Privacy Policy | BUILT by Storm
Legal

Privacy Policy.

Last Updated: May 4, 2026
Plain English Summary We collect the information we need to deliver our coaching programs, communicate with you, and run our business — nothing more. We don't sell your data. We use trusted third parties (like Stripe for payments and our CRM for client management) to operate, and we take reasonable steps to keep your information secure. You can ask us at any time what we hold about you, request a correction, or unsubscribe from marketing.

01About this Policy

This Privacy Policy explains how BUILT by Storm ("we", "us", or "our") collects, uses, stores, discloses, and protects personal information about visitors to our website, prospective and existing clients, and people who otherwise interact with our business.

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and the Spam Act 2003 (Cth) where applicable to electronic marketing. By using our Website or Services, you consent to your information being handled as described in this Policy.

02Who We Are

BUILT by Storm is an Australian business coaching company providing programs, courses, and 1:1 advisory services to allied health professionals and clinic owners. Our contact details for privacy matters are:

  • Business: BUILT by Storm
  • ABN: 15 697 527 343
  • Address: Melbourne, VIC
  • Email: [email protected]

03The Information We Collect

The personal information we collect depends on how you interact with us. We generally collect:

Identity & Contact
Your name, email address, phone number, and (where relevant) postal address.
Professional
Your profession or discipline, registration body (e.g. AHPRA), clinic or business name, role, and years in practice.
Business
Information you share during enrolment, intake, coaching sessions, or in our community — including business goals, revenue figures, team size, services offered, pricing, and challenges.
Payment
Payment is processed by our payment provider (Stripe). We do not store your full card number or CVC. We retain transaction records (amount, date, last four digits, billing name) for accounting and tax purposes.
Account & Login
Your username and a hashed password if you have a Client Portal account.
Communications
The content of emails, support messages, and (with your consent) recordings or transcripts of coaching sessions used for delivery and service improvement.
Technical & Usage
IP address, browser type, device type, operating system, referring URL, pages visited, and time spent on pages — collected automatically through cookies and similar technologies (see Section 09).
Marketing
Your subscription status, content preferences, engagement with our emails, and how you found us.

Sensitive information. We do not generally collect sensitive information (such as health, racial or ethnic origin, religious beliefs, or sexual orientation). If you choose to share sensitive information with us — for example, to request an accommodation or because it's relevant to your business circumstances — we will only use it for the purpose for which you provided it, and only with your consent.

Information about your patients or clients. Our Programs are designed to teach business strategy. We do not need, and do not ask for, identifying information about your patients, NDIS participants, or clinical clients. Please do not share their personal or health information with us. If you do, we will ask you to redact it.

04How We Collect Information

We collect information:

  • Directly from you — when you fill in a form on our Website, book a discovery call, enrol in a Program, complete an intake or feedback form, email us, or speak with us during a session;
  • Automatically — when you visit the Website, through cookies, pixels, server logs, and analytics tools;
  • From third parties — for example, if a colleague refers you (we will only act on a referral with your consent), or from publicly available professional listings; and
  • From service providers we use to deliver Programs, such as our CRM, scheduling tool, payment processor, and video conferencing platform.

05How We Use Your Information

We use personal information for the following purposes:

  • To respond to your enquiries and book discovery calls;
  • To enrol you in Programs, deliver Services, and manage your account;
  • To process payments and maintain financial records (including for tax compliance);
  • To communicate with you about your Program, sessions, schedule changes, and important updates;
  • With your consent, to send you marketing emails, newsletters, free resources, and information about future offerings;
  • To improve our Programs, content, and Website — including by analysing how the site is used and what's working;
  • To protect the security and integrity of our systems and prevent fraud or misuse;
  • To comply with our legal obligations and respond to lawful requests by authorities; and
  • For any other purpose disclosed to you at the time of collection or with your consent.

06Marketing Communications

If you have opted in (for example, by downloading a free resource or subscribing to The BUILT Brief), we may send you marketing emails about content, Programs, events, and resources we think will be useful to you.

Every marketing email contains a clear unsubscribe link. You can opt out at any time by clicking unsubscribe, or by emailing [email protected]. We will action unsubscribe requests within five business days. Note that even after unsubscribing, you may continue to receive transactional and service-related messages (for example, payment confirmations, session reminders, and updates about a Program you are enrolled in) — these are not marketing.

