Privacy Policy
This privacy policy explains how The Still Architect ("we", "us", "our") collects, uses, stores, and discloses your personal information. It applies to all interactions with our website, products, and services, including The Refactor online course, The Friction Audit, our newsletter, and any related communications.
The Still Architect is operated by Dihan Pool as a sole trader based in Australia.
ABN: N/A
Contact: thestillarchitect@gmail.com
1. Legal Framework
This policy is written in accordance with:
- The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) set out in Schedule 1 of that Act. While the small business exemption under section 6D of the Privacy Act may apply to our business, we voluntarily comply with the APPs as a matter of best practice and transparency.
- The General Data Protection Regulation (EU) 2016/679 ("GDPR") to the extent it applies to individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland. Under Article 3(2) of the GDPR, these obligations apply when we offer goods or services to individuals in those regions.
2. What Personal Information We Collect
We collect only the personal information reasonably necessary for the purposes described in this policy. We collect the following categories:
Information you provide directly
| Data | When collected | Purpose |
|---|---|---|
| Name | Course purchase, email signup, Friction Audit | Identify your account, personalise communications |
| Email address | Course purchase, email signup, Friction Audit, newsletter subscription | Deliver course access, send transactional emails, send marketing communications (with consent) |
| Payment information (card number, billing address) | Course purchase | Process your payment. Payment details are collected and processed by Stripe. We do not store your full card number or CVV on our systems. |
Information collected automatically
| Data | When collected | Purpose |
|---|---|---|
| Course progress and completion data | When you access course content on Thinkific | Track your progress, issue completion certificates, improve the course |
| Device and browser information | Website visits | Website functionality and basic analytics |
| IP address | Website visits, course access | Security, fraud prevention, approximate geographic location for analytics |
Information we do not collect
- We do not collect sensitive information (health data, racial or ethnic origin, political opinions, religious beliefs, sexual orientation) as defined under APP 3.3 of the Privacy Act or Article 9 of the GDPR.
- We do not collect information about children. Our products are designed for working professionals and are not directed at anyone under 18 years of age.
- We do not purchase personal information from third-party data brokers or lists.
- We do not engage in automated decision-making or profiling as described in Article 22 of the GDPR.
Is providing your data required?
- To purchase The Refactor: providing your name, email, and payment details is a contractual requirement. Without this information, we cannot process your purchase or grant course access.
- To sign up for The Friction Audit or newsletter: providing your email address is voluntary but necessary to receive the resource or communications.
- Automatically collected data: collected as part of normal website and platform operation. You can limit this through your browser settings.
3. How We Use Your Personal Information
We use your personal information for the following purposes:
- To deliver our products and services - processing your purchase, granting course access, tracking your progress, issuing certificates (lawful basis under GDPR: performance of a contract, Article 6(1)(b))
- To communicate with you - sending purchase confirmations, access instructions, course-related emails, and responding to your enquiries (lawful basis: performance of a contract / legitimate interest)
- To send marketing communications - newsletters, product updates, and promotional content. You can unsubscribe at any time using the link in any email (lawful basis: consent, Article 6(1)(a))
- To improve our products - analysing course completion rates, identifying where learners get stuck, improving content (lawful basis: legitimate interest in improving our products and services to better serve learners, Article 6(1)(f))
- To comply with legal obligations - maintaining financial records, responding to lawful requests from authorities (lawful basis: legal obligation, Article 6(1)(c))
We will not use your personal information for any purpose other than those listed above without your consent, except where required or authorised by law (consistent with APP 6).
4. Third-Party Services
We share your personal information with the following third-party service providers, solely for the purposes described below. Each provider has its own privacy policy governing its handling of your data.
