Score My Store →

Privacy Policy

Last updated: 28 April 2026

Version: 2.0 (full revision; supersedes all prior versions)

This Privacy Policy explains how Blaze Online Pty Ltd (ABN 43 159 286 987), trading as Blaze Commerce (“we”, “us”, “our”), collects, uses, discloses, and protects personal information.

This policy applies to:

  • Visitors to our website (blazecommerce.io and any sub-domain)
  • Clients who purchase or use our services
  • Anyone who submits a URL or other information to our AI Readiness Assessment or other free tools
  • Anyone who contacts us, subscribes to our communications, or interacts with us in any other way

1. Who We Are and How to Contact Us

Data controller: Blaze Online Pty Ltd

Address: PO Box 7137, Brighton VIC 3186, Australia

Email: hello@blazecommerce.io

For privacy-related questions, requests, or complaints, contact us at the email address above.

2. Information We Collect

2.1 Information you provide directly

We collect personal information you provide when you:

  • Submit a contact form, request a quote, or book a call
  • Sign up for a Care Plan, audit, or other paid service
  • Subscribe to our newsletter or marketing communications
  • Submit a URL to our AI Readiness Assessment
  • Communicate with us by email, phone, or video call
  • Provide credentials or access information so we can deliver Services

This may include: your name, business name, email address, phone number, billing address, payment information, website URL, role/title, and any other information you choose to share.

2.2 Information about your Client Site

Where you engage us for Services on a website you own or operate, we collect technical and operational information about that site, including: hosting configuration, plugin and theme inventory, performance metrics, error logs, analytics data, code, and configuration.

2.3 Information collected automatically

When you visit our website, we automatically collect:

  • IP address, device type, browser, and operating system
  • Pages visited, time on page, referral source
  • Cookie data (see section 7)

We use Google Analytics, Google Tag Manager, and similar tools to understand how our website is used. These tools may set cookies and collect IP address data.

2.4 Information from third parties

We may receive information about you from:

  • Public sources (LinkedIn, company websites, business directories) for research and outbound sales
  • Data enrichment providers (e.g. DataForSEO) used in our AI Readiness Assessment and outbound sales process
  • Payment processors and accounting platforms (Stripe, Chargebee, Xero) in relation to billing

3. How We Use Your Information

We use personal information to:

  1. Deliver our Services — including diagnosing and resolving issues with your Client Site, providing support, generating reports, and communicating about the Services
  2. Manage billing and payments — invoicing, processing payments, and accounting
  3. Communicate with you — responding to enquiries, sending service updates, sending newsletters and marketing communications you have consented to
  4. Improve our Services — analysing usage patterns, conducting internal research, generating de-identified aggregated benchmarks
  5. Conduct outbound sales — where we have a legitimate interest in introducing our services to relevant business contacts
  6. Comply with legal obligations — tax records, anti-money-laundering, regulatory requests
  7. Protect our rights and interests — preventing fraud, enforcing our Terms, defending against legal claims

3.1 Legal bases (for clients in the UK and EU)

Where the UK GDPR or EU GDPR applies, our lawful bases for processing are:

  • Performance of a contract (delivering Services you have purchased)
  • Legitimate interests (improving our Services, researching markets, conducting outbound sales to business contacts) — balanced against your rights and freedoms
  • Consent (marketing communications, optional tools)
  • Legal obligation (tax, accounting, regulatory)

You may object to processing based on legitimate interests at any time by contacting us.

3.2 Marketing Communications and Unsubscribing

Where we send you marketing communications, we do so on the basis of your consent (where required) or our legitimate interest in informing you of services that may be relevant to your business.

You can unsubscribe at any time by:

  • Clicking the “unsubscribe” link in any marketing email we send
  • Emailing us at hello@blazecommerce.io with the word “unsubscribe” in the subject line

Unsubscribing from marketing communications does not affect your receipt of essential service communications (invoices, support replies, security notices, agreement changes, and similar transactional messages).

4. AI Tools and Your Data

In delivering our Services, we use artificial intelligence tools to enhance our analysis, code review, content production, and operational efficiency. Our primary AI tool is Claude (developed by Anthropic). We may also use other AI tools from time to time where appropriate.

We do not train external AI models on your data. When we use AI tools, we use them in modes and configurations that do not result in customer data being used to train, fine-tune, or improve the underlying models. AI processing is for the immediate purpose of delivering Services to you and is bound by the same confidentiality obligations as any other aspect of our work.

We remain accountable for the work delivered. AI tools assist our team but do not replace human review or judgment.

5. Sharing and Disclosure of Information

We do not sell personal information.

We share personal information only in the circumstances described below:

5.1 With Service Providers

We share information with service providers we engage to operate our business — including hosting providers, payment processors, accounting and CRM platforms, communication tools, and AI tool providers. These providers are bound by confidentiality and data-processing obligations.

5.2 Within Our Team

We share information with contractors and team members across Australia, the Philippines, Indonesia, and Canada, on a need-to-know basis to deliver Services.

5.3 With Your Authorisation

We may share information at your direction — for example, to coordinate with your other vendors or service providers.

