Legal
Privacy Policy
Last updated: 11 June 2026 · Operated by Aiden Wood (Aidxn Design), based in Gold Coast, Queensland, Australia.
1. Plain-English summary
Aidxn Design runs a marketing-analytics dashboard. If you connect Google Search Console, Google Analytics, or Meta Ads to your dashboard, we receive read-only access to your accounts so we can show your numbers back to you in one place. We do not sell, rent, share, or use your data for advertising, profiling, or training AI models. You can disconnect any provider at any time, and your stored tokens are deleted within 24 hours.
2. Who we are
Aidxn Design is the trading name of Aiden Wood, a sole-trader web design and development studio based in Gold Coast, Queensland, Australia. Contact: hi@aidxn.com.
This policy applies to https://aidxn.com, the Aidxn client dashboard, and any Aidxn-operated subdomain that links to this page (collectively, "the Service").
3. What we collect
3.1 Information you give us directly
- Account info: email address, name, password (stored hashed by Supabase Auth — we never see it).
- Business profile: business name, website URL, project brief, service region, and (if you choose to share it) your business address or trade area.
- Booking + payment: if you book a discovery call, we receive your name, email, brief, and a payment confirmation from Stripe. Stripe handles all card data — we never see, store, or process card numbers.
- Support correspondence: emails you send us at hi@aidxn.com.
3.2 Information from connected providers (only if you connect them)
- Google Search Console: clicks, impressions, average position, top queries, and the list of properties you can grant access to. Scope:
https://www.googleapis.com/auth/webmasters.readonly. - Google Analytics 4: sessions, conversions, bounce rate, traffic sources, and the list of GA4 properties you can grant access to. Scope:
https://www.googleapis.com/auth/analytics.readonly. - Google account identity: your Google email address and basic profile, used to label which Google account is connected to your dashboard. Scopes:
openid email. - Meta Ads (Facebook/Instagram): ad spend, impressions, CTR, conversions, and the list of ad accounts you can grant access to. Scopes:
ads_read business_management email.
The OAuth refresh tokens that let us pull this data are encrypted at rest using AES-256-GCM with a server-side key before being written to our database. The key itself is not stored in the database.
3.3 Information collected automatically
- Usage data: page views, session duration, referrer, approximate location (country/region from IP), browser and device info — collected via Google Analytics on the public marketing site.
- Logs: standard web-server access logs (IP, user agent, timestamp, URL) retained by Netlify for security and abuse monitoring.
4. How we use your information
We use the data we collect to:
- Operate your dashboard — fetch your analytics from connected providers and display it back to you.
- Roll up multiple providers' data into the unified KPI strip on your marketing-analytics page.
- Respond to your support questions and project enquiries.
- Send you transactional emails about your account, bookings, and connected services.
- Improve the Service — measuring which features get used so we can prioritise what to build next.
- Protect against fraud, abuse, and security incidents.
- Comply with our legal obligations under the Australian Privacy Principles and other applicable law.
We do not use your data to train AI or machine-learning models, and we do not share it with anyone for that purpose.
5. Google user data — Limited Use disclosure
Aidxn Design's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only use Google user data to provide and improve user-facing features. We pull your Search Console and Analytics data so we can display it in your own dashboard. We do not use it for anything else.
- We do not transfer Google user data to others unless transfer is necessary to provide or improve user-facing features that are prominent in our Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- We do not use or transfer Google user data to serve advertisements — including retargeting, personalised, or interest-based advertising.
- We do not allow humans to read Google user data unless we have your explicit consent for specific messages, it's necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations under appropriate privacy protections.
- We do not use Google user data to train generalised or third-party AI/ML models.
You can revoke our access to your Google account at any time via your Google account permissions page, or by disconnecting the provider in your Aidxn dashboard. When you disconnect, we delete your stored refresh token within 24 hours.
6. Meta (Facebook/Instagram) user data
Data received via Meta's Graph API is treated the same way as Google user data: used only to display your own ad performance in your dashboard, never sold or shared, and deleted within 24 hours of you disconnecting the integration.
You can revoke Meta's permission for our app at any time via Facebook → Settings → Business Integrations.
7. Third-party processors
We use the following third parties to operate the Service. Each processes only what they need to do their job.
- Supabase (database + auth) — stores your account, profile, analytics snapshots, and encrypted OAuth tokens. Region: AU.
- Netlify (hosting + serverless functions) — runs the site and the OAuth start/callback handlers.
- Stripe (payments) — processes discovery-call bookings and project payments. We never see card numbers.
- Resend (transactional email) — sends booking confirmations and quote replies.
- Google (Search Console + Analytics APIs, OAuth) — only if you connect them.
- Meta (Facebook/Instagram Ads API, OAuth) — only if you connect it.
- Google Analytics (marketing-site analytics) — measures public-site traffic in aggregate. Anonymised IP enabled.
9. Storage, security, and retention
- Where: Supabase Postgres in an AU region. Encrypted at rest. Daily backups.
- OAuth refresh tokens: encrypted with AES-256-GCM before being written to the database. The encryption key is stored as a Netlify environment variable, never in the database.
- Account access: only Aiden Wood has admin access. No third-party staff can read your data.
- Account data retention: kept while your account is active. Deleted within 30 days of you closing your account, except where law requires longer retention (e.g. invoice records under Australian tax law — 5 years).
- Disconnected providers: stored tokens for that provider are deleted within 24 hours. Already-pulled analytics snapshots remain in your dashboard so your historical view stays intact, unless you ask us to delete them.
- Transport security: all traffic is TLS 1.2+.
10. Your rights
Under the Australian Privacy Principles, you have the right to:
- Ask what personal information we hold about you.
- Ask us to correct anything that's wrong.
- Ask us to delete your account and personal information.
- Withdraw consent to any connected provider at any time.
- Lodge a complaint with the Office of the Australian Information Commissioner if you believe we've mishandled your data.
For any of these requests, email hi@aidxn.com. We'll respond within 30 days.
11. Children's privacy
The Service is intended for business users 18 and over. We do not knowingly collect information from anyone under 16. If you believe a minor has provided us with personal information, contact us and we'll delete it.
12. Changes to this policy
We may update this policy as the Service evolves. Material changes will be announced in the dashboard and via email to active account holders at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the most recent revision.
13. Contact
Questions, requests, or complaints about this policy should go to:
Aidxn DesignAiden Wood
hi@aidxn.com
Gold Coast, Queensland, Australia