QUESTCONNECT — PRIVACY POLICY
Last Updated: March 2026
1. Introduction
In short: We're QuestConnect, a Google Ads management agency based in Perth. This policy explains what information we collect, how we use it, and how we protect it — standard transparency for any professional services business.
QuestConnect (ABN 19 473 660 144) ("we," "us," "our") is a digital advertising management agency based in Perth, Western Australia. We provide AI-powered Google Ads management services to local service businesses.
This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in the course of operating our business, including when we research prospective clients, deliver services to existing clients, and operate our website at questconnect.com.au.
While QuestConnect may currently qualify for the small business exemption under the Privacy Act 1988 (Cth) (annual turnover under $3 million), we voluntarily commit to handling all personal information in accordance with the Australian Privacy Principles (APPs). This policy reflects that commitment.
By engaging our services or interacting with our business communications, you acknowledge that your information will be handled in accordance with this Privacy Policy.
2. Information We Collect
2 (a) Prospect Data (Pre-Client Information)
In short: Before you become a client, we collect publicly available business information to determine whether our services might be a good fit for your business.
When researching prospective clients, we collect publicly available business information, including:
- business name, ABN, registered address, and business structure;
- business contact details such as email addresses and phone numbers published on business websites, professional directories, or public registries;
- website information including domain details, page performance data, and publicly visible site content;
- online reviews, ratings, and publicly available customer feedback;
- industry, service area, and geographic operating region;
- business registration information from public sources such as the Australian Business Register; and
- information obtained through data enrichment services used for business research and contact verification.
We also collect standard communication metrics associated with our business correspondence, including delivery status, engagement data (such as whether an email was opened or a link was clicked), reply content and timestamps, categorised response metadata (such as the general reason for a response), and contact outcomes. This information is used to improve the relevance and effectiveness of our communications.
2 (b) Client Data (Signed Clients)
In short: Once you're a client, we collect the business and campaign information needed to manage your Google Ads effectively — plus billing details processed securely by Stripe.
When you engage our services, we collect:
- business details provided during onboarding, including contact name, email, phone, and business information;
- Google Ads account data, including campaign structures, keywords, ad copy, bid strategies, and account settings;
- campaign performance data, including impressions, clicks, conversions, costs, and quality metrics;
- conversion tracking data, which may include end-consumer contact information such as phone numbers or email addresses captured through call tracking or form submissions;
- billing and payment information, processed securely by our payment processor Stripe — we do not directly store card numbers or bank account details on our own systems;
- records of business correspondence between you and the Agency; and
- service delivery records, including campaign changes, optimisation actions, and reporting history.
2 (c) Website and Dashboard Data
In short: Our website uses standard analytics tools to understand how visitors use the site, consistent with standard industry practice.
When you visit our website or access our client dashboard, we may collect information through standard analytics and tracking technologies, including:
- website usage data collected through Google Analytics and Google Tag Manager, such as pages visited, time on site, referral source, and device information;
- session and authentication cookies required for dashboard functionality; and
- standard server log data such as IP address, browser type, and access timestamps.
3. How We Use Your Information
In short: We use your information to deliver and improve our services, communicate with you, process payments, and meet our legal obligations.
We use the information we collect for the following purposes:
- Service delivery: managing and optimising your Google Ads campaigns, generating ad copy and recommendations, preparing performance reports, and providing strategic advice;
- Campaign optimisation: using AI and automated systems to analyse campaign data, adjust bids, manage budgets, and improve performance outcomes;
- Business communications: corresponding with prospective and existing clients about our services, sending campaign updates and reports, and responding to inquiries;
- Billing and payments: processing management fees, issuing invoices, and managing payment collections through Stripe;
- Legal and regulatory compliance: meeting our obligations under Australian tax law, consumer law, and other applicable legislation;
- Internal benchmarking: using anonymised and aggregated data (from which no individual or business can be identified) to improve our services and develop industry benchmarks, as described in our Terms of Service (clause 6.4); and
- Service improvement: improving the effectiveness of our outreach, AI systems, and campaign management methodologies.
4. How We Collect Your Information
In short: We collect information directly from you, from publicly available sources, through our technology partners, and through standard tracking tools.
