, survey responses, and call recordings where you consent.

Marketing preferences and consent choices.

2.2 Information we collect automatically

Device and usage data, such as IP address, browser, pages viewed, timestamps, and referral URLs.

Cookie and pixel data used for analytics and to remember preferences, and if enabled, for advertising measurement. See Cookie Section below. OAIC guidance requires careful use of tracking pixels and simple opt-outs for direct marketing.

2.3 Information from third parties

Payment processors, email and SMS providers, analytics and advertising partners, and scheduling or webinar tools, to the extent permitted by law and your settings with those services.

3. Why we collect and how we use data

We use personal information to:

Provide and improve our website, content, and services.

Process orders and deliver digital products or events.

Communicate with you, including service notices and support.

Send marketing that you can opt out of at any time. APP 7 requires a simple opt-out and transparency about sources.

Personalise content and measure campaign performance.

Maintain security, prevent fraud, and comply with legal obligations.

If you are in the EEA or UK, we rely on one or more lawful bases under GDPR and UK GDPR, such as consent, contract, legal obligation, or legitimate interests.

4. Direct marketing

We only use your information for direct marketing in line with APP 7 and anti-spam laws. Every message includes an easy way to unsubscribe. If you ask us to stop, we will stop.

5. Cookies and similar technologies

We use cookies, local storage, and pixels. Categories include:

Essential, required for the site to function.

Analytics, to understand site performance.

Marketing, to measure campaigns and, where enabled, deliver or measure ads.

You can manage preferences through our Cookie Settings link. We adapt consent prompts based on local requirements, including the EEA, UK, and certain US states. OAIC advises regular reviews of tracking technologies.

6. Disclosures and third parties

We share personal information with:

Service providers who process data on our behalf, such as hosting, security, analytics, communications, payment processing, and customer support.

Professional advisers and auditors.

Authorities where required by law or to protect rights, safety, or security.

We require providers to protect your information and only use it for our instructions. For payment security we rely on PCI-compliant processors and do not store full card data on our servers.

6.1 Third Party Services

We rely on trusted third party services to store and process personal information on our behalf. These may include CRM platforms, cloud hosting providers, analytics services, communications tools, and payment processors.

Each provider is contractually required to implement appropriate safeguards and may only use your personal information according to our instructions. Some of these providers are located overseas, meaning your data may be transferred outside Australia.

We carefully select our service providers, review their security practices, and take reasonable steps to ensure they comply with applicable privacy and security standards.

7. International transfers

We operate in Australia and may transfer information to service providers in other countries. When we disclose personal information overseas, we take reasonable steps so that the recipient will handle it in accordance with the Australian Privacy Principles. Under APP 8, we remain accountable for mishandling by an overseas recipient, subject to exceptions.

For EEA and UK data subjects, where applicable we use appropriate safeguards for international transfers as required by GDPR and UK GDPR.

8. How we protect your information

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Measures include:

Encryption in transit, access controls, and least-privilege permissions.

Network security and vulnerability management.

Vendor risk assessments and data processing agreements where required.

Staff training, incident response plans, and secure deletion or de-identification when no longer needed. These steps align with APP 11 requirements and the OAIC Guide to Securing Personal Information.

9. Data retention

We keep personal information only as long as needed for the purposes set out here, to meet legal or accounting obligations, or to resolve disputes. For Australian tax records, most business records must be kept for at least five years, with some categories kept longer. We align our retention schedules with these rules and then delete or de-identify.

Typical retention guide:

Account and contact records, while you have an active relationship and for up to 24 months after your last interaction.

Purchase records and invoices, for at least five years, or longer if required by law.

Marketing preferences, until you opt out or the data is no longer needed.

Support tickets and call recordings, generally 24 months, unless needed longer for compliance or dispute resolution.

10. Your rights

10.1 Australia

You can request access to the personal information we hold about you and request corrections. We will respond within a reasonable period.

10.2 European Economic Area and United Kingdom

Depending on your location, you may have rights of access, rectification, erasure, restriction, objection, portability, and rights related to automated decision making. You can withdraw consent at any time where we rely on consent.

10.3 California

California residents have rights to know, access, correct, delete, and to opt out of selling or sharing personal information. If we use targeted advertising or cross-context behavioral advertising, we will provide a “Do Not Sell or Share My Personal Information” link. We do not discriminate against you for exercising your rights.

To exercise any rights, contact us at the email below. We will verify your request and respond within the timeframes required by law.

11. Children’s privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us and we will delete it.

12. Data breach response

If a data breach is likely to result in serious harm, we will notify affected individuals and the OAIC in line with the Notifiable Data Breaches scheme. We will also provide recommendations to help you reduce risk.

13. Automated decision making

We do not make decisions that produce legal or similarly significant effects solely using automated processing. If this changes, we will explain the logic involved, the significance, and your rights.

14. How to contact us

Email: [email protected]

Postal address: CoPilot Hub, PO Box 27, Canungra, QLD 4275, Australia

For EEA or UK residents: If an EU or UK representative is required, we will publish their contact details here.

If you have concerns, you can also contact the Office of the Australian Information Commissioner.

15. Changes to this policy

We may update this policy to reflect changes to our practices or legal requirements. We will post updates here with a new effective date.