Legal · Last updated 25 May 2026
Privacy Policy
This policy explains how Future Impact AI (operating FlowLeads) collects, uses, discloses, and protects your personal information. It is written in plain English where possible, and complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This is our current privacy policy. We are a small AU operator — if anything is unclear, email us at hello@flowleads.com.au before acting on it.
Who We Are
Future Impact AI (ABN 14 674 934 877) is an Australian company based on the Gold Coast, Queensland, operating FlowLeads — a lead-system strategy, build, and care service for AU service businesses. FlowLeads is a product of FutureImpactAI in partnership with NullGlitch.
In this policy "we", "us", or "FlowLeads" means Future Impact AI. "You" means any person who interacts with our website at flowleads.com.au or engages our services.
Contact: hello@flowleads.com.au
Personal Information We Collect
We collect personal information in two ways: directly from you, and automatically through the technology powering our website.
2.1 Information you provide
- Name — first and last, provided via our enquiry or audit booking forms.
- Email address — used to send you audit deliverables, correspondence, and (if opted in) marketing updates.
- Phone number — used to conduct audit calls and respond to enquiries.
- Business name — used to scope the audit and personalise deliverables.
- Suburb / city — used to contextualise local SEO and ad coverage in your audit.
- Any additional context you choose to include in form fields (e.g. notes about your current ad situation).
2.2 Information collected automatically
- IP address — collected by Vercel (our hosting provider) and Google Analytics.
- Browser and device type — operating system, screen size, browser version.
- Referring page / UTM parameters — how you found our website.
- Pages visited and time spent — anonymised session data via Google Analytics.
- Ad interaction data — if you clicked a Meta or Google ad before visiting, those platforms' pixels capture this for attribution.
We do not collect sensitive information (health, biometric, financial account details, political opinions) and we do not ask for it.
How We Collect It
- Enquiry and audit booking forms on flowleads.com.au.
- Calendar booking tools (Calendly or equivalent) when you schedule a call.
- Intake questionnaires completed as part of the Lead Leak Audit onboarding.
- Directly during audit calls (notes we take).
- Cookies and tracking pixels loaded by our website (see Section 8).
We collect personal information only by lawful and fair means, and only where it is reasonably necessary for our functions. We will notify you at or before the time of collection what information we are collecting and why (APP 5).
How We Use Your Information
We use your personal information for the following purposes:
- Delivering the Lead Leak Audit — scoping, conducting, and delivering the PDF report and walkthrough call.
- Responding to enquiries — following up on contact form submissions and quote requests.
- Providing ongoing services — if you engage us for a System Build or Care, your contact details are used to manage that engagement.
- Email updates — if you explicitly opt in, we send marketing-related emails (playbooks, case studies, service updates). You can unsubscribe at any time (see Section 7).
- Ad attribution — understanding which ads or channels drove enquiries, so we can manage our own ad spend sensibly.
- Internal analytics — aggregate, non-identifiable analysis of how our website and funnel perform.
- Legal and compliance obligations — retaining records as required by Australian law, including the ATO's record-keeping requirements.
We do not use your personal information for any purpose materially different from what is listed above without seeking your consent first (APP 6).
Who We Share Your Information With
We do not sell your personal information. We share it only with the sub-processors required to deliver our services:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Workspace | Email, document storage, internal operations | US (AU data centre available) |
| Vercel | Website hosting and edge delivery | US / Global CDN |
| Google Analytics (GA4) | Website traffic analytics | US |
| Google Ads | Ad attribution and conversion tracking | US |
| Meta Pixel / Conversions API | Ad attribution, remarketing audience building | US |
| Calendly (or equivalent booking tool) | Audit and consultation scheduling | US |
| Email marketing provider (e.g. Brevo / Mailchimp) | Sending opted-in email updates | EU / US (provider-dependent) |
All third-party processors named above are used under their own privacy policies and data processing agreements. Where data is transferred internationally, Section 10 applies.
We disclose your information to government or regulatory bodies only if required by law.
Data Retention
We retain personal information for the following periods:
- Audit deliverables and financial records — 7 years from the date of the engagement, as required by the ATO for business record-keeping obligations.
- General lead and enquiry records (people who enquired but did not proceed) — 3 years from the date of last contact, after which records are deleted or de-identified.
- Active client records — retained for the duration of the engagement and for 7 years after it ends.
- Marketing email lists — retained until you unsubscribe. After unsubscription, your address is suppressed (not deleted) to prevent accidental re-subscription.
When data is no longer required, we delete it or de-identify it so that it can no longer be linked to you (APP 11.2).