We collect personal information through the following channels:
- Directly from you: when you engage our services, complete onboarding, correspond with us, or provide information during the course of our agreement;
- From publicly available sources: business websites, online directories, the Australian Business Register, and other public registries;
- From data enrichment and research services: third-party services used for business research, contact verification, and market analysis (see section 5 for details);
- Through automated tracking: standard email engagement metrics, website analytics cookies, and conversion tracking technologies deployed as part of campaign management; and
- Through the Google Ads platform: campaign data, performance metrics, and account information accessed through the Google Ads API in the course of managing your campaigns.
5. Disclosure and Sharing
In short: We do not sell your information. We share data only with the technology partners we need to deliver our services — the same types of tools used across the digital advertising industry.
QuestConnect does not sell, rent, or trade personal information. We share data with third-party service providers (sub-processors) only as necessary to deliver our services. These providers are engaged under their respective terms of service, which include data protection obligations.
Our current service providers, by category:
| Category | Providers | Purpose |
|---|---|---|
| AI & Campaign Optimisation | Anthropic, OpenAI | Campaign optimisation, ad copy generation, outreach content, and automated decision-making support. Data processed may include business information and campaign data. |
| Google Services | Google Ads API, Google Places API, Google PageSpeed Insights API, Google Analytics, Google Tag Manager | Campaign management, business research, website analysis, and analytics. |
| Data & Research | DataForSEO, SerpApi, Hunter.io, Australian Business Register | Market research, contact enrichment, and business verification. |
| Email & Communications | SMTP services (via questconnect.com.au and questconnectgrowth.com.au domains), Instantly | Business correspondence and email deliverability services. |
| Payments | Stripe Payments Australia Pty Ltd (ACN 160 180 343) | Payment processing. Stripe stores and processes payment credentials under PCI DSS. We do not directly store card numbers or bank account details. |
| Hosting & Infrastructure | Cloudflare, Netlify | DNS, security, tunnel hosting, and website hosting. |
We may update this list as our services evolve and will update this policy accordingly.
We may also disclose personal information where required or authorised by law, regulation, or court order.
6. Cross-Border Data Transfers
In short: Some of our technology partners process data on servers outside Australia, including in the United States. This is standard for digital services, and we take reasonable steps to ensure your data is protected.
In the course of delivering our services, personal information may be processed by service providers located outside Australia, including in the United States. This applies to providers such as Anthropic, OpenAI, Google, Stripe, and Cloudflare, whose infrastructure may operate across multiple jurisdictions.
In accordance with Australian Privacy Principle 8, we take reasonable steps to ensure that overseas recipients of personal information handle that information consistently with the Australian Privacy Principles. These steps include reviewing the data handling and privacy practices of each provider and relying on the contractual data protection commitments contained in their respective terms of service and data processing agreements.
7. Data Storage and Security
In short: We store data on secure local infrastructure with cloud backups, and we use industry-standard security measures including multi-factor authentication and encryption.
Client and prospect data is stored on local Agency infrastructure with cloud backup via Google Drive. Access to data is restricted to authorised Agency personnel.
We implement reasonable technical and organisational measures to protect personal information, including:
- multi-factor authentication on all platforms and accounts;
- encrypted communications (HTTPS) for all data transmission;
- access controls restricting data to authorised personnel only;
- regular password rotation and secure credential storage; and
- secure payment processing through PCI DSS-compliant providers.
While we take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information.
8. Data Retention
In short: We keep your data for as long as we need it to deliver services and meet our legal obligations, then we securely delete it. You can request deletion of prospect data at any time.
- Prospect data is retained indefinitely for business research and outreach improvement purposes. Prospects may request deletion of their personal information at any time (see section 11).
- Client data is retained for the duration of the agreement plus a reasonable period for legal and tax compliance. Personal information is securely deleted within sixty (60) days of the termination of the agreement, as specified in our Terms of Service (clause 10.6(e)), except where retention is required by law.
- Financial records are retained for seven (7) years in accordance with Australian tax law requirements.
- Audit logs relating to automated campaign decisions are retained for seven (7) years, as specified in our Terms of Service (clause 14.3).
- Website analytics data is retained in accordance with the default retention settings of our analytics providers.
9. Cookies and Tracking Technologies
In short: Our website uses standard cookies for functionality and analytics — the same tools used by most business websites. You can manage your cookie preferences through your browser settings.
Our website and client dashboard may use the following types of cookies and tracking technologies:
- Essential cookies: session and authentication cookies required for dashboard functionality and secure access. These cannot be disabled without affecting service delivery.
- Analytics cookies: cookies placed by Google Analytics and Google Tag Manager to help us understand how visitors use our website, including pages visited, session duration, and traffic sources. This data is collected in aggregate form.
