Privacy Policy
Plus Also Studios Pty Ltd
1. About This Policy
Plus Also Studios Pty Ltd (“Plus Also”, “we”, “us”, “our”) operates the website plusalsostudios.com.au and provides campaign rollout production services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.
We are an Australian company and comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where our services are used by individuals in the European Union or United Kingdom, we also comply with the General Data Protection Regulation (GDPR) and UK GDPR respectively.
By using our website or services, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
2.1 Information You Provide Directly
When you place an order or interact with our services, we collect:
- Contact details: your name, organisation/company name, and email address
- Uploaded files: design files (Figma, InDesign, Photoshop, PDF), images, font files, specification spreadsheets, archive files, and video files that you upload as part of your rollout order
- Order details: campaign specifications, creative requirements, delivery preferences, add-on selections, and any comments or notes you provide
- Payment information: processed securely by Stripe. We do not store your credit card number, CVV, or full payment card details on our servers. We receive your email address and a confirmation of payment from Stripe
2.2 Information Collected Automatically
When you visit our website, we may automatically collect:
- Analytics data via Google Analytics: pages visited, time spent on pages, referral source, general geographic location (country/city level), browser type, device type, and screen resolution
- Session behaviour data via Microsoft Clarity: mouse movements, clicks, scroll depth, and session recordings (anonymised) to understand how users interact with our website
- Technical data: IP address, browser type and version, operating system, and device information
- Cloudflare data: as our website is hosted on Cloudflare, standard web request data (IP address, request headers, URL) is processed by Cloudflare’s infrastructure
2.3 Cookies and Tracking Technologies
We use cookies and similar technologies on our website:
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga, _ga_* | Google Analytics | Distinguish unique users, track sessions | Up to 2 years |
| _gid | Google Analytics | Distinguish unique users | 24 hours |
| _gat | Google Analytics | Throttle request rate | 1 minute |
| _clck | Microsoft Clarity | Persist Clarity user ID | 1 year |
| _clsk | Microsoft Clarity | Connect page views into a session | 1 day |
| MUID | Microsoft Clarity | Identify unique browsers | 1 year |
| ANONCHK | Microsoft Clarity | Session cookie for analytics | Session |
| SM | Microsoft Clarity | Stores sessions for Clarity | Session |
| Essential cookies | Cloudflare | Security, performance, and bot protection | Varies |
Managing cookies: You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking essential cookies may affect the functionality of our website.
3. How We Use Your Information
We use the information we collect to:
- Provide our services: produce your campaign rollout, generate asset files in the formats you specify, and deliver completed work to you
- Process payments: create Stripe checkout sessions and verify payment for your orders
- Send transactional communications: send order confirmations and delivery notifications via email (using Resend)
- Store and deliver files: securely store your uploaded files and produced assets in Cloudflare R2, and provide time-limited download links
- Improve our website: analyse usage patterns through Google Analytics and Microsoft Clarity to improve user experience
- Communicate with you: respond to inquiries and provide customer support
- Comply with legal obligations: maintain records for accounting, tax, and regulatory purposes
4. Legal Basis for Processing (GDPR)
For individuals in the EU/UK, we process personal data under the following legal bases:
- Performance of a contract: processing necessary to fulfil your order and deliver our services
- Legitimate interests: website analytics and service improvement, provided these do not override your rights
- Consent: where you have opted in to non-essential cookies or marketing communications. You may withdraw consent at any time
- Legal obligation: where required to comply with applicable laws
5. Third-Party Services
We share personal information with the following third-party service providers who assist us in operating our business:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Payment processing | Stripe (US) | Process payments securely | Email address, payment details |
| Transactional email | Resend (US) | Send order confirmations and delivery emails | Name, email, order details |
| Hosting & file storage | Cloudflare (US) | Host website, store uploaded files and orders | All uploaded files, order data, web request data |
| Website analytics | Google Analytics (US) | Understand website usage | IP address (anonymised), usage data, cookies |
| Session analytics | Microsoft Clarity (US) | Understand user behaviour | Session data, clicks, scroll depth |
We do not sell your personal information to third parties. We only share information as described above or where required by law.
6. File Storage and Retention
- Uploaded files are stored securely in Cloudflare R2 (encrypted at rest). Files are retained for 7 days after order completion to allow for re-delivery if needed
- Download links expire 7 days after delivery. After this period, the files will no longer be available
- Order records are retained for 7 years to comply with Australian tax and accounting obligations
- Analytics data is retained according to the default retention periods of Google Analytics (14 months) and Microsoft Clarity (13 months)
You may request deletion of your uploaded files at any time by contacting us (see Section 10).
7. Data Security
We take reasonable steps to protect your personal information:
- Encryption in transit: all data transmitted between your browser and our servers is encrypted using HTTPS/TLS
- Encryption at rest: files stored in Cloudflare R2 are encrypted at rest
- Signed download tokens: file download links are cryptographically signed (HMAC-SHA256) with expiration to prevent unauthorised access
- PCI compliance: payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified
- Edge computing: our application runs on Cloudflare Workers, providing DDoS protection and security at the edge
- Rate limiting: upload and checkout endpoints are rate-limited to prevent abuse
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. International Data Transfers
Plus Also Studios is based in Australia. When you use our services, your information may be transferred to and processed in countries outside your jurisdiction:
- Cloudflare: operates a global network; your data may be processed at the nearest edge location
- Stripe: headquartered in the United States
- Resend: headquartered in the United States
- Google Analytics: data processed in the United States
- Microsoft Clarity: data processed in the United States
These transfers are protected by appropriate safeguards including the service providers’ data processing agreements, Standard Contractual Clauses (SCCs), and compliance frameworks.
9. Your Rights
Under the Australian Privacy Act
You have the right to:
- Access your personal information that we hold
- Correct any inaccurate or out-of-date information
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached
Under the GDPR (for EU/UK individuals)
You additionally have the right to:
- Erasure: request deletion of your personal data (“right to be forgotten”)
- Restriction: request that we limit how we use your data
- Data portability: receive your data in a structured, machine-readable format
- Object: object to processing based on legitimate interests
- Withdraw consent: withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us using the details in Section 10. We will respond to your request within 30 days (or sooner where required by law).
10. Children’s Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:
- Update the “Last updated” date at the top of this policy
- Post a notice on our website
- Notify existing customers by email where appropriate
We encourage you to review this policy periodically.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights:
General inquiries
Data Protection Officer
Plus Also Studios Pty Ltd
Australia
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. Individuals in the EU may also contact their local supervisory authority.
Last updated: 3 March 2026