5.4 Where Required or Permitted by Law

We may disclose information in response to lawful requests by public authorities, or to defend our legal rights.

5.5 In Connection with a Corporate Transaction

In any sale, merger, or restructuring, personal information may be transferred to a successor entity (subject to the same protections under this policy).

5.6 Subprocessor List

We do not provide a public list of subprocessors. If you are a client subject to specific subprocessor disclosure obligations (for example, under your own enterprise compliance requirements), contact us and we will provide the relevant information for your engagement.

6. International Data Transfers

We are based in Australia. Our team and service providers operate across Australia, the Philippines, Indonesia, Canada, the United States, and the European Economic Area. By using our Services, you understand that your personal information may be transferred to and processed in these jurisdictions.

When personal information is transferred outside the country where it was collected, we rely on appropriate safeguards, including:

  • For UK/EU clients: Standard Contractual Clauses (SCCs) approved by the UK ICO and European Commission, as applicable
  • For Australian clients: compliance with Australian Privacy Principle 8 (“cross-border disclosure”) through contractual arrangements with overseas recipients

7. Cookies and Tracking

Our website uses cookies and similar technologies, including:

  • Strictly necessary cookies — required for the website to function (e.g., session management)
  • Analytics cookies — Google Analytics, to understand site usage
  • Marketing cookies — to support remarketing campaigns

You can manage cookie preferences via your browser settings. Disabling certain cookies may affect functionality.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy or as required by law.

  • Client records and contracts: for 7 years after the end of our engagement, to comply with Australian tax and accounting laws
  • Email communications: for as long as the business relationship is active, plus 3 years
  • AI Readiness Assessment submissions: for 24 months unless you become a client, in which case retained per client records
  • Marketing list: until you unsubscribe, after which we retain a record of your unsubscribe request
  • Backups of Client Sites: during the active Care Plan and for 30 days after termination
  • Website analytics data: for 26 months (Google Analytics default)

After these periods, personal information is deleted or anonymised.

9. Your Rights

9.1 If you are in Australia (Australian Privacy Principles)

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Make a complaint about our handling of your personal information

You may also complain to the Office of the Australian Information Commissioner at oaic.gov.au.

9.2 If you are in the United Kingdom or the European Union (UK GDPR / EU GDPR)

You have the right to:

  • Access the personal information we hold about you
  • Rectify inaccurate or incomplete information
  • Erase your information (“right to be forgotten”) in certain circumstances
  • Restrict our processing of your information in certain circumstances
  • Object to processing based on our legitimate interests
  • Portability — receive your information in a structured, machine-readable format
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your supervisory authority (in the UK: Information Commissioner’s Office at ico.org.uk)

9.3 If you are in the United States (CCPA, where applicable)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and share
  • Request deletion of your personal information
  • Opt out of any “sale” or “sharing” of personal information (we do not sell personal information)
  • Non-discrimination for exercising your rights

Shine the Light (California Civil Code § 1798.83). California residents may request a list of categories of personal information we have disclosed to third parties for those parties’ own direct marketing purposes in the preceding calendar year, along with the names and addresses of those parties. We do not currently share personal information with third parties for their direct marketing purposes. To submit a Shine the Light request, contact us at hello@blazecommerce.io.

To exercise any of these rights, contact us at hello@blazecommerce.io. We will respond within the timeframes required by applicable law (generally 30 days). We may need to verify your identity before fulfilling certain requests.

9.4 Do Not Track Signals

Some browsers offer a “Do Not Track” (DNT) signal. There is no industry consensus on how websites should respond to DNT signals, and we do not currently respond to DNT signals. We treat all visitors consistently as described in this policy. We will revisit our position if industry consensus emerges or applicable law requires it.

10. Security

We use reasonable administrative, technical, and physical safeguards to protect personal information, including:

  • Encrypted connections (HTTPS) for all data transmitted to and from our website
  • Encrypted storage of credentials and sensitive data
  • Access controls so only authorised team members can access client information
  • Use of password managers and two-factor authentication on internal systems
  • Regular security reviews of our tools and procedures

No system is completely secure. If we become aware of a data breach affecting your personal information, we will notify you and any relevant supervisory authority as required by applicable law.

11. Children’s Information

Our Services are directed at businesses and are not intended for use by children. We do not knowingly collect personal information from anyone under 18, and specifically not from anyone under 13 (consistent with the United States Children’s Online Privacy Protection Act (“COPPA”) and equivalent provisions in other jurisdictions).

If you are a parent or guardian and believe we have inadvertently collected personal information from a child under 13, contact us at hello@blazecommerce.io and we will delete it.

12. Third-Party Links

Our website and reports may contain links to third-party websites. We are not responsible for the privacy practices of those websites. Review their policies before providing personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The version in effect is the one posted on this page. Material changes will be communicated to active clients by email at least 30 days before they take effect. The “Last updated” date at the top of this policy reflects the most recent revision.

14. How to Contact Us

For any privacy-related question, request, or complaint:

Blaze Online Pty Ltd

PO Box 7137, Brighton VIC 3186, Australia

Email: hello@blazecommerce.io