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe (Stripe, Inc.) | Payment processing | Name, email, payment details, billing address | United States |
| Thinkific (Thinkific Labs Inc.) | Course delivery, progress tracking, certificates | Name, email, course progress, completion status | United States (company headquartered in Canada; data hosted on AWS US servers) |
| Beehiiv (Beehiiv Inc.) | Email marketing and nurture sequences | Name, email, email engagement data (opens, clicks) | United States |
| Substack (Substack Inc.) | Newsletter distribution | Email address, subscription preferences | United States |
Cross-border disclosure (APP 8): Several of our service providers are located outside Australia (as noted above). By providing your personal information, you acknowledge that it may be transferred to, stored, and processed in those countries. We take reasonable steps to ensure these overseas recipients do not breach the Australian Privacy Principles in relation to your information.
GDPR transfer safeguards: Where personal information of EEA, UK, or Swiss residents is transferred outside those regions, we rely on the service providers' own compliance mechanisms, including Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions by the European Commission.
We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.
5. Cookies and Tracking
Our website may use essential cookies for site functionality (e.g., remembering your login session on Thinkific). We do not use advertising cookies or retargeting pixels.
If we introduce analytics tools in the future, this policy will be updated before any tracking is implemented.
6. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law.
| Data type | Retention period | Reason |
|---|---|---|
| Course purchase and access records | 5 years from the date the record was prepared or the transaction completed (whichever is later) | Australian tax record-keeping obligations (Income Tax Assessment Act 1936, s 262A) |
| Email subscriber data | Until you unsubscribe, then deleted within 30 days | Marketing consent can be withdrawn at any time |
| Friction Audit signup data | Until you request deletion or 2 years from signup, whichever is earlier | Follow-up and relationship building |
| Payment records (held by Stripe) | Per Stripe's retention policy | Payment processing and dispute resolution |
| Course progress data (held by Thinkific) | For as long as your course access remains active | Course delivery |
When data is no longer needed, it is securely deleted or de-identified.
7. Data Security
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (consistent with APP 11). These steps include:
- Using HTTPS encryption across all web properties
- Relying on third-party providers (Stripe, Thinkific, Beehiiv) that maintain industry-standard security certifications (Stripe is PCI DSS Level 1 certified)
- Limiting access to personal information to the business operator only
- Using strong, unique passwords and two-factor authentication on all service provider accounts
No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.
8. Your Rights
All users
You have the right to:
- Access the personal information we hold about you (APP 12)
- Correct inaccurate or out-of-date information (APP 13)
- Request deletion of your personal information where it is no longer needed for the purposes for which it was collected
- Unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or by contacting us directly
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached the APPs
Additional rights for individuals in the EEA, UK, and Switzerland (under GDPR)
You also have the right to:
- Access your personal data and obtain a copy (Article 15)
- Rectification - have inaccurate personal data corrected (Article 16)
- Erasure ("right to be forgotten") - request deletion of your personal data where it is no longer necessary (Article 17)
- Data portability - receive your personal data in a structured, commonly used, machine-readable format (Article 20)
- Restrict processing - ask us to limit how we use your data in certain circumstances (Article 18)
- Object to processing - object to processing based on legitimate interests (Article 21)
- Withdraw consent - where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing (Article 7(3))
- Lodge a complaint with your local data protection authority (a full list is available at edpb.europa.eu)
To exercise any of these rights, contact us at thestillarchitect@gmail.com. We will respond within 30 days (or within the timeframe required by applicable law).
9. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify existing customers and subscribers by email where the changes materially affect how we handle personal information
We encourage you to review this policy periodically. For changes that affect processing based on consent, we will seek renewed consent where required by applicable law.
10. Contact
If you have questions about this privacy policy, wish to exercise your rights, or want to make a complaint, contact:
Dihan Pool
The Still Architect
Email: thestillarchitect@gmail.com
For complaints that are not resolved to your satisfaction, you may contact:
- Office of the Australian Information Commissioner (OAIC)
Website: oaic.gov.au
Phone: 1300 363 992 - Your local data protection authority (for individuals in the EEA, UK, or Switzerland)