Bonehead Digital Privacy Policy
Bonehead Digital ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website boneheaddigital.com and our services.
By using our services, you consent to the collection and use of your information in accordance with this Privacy Policy.
1. Information We Collect
We collect the following types of information:
1.1 Information You Provide to Us
When you use our services, you may provide us with:
- Personal Information (e.g., name, email address, phone number, business name).
- Payment Processing Information – While we do not directly collect or store payment details, transactions are securely processed by Stripe, our third-party payment provider. Clients authorize payments directly through Stripe, which manages billing details in accordance with its own privacy policy.
- Account Access Information (e.g., Facebook/Instagram ad account IDs for campaign management).
1.2 Information Collected Automatically
When you visit our website or interact with our services, we automatically collect:
- Device & Browser Information (IP address, device type, browser type, operating system).
- Usage Data (page visits, time spent, clicks, referring website).
- Cookies & Tracking Technologies (to enhance user experience and analyze trends).
1.3 Information from Third-Party Sources
We may receive information from third-party services like Meta (Facebook & Instagram) when managing your advertising campaigns. This includes:
- Ad account insights and performance data.
- Engagement and audience analytics.
2. How We Use Your Information
We collect and use your personal information for the following purposes:
- To provide and improve our services – Managing ad campaigns, optimizing targeting, and improving performance.
- To process payments – Facilitating billing, invoicing, and fraud prevention via Stripe.
- To communicate with you – Sending service updates, responding to inquiries, and providing customer support.
- To comply with legal requirements – Meeting obligations under applicable laws and regulations.
- To analyze website traffic and usage trends – Using the Meta Pixel, Microsoft Clarity, and similar tools to improve our services.
We do not sell, rent, or trade your personal information to third parties.
3. How We Share and Disclose Your Information
We may share your information with:
3.1 Third-Party Service Providers
We use third-party tools to operate our business and this website, including:
- Stripe – Payment processing and billing.
- Meta (Facebook & Instagram) – Ad campaign management. Our website also uses the Meta Pixel, a tracking technology that records visits and actions (such as page views and form submissions) and reports them to Meta. We have Automatic Advanced Matching enabled, which hashes contact details you enter into our forms (such as your email address) before sending them to Meta so it can attribute conversions and build advertising audiences. You can manage how Meta uses this data in your Meta account ad settings.
- Microsoft Clarity – Website analytics and behavioural insight. Clarity captures aggregated usage data and session activity (such as clicks, scrolls, and navigation) to help us understand how the website is used. See Microsoft's privacy statement for details.
3.2 Legal Compliance & Business Transfers
We may disclose your information if required by law, such as:
- Complying with legal processes, regulations, or law enforcement requests.
- Protecting our rights, security, and business operations.
- In the event of a business transfer, such as a merger or acquisition.
4. Data Security & Protection
We implement reasonable security measures to protect your personal data from unauthorized access, disclosure, or misuse. These include:
- Encrypted payment processing via Stripe (we do not store payment details).
- Secure account access measures, including two-factor authentication where applicable.
- Restricted access to personal data, limited to necessary personnel only.
While we take security seriously, no method of data transmission is 100% secure, and we cannot guarantee absolute security.
5. Your Rights & Choices
5.1 Access & Correction
You can request access to or correction of your personal information by contacting us at tom@boneheaddigital.com.
5.2 Opt-Out of Communications
You may opt out of marketing emails by clicking "Unsubscribe" in any email or contacting us directly.
5.3 Cookies & Tracking Preferences
Most web browsers allow you to block or delete cookies. However, disabling cookies may affect website functionality.
6. Data Retention
We retain personal information only as long as necessary to:
- Provide our services.
- Comply with legal obligations.
- Resolve disputes and enforce agreements.
Upon request, we will delete personal data, unless required by law to retain it.