07Who We Share Your Information With

We do not sell your personal information. We disclose it only in the following circumstances:

  • Service providers and contractors who help us run the business — including our payment processor, CRM, email marketing platform, course hosting platform, scheduling and video conferencing tools, file storage and hosting providers, analytics providers, and bookkeeper or accountant. These providers only receive the information they need to perform their function and are bound by confidentiality and security obligations.
  • Coaches, contractors, and guest experts we engage to deliver Programs, where access to your information is necessary for that delivery.
  • Professional advisors (such as our lawyers, auditors, or insurers) where reasonably required.
  • Government bodies, regulators, or law enforcement where required by law, court order, or in response to a lawful request.
  • A successor or buyer if we sell, merge, or restructure all or part of the business — in which case we will require any successor to handle your information consistently with this Policy.

Categories of providers we currently use include — but may change as our stack evolves — Stripe (payments), Go High Level (CRM and client portal), email service provider, video conferencing platform, course hosting platform, and Google Workspace. We are happy to provide a current list of major sub-processors on request.

08Overseas Disclosure

Some of the third-party services we use are based outside Australia or store data on servers located overseas — most commonly in the United States and the European Union. This means that, in providing your information to those services, we may be disclosing it to recipients overseas.

Before disclosing personal information to an overseas recipient, we take steps that are reasonable in the circumstances to ensure that the recipient handles your information consistently with the Australian Privacy Principles. By using our Services, you consent to your personal information being disclosed to and stored by these overseas recipients for the purposes set out in this Policy.

09Cookies and Online Tracking

Our Website uses cookies and similar technologies — small data files placed on your device — to make the site work, analyse traffic, and (where you have consented) deliver relevant marketing.

The categories of cookies we may use include:

  • Essential / functional cookies required for core site functionality (e.g. remembering you are logged into the Client Portal);
  • Analytics cookies that help us understand how visitors use the site and identify what content is working (e.g. Google Analytics);
  • Marketing and advertising cookies / pixels that allow us to measure the effectiveness of our advertising and show relevant content on platforms like Meta (Facebook and Instagram).

You can disable cookies in your browser settings, but parts of the Website may not function correctly if you do. Where required, we will request your consent before using non-essential cookies.

10How We Protect Your Information

We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, and disclosure. These steps include using reputable third-party providers with their own security accreditations, restricting access to information on a need-to-know basis, using encrypted connections (HTTPS) on the Website, requiring strong account passwords, and reviewing our security practices periodically.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a data breach that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

11How Long We Keep Your Information

We keep personal information only for as long as we need it for the purposes described in this Policy, or as required by law. As a general guide:

  • Active client records are kept while you are enrolled in a Program and for a reasonable period afterwards to support continuing service and follow-up;
  • Financial records (including invoices and payment records) are kept for at least five (5) years in line with Australian Taxation Office requirements;
  • Marketing list information is kept until you unsubscribe;
  • Discovery call enquiries that don't lead to enrolment are typically deleted within 24 months unless you've asked us to stay in touch.

When we no longer need your information, we will take reasonable steps to securely delete or de-identify it.

12Your Rights and Choices

You have the right to:

  • Access the personal information we hold about you;
  • Correct information that is inaccurate, out of date, incomplete, or misleading;
  • Withdraw consent for marketing or other purposes that rely on your consent (this will not affect anything we already lawfully did with your consent);
  • Request deletion of your information, subject to our legal and record-keeping obligations; and
  • Make a complaint if you believe we have mishandled your personal information.

To exercise any of these rights, email [email protected]. We may need to verify your identity before actioning a request, and we will respond within a reasonable timeframe (usually within 30 days). There is generally no charge for accessing your information, but we may charge a reasonable fee if a request is unusually complex or repetitive.

13Children's Privacy

Our Website and Services are intended for adults — specifically, people aged 18 or older who are running or working in a healthcare business. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us and we will take steps to delete it.

14Third-Party Links

Our Website may include links to third-party websites, tools, or resources. This Policy does not apply to those external sites — they have their own privacy practices, and we encourage you to review them before sharing your information.

15Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, our service providers, or the law. The "Last Updated" date at the top of this page reflects when the Policy was most recently changed. Material changes will be communicated to active clients via email or a prominent notice on the Website. Your continued use of the Services after a change constitutes acceptance of the updated Policy.

16How to Contact Us or Make a Complaint

If you have a question about this Policy, want to access or correct your information, or wish to make a privacy complaint, please contact us first:

BUILT by Storm — Privacy Enquiries

Email: [email protected]
Or use our contact form.

We will acknowledge receipt of your complaint and aim to respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001