Marketing Communications (Spam Act 2003)
Any commercial electronic message we send complies with the Spam Act 2003 (Cth). Specifically:
7.1 Consent
We send marketing emails only to recipients who have given express or inferred consent. Express consent is obtained via an opt-in checkbox on our forms. Inferred consent applies where you are an existing client with a recent engagement (within the past 2 years) and the message is directly related to that engagement.
7.2 Sender identification
Every marketing email we send clearly identifies Future Impact AI (FlowLeads) as the sender and includes our contact email address.
7.3 Unsubscribe
Every marketing email includes a working unsubscribe link. Unsubscribe requests are honoured within 5 business days. After that, you will receive no further marketing messages from us. Transactional emails (e.g. your audit report, payment receipts) are not affected by unsubscribing from marketing.
7.4 No third-party marketing
We do not send messages on behalf of third parties using your contact details, and we do not provide your email address to third parties for their marketing purposes.
Cookies and Tracking
Our website uses the following categories of cookies and tracking technologies:
8.1 Essential cookies
Required for the website to function (e.g. form submission state). These cannot be disabled without breaking site functionality.
8.2 Analytics cookies
Google Analytics (GA4) places cookies to track aggregate, anonymised page visit data. IP addresses are anonymised before storage. This data helps us understand which pages perform well. You can opt out by installing the Google Analytics Opt-out Browser Add-on.
8.3 Marketing / pixel cookies
We load the Meta Pixel and Google Ads conversion tag on our website. These track whether you clicked one of our ads before visiting, and may build remarketing audiences for our ad campaigns. They do not create individual profiles visible to us — they report aggregate conversion data to Meta and Google.
8.4 Managing cookies
Most browsers allow you to refuse, delete, or manage cookies. Instructions for major browsers:
Disabling marketing cookies does not affect the content you see on our site; it only affects ad attribution.
Your Rights Under the Australian Privacy Principles
Under the Privacy Act 1988 (Cth) and the APPs, you have the following rights:
9.1 Access (APP 12)
You may request access to the personal information we hold about you. We will respond within 30 days. We do not charge a fee for access requests, but may charge a reasonable fee to cover the cost of providing the information if the request is complex.
9.2 Correction (APP 13)
If you believe information we hold is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you can request a correction. We will take reasonable steps to correct it within 30 days.
9.3 Anonymity and pseudonymity (APP 2)
Where it is lawful and practicable, you may interact with us without identifying yourself. However, we cannot deliver the Lead Leak Audit without knowing who you are and your business details.
9.4 How to exercise your rights
Email your request to hello@flowleads.com.au with the subject line "Privacy Request". Include your full name and the nature of the request. We will verify your identity before fulfilling any access or correction request.
International Transfers
Several of our sub-processors (Section 5) are headquartered in the United States and process data on US-based infrastructure. By submitting your personal information to us, you acknowledge that it may be transferred to and processed in the United States.
Both Google and Meta operate under adequacy frameworks and standard contractual clauses for international data transfers. Google has Australian data centre options available, and both companies hold certifications under recognised cross-border privacy frameworks.
If you are visiting from the European Economic Area (EEA), we note that we are not a GDPR-regulated entity (we are an AU-based business without EU establishment). However, we apply reasonable data minimisation and purpose limitation practices consistent with international privacy standards.
Children
Our services are business-to-business and are not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has submitted information to us, contact us immediately and we will delete it.
Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure (APP 11.1). These steps include:
- Access controls limiting who within our team can access client data.
- Using HTTPS across our entire website (enforced by Vercel).
- Storing sensitive client documents in access-controlled Google Workspace environments.
- Not retaining payment card data — all payments are processed by third-party payment processors.
No method of data transmission over the internet is 100% secure. If a data breach occurs that is likely to result in serious harm to any individual, we will notify affected individuals and the OAIC as required under the Notifiable Data Breaches scheme (Part IIIC, Privacy Act 1988).
How to Contact Us
For any privacy-related questions, requests, or concerns, contact us at:
Future Impact AI (operating FlowLeads)
Email: hello@flowleads.com.au
Website: flowleads.com.au
How to Make a Complaint
14.1 Complaints to us first (APP 1.2)
If you have a complaint about how we have handled your personal information, email us at hello@flowleads.com.au with the subject line "Privacy Complaint". We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
14.2 Escalation to the OAIC
If you are not satisfied with our response, or we do not respond within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: oaic.gov.au
- Phone: 1300 363 992
- Online form: Lodge a complaint with the OAIC
Changes to This Policy
We update this policy when our data practices change. The "Last updated" date at the top of this page reflects the current version. For material changes, we will notify active clients via email. Continued use of our website or services after an update constitutes acceptance of the revised policy.
The current version is always available at flowleads.com.au/privacy.