Menu

Close

01

home

02

about

03

how we work

04

blueprint™

05

buildout™

06

backbone™

07

breakpoint™

08

capabilities

09

pricing

10

results

11

insights

12

toolkit

13

faq

14

contact

© 2026 Echo Studios

LinkedIn
Instagram
Email

Last updated: 23 June 2026

Privacy Policy

1. About this policy

This Privacy Policy explains how Echo Studios AU Pty Ltd (ABN 97 683 957 888), trading as Echo Studios (“we”, “us”, “our”), collects, uses, discloses, and protects personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy applies to all visitors of our website (echostudios.au), prospective clients, existing clients, and any other individuals whose personal information we handle.

Contact: info@echostudios.au | 0489 074 049 | Melbourne, VIC, Australia.

2. Information we collect

We may collect and hold the following types of personal information:

  • Identity information — your name, business name, job title, and ABN where applicable.
  • Contact information — email address, phone number, and business address.
  • Enquiry and booking details — the service you are interested in, preferred appointment times, and any messages or notes you provide during the booking process.
  • Marketing and campaign data — where we manage advertising or marketing on your behalf, we may collect performance data associated with your ad accounts, customer audiences, and conversion metrics. This data is collected solely for campaign management and reporting purposes.
  • Website and CRM access credentials — where clients provide us with login credentials or API keys to manage their website, CRM, Google Business Profile, ad accounts, or other digital platforms, we store these securely and use them only for the agreed scope of work.
  • Technical and usage data — IP address, browser type, device information, pages visited, time spent on site, referral source, and UTM campaign parameters. This data is collected automatically through cookies and analytics tools.
  • Payment information — billing details as required for invoicing. We do not store credit card numbers directly; payment processing is handled by third-party providers.

3. How we collect information

We collect personal information through:

  • Our website booking form and contact forms.
  • Email, phone, and video call correspondence.
  • Client onboarding questionnaires and strategy sessions.
  • Third-party platforms where you have authorised us to act on your behalf (e.g. Google Ads, Meta Business Suite, Google Business Profile, GoHighLevel CRM).
  • Cookies and analytics tools embedded on our website.
  • Publicly available information (e.g. business directories, social media profiles) where relevant to delivering our services.

4. How we use your information

We use personal information for the following purposes:

  • To respond to enquiries and schedule discovery calls.
  • To provide, manage, and deliver our marketing, web development, CRM automation, and advertising services.
  • To set up, manage, and optimise advertising campaigns on platforms including Google Ads, Meta (Facebook/Instagram), and other advertising networks.
  • To create and manage CRM records, automations, and pipeline stages within GoHighLevel or other CRM platforms on your behalf.
  • To build, maintain, and host websites and landing pages.
  • To generate performance reports, analytics dashboards, and campaign insights for our clients.
  • To send project updates, invoices, and service-related communications.
  • To improve our website, services, and user experience.
  • To comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Third-party services and disclosure

In order to deliver our services, we may share or process your information through the following categories of third-party services:

  • CRM and automation — GoHighLevel (contact management, booking, pipeline tracking, automated communications).
  • Advertising platforms — Google Ads, Meta (Facebook/Instagram) Ads Manager, where we manage campaigns on your behalf using data you have authorised us to access.
  • Analytics — Google Analytics (GA4) for website traffic analysis; Google Search Console for search performance.
  • Hosting and infrastructure — Vercel (website hosting and deployment).
  • Communication — Email providers, video conferencing tools, and messaging platforms used in the course of client communication.
  • Payment processing — Third-party invoicing and payment tools. We do not directly handle or store credit card information.

These services may store or process data on servers located outside of Australia, including in the United States. Where this occurs, we take reasonable steps to ensure your data is treated in accordance with this policy and applicable privacy laws.

We may also disclose personal information where required or authorised by law, including to comply with a court order, subpoena, or regulatory request.

6. Client data and ad account access

Where clients grant us access to their advertising accounts, CRM systems, website hosting, domain registrars, Google Business Profile, or other digital platforms, we access and use that data solely for the purpose of delivering the agreed services. We do not use client account data for any purpose unrelated to the client engagement.

Upon termination of a client engagement, we will return or transfer ownership of all accounts and assets as outlined in the service agreement, and revoke our access within a reasonable timeframe unless otherwise agreed.

7. Cookies and tracking

Our website uses:

  • Essential cookies — required for the website to function correctly (e.g. session management).
  • Analytics cookies — Google Analytics (GA4) collects anonymised usage data to help us understand visitor behaviour, traffic sources, and content performance.
  • UTM and referral tracking — we capture URL parameters (utm_source, utm_medium, utm_campaign) and referring page data when you submit a booking form, to understand how visitors find our services.

You can disable cookies through your browser settings at any time. Disabling analytics cookies will not affect the functionality of our website or booking system.

8. Data retention

We retain personal information only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Specifically:

  • Enquiry and booking data is retained in our CRM for the duration of the business relationship and for up to 24 months after the last interaction, unless deletion is requested.
  • Client project data, including campaign reports and website assets, is retained for the duration of the engagement and a reasonable period thereafter to support handover and continuity.
  • Financial records are retained for seven (7) years in accordance with Australian tax law.
  • Website analytics data is retained according to the default retention settings of Google Analytics.

9. Data security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • HTTPS encryption on all website traffic.
  • Server-side storage of API keys and credentials (never exposed to the browser).
  • Rate limiting on API endpoints to prevent abuse.
  • Secure, access-controlled storage of client credentials and platform logins.
  • Regular review of third-party service security practices.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Your rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that we correct any inaccurate or out-of-date information.
  • Deletion — request that we delete your personal information, subject to our legal obligations to retain certain records.
  • Complaint — lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe your privacy has been breached.

To exercise any of these rights, contact us at info@echostudios.au. We will respond to your request within 30 days.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. Continued use of our website or services after any changes constitutes acceptance of the updated policy.