Privacy Policy

1. Who We Are

Decide Your Money (“we”, “us”, “our”) operates the website at decideyourmoney.com (ABN 44 692 416 783, registered in Australia). We provide a personal finance method and educational resources designed to help you make better financial decisions. For privacy inquiries, contact us.

2. Information We Collect

We collect only what is necessary to provide and improve the service:

3. How We Use Your Information

We use your information for the following purposes and legal bases:

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

4. Data Retention

• Lead magnet PDFs and method guide PDFs: Delivered via direct download. Files are not stored on our servers post-delivery.
• Anonymous analytics: Retained indefinitely (no PII).
• Email addresses: Retained until you unsubscribe or request deletion.
• Payment records: Retained as required by Australian tax law (typically 5 to 7 years).
• Consent records: Retained for the duration of your use of the service plus 7 years.
• Affiliate referral attribution: Up to 90 days from the click event, after which the referral cookie expires.

5. Third-Party Service Providers

We use the following categories of third-party service providers to operate our services:

• Supabase — secure database storage with row-level security.
• Stripe — to handle secure payment transactions. We do not store credit card numbers or payment credentials.
• Vercel — website hosting and serverless functions.
• Vercel Web Analytics — server-side, cookieless analytics for measuring site usage and performance (no personal data collected).
• Resend — transactional email delivery (purchase confirmations and privacy request receipts).
• Beehiiv — newsletter and email marketing platform. If you subscribe to our mailing list, your email address is stored in Beehiiv. You can unsubscribe at any time.
• Affonso (affonso.io) — affiliate referral attribution. Sets a functional first-party cookie (90 days) to track which affiliate partner referred a customer for commission payment purposes. No advertising or behavioural profiling. Affonso's privacy policy: affonso.io/privacy

We do not share transaction data or bank statement contents with any of these providers beyond what is strictly necessary to perform the analysis. All third-party providers are bound by data processing agreements that require them to protect your data in accordance with applicable privacy laws.

Marketing emails and Spam Act 2003 (Cth) compliance: If you opt in to our newsletter or educational email sequences (for example by submitting your email to receive the free lead magnet), we will send you marketing communications under the express consent requirement of the Spam Act 2003 (Cth). Every marketing email clearly identifies Decide Your Money as the sender, includes our contact details, and contains a functional unsubscribe link. You can unsubscribe at any time and we will action your request within five business days, as required by section 18 of the Spam Act. EU and UK subscribers also have the right to withdraw consent at any time under GDPR Article 7(3) and PECR.

Changes to subprocessors: We may add, remove, or replace third-party service providers from time to time as our services evolve. When we make a material change involving a new processor that handles personal data, we will update this Privacy Policy and indicate the change with an updated “Last updated” date. For changes that materially affect how your personal data is processed, we will provide reasonable advance notice to active users (typically by email or by prominent website notice) before the change takes effect.

6. International Data Transfers

Decide Your Money is based in Australia. Some of our third-party service providers may process data in jurisdictions outside Australia, including the United States and the European Economic Area. Where data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission (for EU/UK data).
• Data processing agreements with all providers.
• Verification that the receiving jurisdiction provides adequate data protection or that appropriate contractual protections are in place.

By using Decide Your Money, you consent to the transfer of your information to these jurisdictions for the purposes described in this policy.

EU representative (GDPR Article 27): Decide Your Money does not currently designate an EU representative. We rely on the exemption in GDPR Article 27(2)(a): our processing of EU personal data is occasional, not on a large scale, does not involve special categories of data (Article 9) or criminal conviction data (Article 10), and is unlikely to result in risk to the rights and freedoms of natural persons. We will reassess this position if our EU activity grows materially and will appoint a representative if Article 27 ceases to permit the exemption.

7. Cookies and Tracking

Decide Your Money uses only strictly necessary and functional cookies. We measure aggregate site usage with Vercel Web Analytics, a privacy-respecting, server-side service that does not set cookies in your browser and does not collect personal data. We use a single first-party functional cookie for our affiliate referral program (Affonso) so partners who refer you can earn a commission if you purchase — without it, the affiliate program cannot attribute sales. We do not use third-party advertising cookies, behavioural retargeting cookies, cross-site tracking, Google Analytics, or session recording tools. For full details of every cookie used, see our Cookie Policy.

8. Security

We take reasonable technical and organisational measures to protect information against unauthorised access, loss, or disclosure, including:

• All data in transit is encrypted using TLS/SSL.
• Access to production systems is restricted to authorised personnel only.
• We conduct periodic security reviews of our infrastructure and third-party providers.

Despite these measures, no internet transmission is completely secure and we cannot guarantee absolute security. If you become aware of any security incident affecting your data, please contact us immediately.

9. Data Breach Notification

In the event of an eligible data breach under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law. We will also notify affected EU/UK residents under GDPR Article 33 and UK GDPR Article 33 where applicable. Notification will be provided without undue delay and, where feasible, within 72 hours of becoming aware of a qualifying breach.

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request erasure of personal data (subject to legal retention obligations).
• Portability (GDPR/UK GDPR): Request your data in a structured, machine-readable format.
• Objection (GDPR/UK GDPR): Object to processing based on legitimate interests.
• Restriction (GDPR/UK GDPR): Request restriction of processing in certain circumstances.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Automated decision-making (GDPR/UK GDPR): You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Our AI analysis produces informational reports only and does not make decisions with legal or similarly significant effects on you.

To exercise any of these rights, contact us. We will respond within 30 days. Australian users may also lodge a complaint with the OAIC at oaic.gov.au. EU users may lodge a complaint with their local data protection authority. UK users may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Children's Privacy

Decide Your Money is not directed at children under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Do Not Track

Decide Your Money does not currently respond to Do Not Track (DNT) browser signals, as there is no industry-standard interpretation of DNT. We do not use third-party advertising or tracking cookies regardless of your DNT setting.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by an updated “Last updated” date at the top of this page. If a change materially affects how we handle your personal data, we will make reasonable efforts to notify you (for example, by email or prominent website notice). Continued use of the service after changes constitutes acceptance of the revised policy.

14. Contact Us

For privacy requests, questions, or complaints, contact us. We aim to respond to all enquiries within 30 days.

15. Submit a Privacy Request

Under the Australian Privacy Act 1988 (APP 12 and APP 13), you have the right to access and request deletion of personal data we hold about you. Use the form below to submit a request. Requests are processed immediately; complex cases may take up to 30 days.