Privacy Policy

Last updated: November 11, 2025

Quick Summary: We collect your application information to evaluate your suitability for fractional CTO services. Your data is stored securely in Singapore and will never be sold or shared with third parties. You can request access, correction, or deletion at any time.

1. Introduction

ShipSixty ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you apply for our fractional CTO services.

This policy applies to information collected through our website (shipsixty.com) and any related services.

We are bound by the Australian Privacy Act 1988 (Cth) and comply with the Australian Privacy Principles (APPs).

2. Information We Collect

2.1 Application Information

When you submit an application for fractional CTO services, we collect:

Contact Information: First name, last name, email address, phone number (optional), LinkedIn profile (optional)
Company Information: Company name, company website (optional), startup stage, team size, funding status and amount
Technical Needs: What help you need, timeline, biggest technical challenge, engagement type preferences, payment model preferences
Background Information: Whether you have a technical co-founder, previous experience with fractional executives, how you heard about us, referral source (if applicable)
Additional Information: Any other information you choose to provide in free-text fields

2.2 Automatically Collected Information

When you use our website, we automatically collect:

Technical Information: IP address, browser type, device type, operating system
Usage Information: Pages visited, time spent on pages, referral source (via analytics tools)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Primary Purposes

Evaluate your application: To assess whether our fractional CTO services are a good fit for your startup
Communicate with you: To respond to your application, schedule calls, and discuss potential engagement
Provide services: If accepted, to deliver fractional CTO services as agreed

3.2 Secondary Purposes

Improve our services: To understand what types of startups apply and refine our selection criteria
Business analytics: To track application volume, conversion rates, and referral sources
Comply with legal obligations: To meet Australian tax, accounting, and legal requirements

3.3 What We Don't Do

❌ We will never sell your information to third parties
❌ We will never share your information with marketing companies
❌ We will never use your information for purposes beyond those stated in this policy

4. Data Storage and Security

4.1 Where Your Data is Stored

Data Location: Your personal information is stored on secure servers in Singapore.

We use Namecheap's Singapore data center for hosting. Singapore has robust data protection laws (Personal Data Protection Act 2012) that provide strong privacy protections similar to GDPR.

Why Singapore?

Geographic proximity to Australia (better performance)
Strong data protection laws and enforcement
Reputable jurisdiction for data privacy
Lower latency for Australian users

Cross-Border Disclosure (APP 8): By storing your data in Singapore, we are disclosing your information to an overseas recipient. We have taken reasonable steps to ensure that Namecheap (our hosting provider) complies with the Australian Privacy Principles in relation to your information.

4.2 Security Measures

We implement industry-standard security measures to protect your information:

Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest (AES-256)
Access Controls: Only authorized personnel can access your information
Authentication: Admin access requires strong passwords and session management
Security Monitoring: We monitor for unauthorized access and suspicious activity
Regular Updates: Software and systems are kept up to date with security patches
Secure Development: Protection against SQL injection, XSS, CSRF, and other common vulnerabilities
Rate Limiting: Form submissions are rate-limited to prevent abuse (3 submissions per hour per IP address)

4.3 Service Providers

We use the following trusted service providers who may have access to your data:

Namecheap (Singapore): Hosting provider - stores application data on secure servers
Email Service: For sending automated emails (application confirmation, status updates)

All service providers are required to maintain the confidentiality and security of your information and use it only for the purposes we specify.

5. Data Retention

We retain your information for different periods depending on your application status:

Accepted Clients: Duration of engagement + 7 years (for legal, tax, and accounting purposes as required under Australian law)
Rejected Applications: 12 months (to track trends and improve our selection process), then permanently deleted
Incomplete Applications: 6 months (in case you wish to complete your application), then permanently deleted

You can request earlier deletion at any time (see section 6 below).

6. Your Rights

Under the Australian Privacy Act 1988, you have the following rights:

6.1 Right to Access

You can request access to the personal information we hold about you. We will provide this within 30 days of your request.

6.2 Right to Correction

If your information is inaccurate, out of date, incomplete, or misleading, you can request that we correct it.

6.3 Right to Deletion

You can request that we delete your personal information, subject to legal and contractual obligations (e.g., if you're an active client or if we're required to retain records for tax purposes).

6.4 Right to Withdraw Consent

If you applied but no longer wish to proceed, you can withdraw your application at any time. We will delete your information upon request.

6.5 How to Exercise Your Rights

To exercise any of these rights, contact us at: privacy@shipsixty.com

We will respond within 30 days. We may need to verify your identity before processing your request.

7. Disclosure of Information

We will never sell, trade, or rent your personal information to third parties.

We may disclose your information only in the following circumstances:

With your consent: If you explicitly agree to us sharing your information
Service providers: To trusted providers who help us operate our business (e.g., hosting, email)
Legal obligations: If required by Australian law, court order, or government agency
Business transfer: If we sell our business, your information may be transferred to the new owner (you will be notified)

8. Cookies and Analytics

Our website uses cookies and analytics tools to improve user experience:

8.1 Cookies We Use

Essential Cookies: Required for the website to function (e.g., session cookies for admin login)
Analytics Cookies: Google Analytics, Microsoft Clarity (to understand how visitors use our website)

8.2 Analytics Services

Google Analytics: Tracks page views, referral sources, user behavior (anonymized)
Microsoft Clarity: Records user sessions to understand user experience (anonymized)

These services may store data in the US. You can opt out by:

Disabling cookies in your browser settings
Using Google Analytics Opt-out Browser Add-on
Using browser privacy extensions (e.g., Privacy Badger, uBlock Origin)

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will delete it immediately.

10. Marketing Communications

We will only send you marketing communications if you have opted in (e.g., by subscribing to our newsletter).

You can unsubscribe at any time by:

Clicking "Unsubscribe" in any marketing email
Emailing us at privacy@shipsixty.com

Application-related emails (e.g., application confirmation, status updates) are not marketing and cannot be opted out of while your application is active.

11. Data Breach Notification

In the unlikely event of a data breach that is likely to result in serious harm, we will:

Notify affected individuals as soon as practicable (within 72 hours of becoming aware)
Notify the Office of the Australian Information Commissioner (OAIC)
Provide information about the breach, the types of information involved, and steps we're taking to address it
Recommend steps you can take to protect yourself

This is in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

How we'll notify you:

Significant changes: We'll email you at the address you provided in your application
Minor changes: We'll update the "Last updated" date at the top of this page

Continued use of our services after changes indicates acceptance of the updated policy.

13. Complaints

If you have a complaint about how we handle your personal information:

Step 1: Contact Us

Email: privacy@shipsixty.com

We will investigate and respond within 30 days.

Step 2: Contact the OAIC

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner:

Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Mail: GPO Box 5218, Sydney NSW 2001

14. Contact Information

Privacy Contact

Email: privacy@shipsixty.com

Business Email: hello@shipsixty.com

Website: shipsixty.com

Response Time: We aim to respond to all privacy inquiries within 5 business days (or 30 days for formal access/correction requests).

15. Consent

By submitting an application through our website, you consent to the collection, use, storage, and disclosure of your personal information as described in this Privacy Policy.

You can withdraw your consent at any time by contacting us at privacy@shipsixty.com. If you withdraw consent, we will delete your information (subject to legal retention requirements).