- Email tracking: standard email engagement metrics (such as delivery confirmation, open rates, and link clicks) collected via pixel and link tracking in our business correspondence. These metrics are used to measure communication effectiveness and improve our services.
You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. You may also opt out of Google Analytics data collection using the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.
Disabling essential cookies may affect the functionality of the client dashboard.
10. AI and Automated Decision-Making
In short: We use AI and automation to manage and optimise your campaigns around the clock. All automated decisions are logged, bounded by safety limits, and subject to human oversight. You can request human review of any automated decision affecting your campaigns.
QuestConnect uses artificial intelligence and automated systems as a core part of our service delivery. These systems are used to:
- manage and optimise Google Ads campaigns, including bid adjustments, keyword management, and budget monitoring;
- generate ad copy and outreach content;
- analyse business and market data to inform campaign recommendations; and
- classify and categorise prospect responses to improve communication effectiveness.
All automated decisions are:
- logged in an immutable audit trail with full explanations (retained for seven years);
- bounded by conservative safety limits that prevent any single action from exceeding predefined thresholds;
- subject to multi-layer financial guardrails; and
- capable of being overridden by the Agency's human team at any time.
Full details of our AI and automation safeguards are set out in clause 14 of our Terms of Service.
Clients may request human review of any automated decision that could significantly affect their campaigns. The Agency will respond to such requests within two (2) Business Days.
From 11 December 2026, Australian Privacy Principle entities are required to disclose how automated decision-making is used in relation to personal information. QuestConnect is committed to meeting these requirements as they come into effect.
11. Your Rights
In short: You can access, correct, or request deletion of your personal information at any time. You can also opt out of our emails and request human review of automated decisions. Just contact us.
While QuestConnect may currently qualify for the small business exemption under the Privacy Act 1988 (Cth) (annual turnover under $3 million), we voluntarily commit to handling personal information in accordance with the Australian Privacy Principles. Regardless of exemption status, individuals have the following rights in relation to the personal information we hold:
- Access: You may request access to the personal information we hold about you. We will respond to access requests within thirty (30) days.
- Correction: You may request correction of any personal information that is inaccurate, incomplete, out of date, or misleading.
- Deletion: You may request deletion of your personal information, subject to our legal retention obligations (including tax record-keeping requirements and audit log retention commitments).
- Opt out of communications: You may opt out of receiving commercial electronic messages from us at any time using the unsubscribe mechanism included in our emails. We will honour unsubscribe requests within five (5) business days.
- Human review of automated decisions: You may request human review of any automated decision that could significantly affect your campaigns (see section 10).
- Complaints: You may lodge a complaint about our handling of your personal information by contacting us at the details in section 14 below.
We also note the statutory tort for serious invasions of privacy, which commenced on 10 June 2025 under the Privacy Act 1988 (Cth), applies to all organisations regardless of the small business exemption. This provides individuals with a direct right of action in court for serious privacy violations.
To exercise any of these rights, please contact us at Admin@QuestConnect.com.au.
12. Spam Act 2003 Compliance
In short: Our business emails comply with Australian anti-spam law. Every message identifies who we are, includes a way to unsubscribe, and is only sent where we have an appropriate basis to do so.
Our commercial electronic communications comply with the Spam Act 2003 (Cth). Specifically:
- messages are sent only with consent (express or inferred in accordance with the Act);
- all messages clearly identify QuestConnect and include accurate contact details; and
- all messages contain a functional unsubscribe mechanism, which is honoured within five (5) business days of receipt.
13. Changes to This Policy
In short: If we make material changes to this policy, we'll let our clients know by email.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Material changes will be notified to clients via email. The "Last Updated" date at the top of this page reflects the most recent revision.
We encourage you to review this policy periodically.
14. Contact Us
In short: If you have any questions or concerns about your privacy, get in touch.
If you have any questions about this Privacy Policy or wish to exercise any of the rights described above, please contact us:
QuestConnect
ABN 19 473 660 144
Perth, Western Australia
Email: Admin@QuestConnect.com.au
15. Complaints
In short: If you're not happy with how we've handled your information, you can complain to us first, and then to the Australian Information Commissioner if you're still not satisfied.
If you believe we have not handled your personal information in accordance with this policy or the Australian Privacy Principles, please contact us at Admin@QuestConnect.com.au. We will investigate your complaint and respond within thirty (30) days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Website: oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001