Privacy Policy

Last updated: April 2026

Who We Are

Gold Coast Innovations (“we”, “us”, “our”) is a digital solutions company based on the Gold Coast, Australia. We build websites, digital products, and IT solutions for businesses.

Website: https://goldcoast-innovations.com
Contact: Use the feedback or support form on our website, or email us directly via the address in the footer.

What Information We Collect

Contact Forms (Feedback & Help/Support)

When you submit a message through our website’s contact forms, we collect:

Your name
Your email address
Your subject and message

This information is transmitted directly to our team by email. We do not store form submissions in a database — once the email is delivered, the data exists only in our email inbox.

Analytics Data (Google Site Kit / Google Analytics)

We use Google Site Kit, which includes Google Analytics, to understand how visitors use our website. Google Analytics may collect:

Pages visited and time spent on each page
How you arrived at our website (e.g. search engine, direct link)
General geographic region (country/city level)
Device type and browser
Interactions such as clicks and scrolls

This data is collected using cookies and is sent to and stored by Google on servers which may be located outside Australia. It is collected in aggregate and is not directly linked to your identity. Google may use this data in accordance with their own privacy policy, available at: https://policies.google.com/privacy

You can opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on.

Anti-Spam Processing

To protect against automated spam and abuse, when you submit a form we:

Check a hidden honeypot field (invisible to real users, detects bots)
Validate a one-time session token (expires after 30 minutes)
Record a hashed version of your IP address as a temporary rate-limiting counter

The IP-based rate limit record is stored as a WordPress transient and is automatically deleted after 1 hour. We never store your raw IP address permanently, and we never use it to identify you personally.

Cookies

We use the following types of cookies on our website:

Strictly Necessary Cookies

These are set automatically by WordPress and are required for the site to function correctly for administrators.

Cookie	Purpose	Expires
`wordpress_logged_in_*`	Keeps site administrators logged in	Session / 2 days
`wordpress_test_cookie`	Checks your browser accepts cookies at login	Session
`wp-settings-*`	Remembers WordPress admin interface preferences	1 year

Analytics Cookies (Google Analytics via Site Kit)

These cookies are set by Google Analytics to help us understand how visitors use our site. They do not store personally identifiable information.

Cookie	Purpose	Expires
`_ga`	Distinguishes unique visitors	2 years
`_ga_*`	Maintains session state	2 years
`_gid`	Distinguishes unique visitors (short-term)	24 hours
`_gat`	Throttles request rate	1 minute

These cookies are only set after you accept our cookies banner. If you decline or dismiss the banner, analytics cookies will not be placed.

How We Use Your Information

We use the information collected in the following ways:

Contact form data — To respond to your feedback, questions, or support requests
Analytics data — To understand which pages are most useful, how visitors navigate our site, and to improve our content and services

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Who We Share Your Data With

Party	What is shared	Why
Our internal team	Contact form submissions (name, email, message)	To respond to your enquiry
Google LLC	Anonymised usage data via Google Analytics	Website analytics and performance monitoring

Google may transfer and store this data on servers located outside Australia. For more information, see Google’s privacy policy: https://policies.google.com/privacy

We do not share personal data with any other third party unless required by law.

How Long We Retain Your Data

Data	Retention
Form submission emails	Retained in our email inbox until manually deleted
Google Analytics data	Up to 26 months (Google’s default retention period)
Rate-limiting IP hash	Automatically deleted after 1 hour
Session tokens	Automatically deleted after 30 minutes
Admin login cookies	Session or up to 2 days (on your device only)

Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data
Object to how we process your data
Withdraw consent for analytics cookies at any time

To exercise any of these rights, please contact us using the support form on our website or via the email address in the footer. We will respond within 30 days.

To opt out of Google Analytics specifically, use the Google Analytics Opt-out Add-on or adjust your browser’s cookie settings.

Data Security

We take reasonable technical measures to protect your data, including:

HTTPS encryption for all data in transit
Anti-spam protections on all forms (honeypot fields, rate limiting, session tokens)
No permanent storage of visitor IP addresses

International Data Transfers

Google Analytics may transfer data to Google servers located in the United States or other countries. Google participates in frameworks designed to ensure adequate data protection for international transfers.

Children’s Privacy

Our website is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of our website after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, please reach out via the Help & Support form on our website.