Skip to content

Legal

Privacy Policy

Last updated: 2026-05-25

This policy explains what data PawKeen collects, why, and what we do with it. We follow the Australian Privacy Principles under the Privacy Act 1988.

1. What we collect

When you sign up

  • Name — displayed on your public profile
  • Email address — sign-in + transactional emails (account confirmation, password reset)
  • Password — stored hashed (we never see the plaintext)

When you build your profile

  • Display name, handle, bio, tagline, state, city, niches, languages
  • Platform handles (IG, TikTok, YT, etc.) and self-reported follower counts
  • Audience snapshot (geography, demographics) — self-reported free text
  • Inquiry email, rate card URL, past brands list, featured posts, Quick Links
  • Uploaded images (avatar, cover)

All of the above is intentionally public — it's the media kit you're sharing with brands.

When visitors view your /me/ page

  • A view event (with timestamp + referrer host + best-effort country)
  • Link clicks (which Quick Link, what time, what referrer)
  • Platform / featured-post / contact clicks (via a JS beacon)

We don't store the full referring URL or full IP address. We hash the referrer hostname for analytics and discard the rest. Bot heuristics filter obvious crawlers.

2. How we use it

  • Show your public profile to anyone who visits your /me/{handle} URL
  • List you in /creators/browse/ if you opted in
  • Show you 30-day analytics on your dashboard
  • Send transactional emails (password reset, account changes)
  • Detect + block spam, abuse, fraud (logs IP-derived data temporarily)

3. What we don't do

  • Sell your data — to anyone, ever
  • Share your email with brands or other creators without your action
  • Use your content to train AI or machine-learning models
  • Send marketing emails without explicit opt-in
  • Set third-party advertising cookies on your page or our dashboard

4. Third parties we use

  • Hosting — our WordPress host stores the database. Data stays in AU (or, if hosted overseas, in a country with comparable privacy protections).
  • Email — transactional emails (password reset, account confirmation) sent via your WP installation or its mail provider.
  • Cloudflare — edge caching + bot mitigation (if enabled).

5. Cookies

  • Login session cookie — required to stay signed in
  • WordPress test cookie — to verify your browser accepts cookies
  • No analytics or advertising cookies on our own dashboard or your /me/ page

6. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you (email support)
  • Correct anything inaccurate (edit it on your dashboard)
  • Delete your account + all associated data (Settings → Delete account)
  • Lodge a complaint with the OAIC if you're not satisfied with how we've handled your data

7. How long we keep data

  • Profile + content: as long as your account exists
  • Click + view events: 12 months from the event, then deleted
  • Audit logs (security events): 30 days
  • When you delete your account: all of the above is purged immediately. No soft delete.

8. Changes to this policy

We'll email you at least 14 days before any material change takes effect. Minor wording fixes happen without notice.

9. Contact

Privacy questions or data-access requests: contact us.

⚠️ Site operator note: This policy is a starter template based on what the plugin actually does. Before launching to real users, have a privacy professional + lawyer review for full Privacy Act 1988 / GDPR compliance + your specific hosting situation. Don't ship it unchanged.