Privacy policy.

AE Studio, Inc. ("AE Studio", "we", "us") operates the AE Studio service (the "Service"). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it.

Account data: name, email, phone, business name, profile content you choose to share.

Verification data: government ID document, biometric face match (during Phase 2 onwards). Verification data is processed by our identity-verification partner (Persona) and stored only as long as required for fraud prevention and regulatory compliance.

Engagement data: briefs, messages, files exchanged through the Service, deliverables, ratings, reviews.

Payment data: card and bank details handled exclusively by Stripe; we never see or store full card numbers.

Technical data: IP address, device, browser, language, timezone, behavioural signals used for fraud detection.

To operate, secure, and improve the Service.

To match buyers and talent, prevent fraud, and enforce our Terms.

To send transactional notifications about your briefs, projects, and payments.

To send product updates only with your explicit consent. You may opt out any time.

To comply with legal obligations and respond to lawful requests.

Service providers acting on our instructions: Stripe (payments + escrow), Persona (identity verification), Resend / SendGrid (transactional email), our cloud hosting provider, our error-monitoring tools.

Other AE Studio users only as necessary for an active engagement (e.g. a buyer sees a matched talent's profile and reviews).

Authorities when legally compelled, or to prevent harm consistent with the law.

We do not sell personal data. We do not share data for cross-context behavioural advertising.

We process data in the regions where our service providers operate. Where data leaves your country, we rely on appropriate safeguards (Standard Contractual Clauses, equivalent regimes).

We retain account data while your account is active and for up to 24 months after closure for fraud-prevention and legal-compliance purposes. Identity-verification data follows our verification partner's retention schedule, typically 7 years for sanctioned-jurisdiction compliance. You may request earlier deletion under the rights below.

Subject to local law, you may request access, correction, deletion, restriction, or portability of your personal data, and you may object to certain processing. Email hello@aussieengineers.com. We reply within 30 days.

Australian users: this policy is consistent with the Australian Privacy Principles under the Privacy Act 1988. Complaints can be lodged with the Office of the Australian Information Commissioner (OAIC).

EEA / UK users: you may lodge a complaint with your local data-protection authority.

California users: your CCPA / CPRA rights are honoured the same way.

We use a small number of cookies for essential session and security functions. Analytics is provided by privacy-respecting tools (e.g. Plausible) that do not track users across sites and do not require a cookie banner. We do not use cross-site tracking.

Data in transit is protected with TLS. Data at rest is encrypted (AES-256). Access to production systems is least-privilege and audited. We will publish security incidents that affect users within 72 hours.

We may update this policy. Material changes will be communicated via email and published here with an updated effective date.

Privacy enquiries: hello@aussieengineers.com.