7. International Data Transfers and Cross-Border Operations
Bonehead Digital is based in New Zealand and serves clients globally. Your data may be processed in:
- New Zealand (our primary place of business and where most data is processed);
- Australia, the United States, the United Kingdom, the European Union, and other countries where our third-party processors (Stripe, Meta, Google, GoHighLevel, and similar) operate or store data;
- Any other country where you, the client, or your audience may be located.
By using our services, you consent to this cross-border transfer and processing of your personal information. Where required by your local law, we apply reasonable safeguards, which may include standard contractual clauses with our processors and the use of providers that maintain certified privacy frameworks.
7.1 Country-Specific Compliance
We aim to comply with the data protection laws applicable in your jurisdiction. This includes, without limitation:
- New Zealand: Privacy Act 2020.
- Australia: Privacy Act 1988 (Cth) and the Australian Privacy Principles.
- United Kingdom: UK GDPR and the Data Protection Act 2018.
- European Union and European Economic Area: General Data Protection Regulation (EU 2016/679) and equivalent national implementing laws.
- Switzerland: Federal Act on Data Protection (revFADP).
- United States: applicable state-level privacy laws including the California Consumer Privacy Act (CCPA) as amended by the CPRA, the Virginia Consumer Data Protection Act (CDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), Texas Data Privacy and Security Act (TDPSA), and similar state laws as they take effect.
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation (including Quebec Law 25, BC PIPA, and Alberta PIPA).
- Republic of Ireland: Data Protection Act 2018 and the GDPR.
- Singapore: Personal Data Protection Act (PDPA).
- United Arab Emirates: Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL).
This list is not exhaustive. We make reasonable efforts to comply with applicable data protection laws in any jurisdiction in which we operate or where you reside, including any country or territory in which our services are offered from time to time.
7.2 Your Rights Under Regional Privacy Laws
Depending on where you reside, you may have additional rights under your local data protection law, including:
- Access to your personal data;
- Correction or rectification of inaccurate data;
- Deletion or erasure of your data;
- Restriction of or objection to processing;
- Data portability;
- Withdrawal of consent for marketing or other consent-based processing;
- The right to lodge a complaint with your local data protection authority.
To exercise any of these rights, email tom@boneheaddigital.com. We aim to respond within 30 days.
7.3 Notice to California Residents (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. We do not sell personal information for monetary consideration. You may have the right to:
- Know the categories and specific pieces of personal information we collect about you;
- Request deletion of personal information we hold about you;
- Opt out of any "sharing" of personal information for cross-context behavioural advertising;
- Non-discrimination for exercising any of these rights.
To submit a California privacy request, email tom@boneheaddigital.com with "California Privacy Request" in the subject line.
7.4 Notice to EU, UK, EEA, and Swiss Residents (GDPR / UK GDPR / revFADP)
Where the GDPR, UK GDPR, or Swiss FADP applies, our legal bases for processing your personal data are:
- Consent — for marketing communications and any optional cookies or tracking;
- Performance of a contract — to deliver services you have requested or purchased;
- Legitimate interests — to operate, secure, and improve our services, where not overridden by your rights and freedoms;
- Legal obligation — to comply with tax, accounting, anti-fraud, and other regulatory requirements.
You may withdraw consent at any time. Where data is transferred outside the UK / EU / EEA / Switzerland, we rely on appropriate safeguards (such as the European Commission's standard contractual clauses, the UK International Data Transfer Addendum, or our processors' Data Privacy Framework certifications) to protect your data.
8. Relationship to Terms of Service
This Privacy Policy should be read together with our Terms of Service. Where this Policy uses defined terms (such as Services, Client, or Personal Information), those terms have the meanings given in our Terms of Service.
9. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of any significant changes by email or website notice.
Last Updated: 18 May 2026
10. Contact Information
If you have any questions about this Privacy Policy or how your data is handled, please contact us:
- Email: tom@boneheaddigital.com
- Website: boneheaddigital.com
By continuing to use our services, you acknowledge and agree to this Privacy Policy.