Legal · Updated 30 May 2026

Privacy Policy.

What we collect, why we collect it, where it lives, and what you can do about it.

Who we are

RedEarthOne (ABN 34 693 896 641) is the data controller for the information described in this policy. Our registered address is 2/14 Binnacle Court, Yamba, NSW 2464, Australia.

This policy describes how we collect, use, disclose, store and protect personal information when you visit redearthone.com, redearthone.com.au or any other RedEarthOne website. It complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, and is written to be consistent with our obligations under the EU General Data Protection Regulation (GDPR) and the UK GDPR for visitors from those jurisdictions.

For the actual RedEarthOne platform (separate from the marketing site), a more detailed data processing agreement applies — contact us if you're a prospective customer who needs to review it.

What personal information we collect

We collect personal information in three ways:

You give it to us directly. The site has a small number of forms. Specifically:

  • Waitlist signup — we ask for your email address (required); name, organisation, role and operation size (all optional); and any notes you choose to add.
  • Contact / demo request — name, email, organisation and your message.
  • Any other correspondence you initiate by email, social or post.

We collect it automatically. When you visit the site we and our service providers may collect:

  • Your IP address and approximate geographic location (used for region detection between the .com and .com.au variants of the site).
  • The pages you visit, the time you arrive and leave, the referring URL and the search terms that brought you (if available).
  • Browser type, operating system, screen resolution, device type.
  • Cookie-set identifiers (see Cookie Notice).

For visitors in GDPR jurisdictions (EU, UK, Switzerland and the EEA), analytics cookies are not set until you affirmatively accept on the cookie banner. Until then, only cookieless modelled pings are collected. For visitors elsewhere, analytics cookies are set on first visit with the option to reject from the banner or footer at any time.

From third parties. We may receive information from third-party services we use to operate the site — for example, deliverability bounces from our email provider — and from publicly available business records (where you're acting in a business capacity).

Why we collect it and what we use it for

We use personal information for the following purposes:

  • To respond to you — answering enquiries, sending the waitlist confirmation, scheduling demos, following up on conversations you've started.
  • To run the waitlist — managing the early-access queue, sequencing onboarding cohorts, notifying you when access opens for your role and operation type.
  • To improve the site — analytics on which pages get traffic, where visitors arrive from, where they drop off, what we should write next.
  • To comply with law — meeting our obligations under the Privacy Act, the Spam Act 2003, the GDPR and any other applicable legislation.
  • To protect the site and our users — detecting fraud, abuse and security incidents.

We will not use your personal information for materially different purposes (a "secondary purpose" under the Australian Privacy Principles) without first notifying you and, where required by law, obtaining your consent.

Lawful basis under the GDPR (EU / UK / EEA visitors)

Where the General Data Protection Regulation (or UK GDPR) applies, we rely on the following lawful bases under Article 6 GDPR:

  • Consent (Article 6(1)(a)) — for analytics cookies in GDPR jurisdictions, and for any marketing communications you separately opt into. You can withdraw consent at any time.
  • Contract (Article 6(1)(b)) — to take steps at your request before entering a contract: specifically, to process your waitlist signup so we can invite you to access the platform when your cohort opens.
  • Legitimate interests (Article 6(1)(f)) — for security and fraud prevention, basic analytics in non-GDPR jurisdictions, and responding to contact-form submissions you initiate. Our interests are running and improving a safe and useful site; we don't believe they override your interests or fundamental rights.
  • Legal obligation (Article 6(1)(c)) — for any disclosure we're legally required to make to law enforcement, regulators or courts.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects (Article 22 GDPR).

Who we share it with

We do not sell personal information.

We may share personal information with the following categories of recipient, only to the extent necessary for the purposes above:

  • Service providers who help us operate the site or the business — hosting providers (AWS), email delivery (e.g. transactional email providers), analytics (Google Analytics, configured with anonymised IP), CRM and customer-service tools, accountants and lawyers. Each is bound by confidentiality and data-protection obligations.
  • Law enforcement, regulators and courts, where we're legally compelled to disclose.
  • An acquirer in the event of a sale, merger or restructure of RedEarthOne — your information would transfer subject to this policy or one no less protective.

International transfers

Where personal information leaves Australia (for example because a service provider is hosted overseas), we comply with Australian Privacy Principle 8: we take reasonable steps to ensure the overseas recipient handles the information consistently with the APPs, or we obtain your consent to the transfer.

Where the GDPR applies and we transfer personal information outside the European Economic Area or the United Kingdom, we rely on one of the following lawful transfer mechanisms:

  • Adequacy decisions — where the destination country has been recognised by the European Commission (or the UK Information Commissioner) as providing an adequate level of protection.
  • Standard Contractual Clauses — for transfers to countries without an adequacy decision, we use the European Commission's (and where applicable the UK's International Data Transfer Agreement / Addendum) Standard Contractual Clauses with the recipient.
  • Your explicit consent to the specific transfer, where neither of the above applies.

Where your data is stored

The marketing site is hosted on Amazon Web Services. Application data for the RedEarthOne platform is pinned to a home region (currently eu-north-1, us-east-1 or ap-southeast-2) and cross-region writes are blocked by default. For platform customers, more detailed data-residency controls and an audit trail are available via the Data Sovereignty Dashboard.

Email and ancillary services may store small amounts of metadata (e.g. an email address, a delivery timestamp) outside your home region as a function of how the global mail and analytics infrastructure works.

How long we keep it

We retain personal information only for as long as we need it for the purposes for which we collected it, or for as long as we're required to by law.

  • Waitlist signups — retained until you ask us to delete them, or until 36 months after your last interaction, whichever is sooner.
  • Contact form submissions — retained for as long as the conversation is active, plus 24 months for record-keeping.
  • Analytics data — Google Analytics retention is set to 14 months for user-level data; aggregated reporting is retained indefinitely.
  • Records we must keep for tax, accounting or legal reasons — for the period required by law (typically 7 years in Australia).

Your rights

Subject to applicable law, you have the following rights:

Under the Australian Privacy Principles:

  • Access (APP 12) — to be given access to the personal information we hold about you.
  • Correction (APP 13) — to have us correct information that is inaccurate, out of date, incomplete, irrelevant or misleading.
  • Anonymity / pseudonymity (APP 2) — to deal with us anonymously or under a pseudonym, where lawful and practicable.
  • Complaint — to complain to us about how we handle your personal information.

Under the GDPR / UK GDPR (where applicable):

  • Access (Article 15) — a copy of the personal data we hold about you, and information about how we process it.
  • Rectification (Article 16) — correction of inaccurate or incomplete data.
  • Erasure (Article 17, the "right to be forgotten") — deletion of your data where we have no overriding legal basis to keep it.
  • Restriction of processing (Article 18) — temporary suspension of processing in specific circumstances (e.g. while accuracy is being verified).
  • Data portability (Article 20) — a copy of your data in a structured, commonly used, machine-readable format, and the right to have it transmitted to another controller.
  • Objection (Article 21) — to object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent (Article 7(3)) — at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Complaint to a supervisory authority (Article 77) — see "Complaints" below.

For all visitors, regardless of jurisdiction:

  • Opt out of marketing communications — every email we send has an unsubscribe path (reply with UNSUBSCRIBE in the subject line, or email [email protected]). Under the Spam Act 2003 (Cth) we'll remove you within 5 business days of receiving your request.

To exercise any of these rights, email [email protected] from the address you're enquiring about, or write to us at the postal address below. We'll respond within a reasonable time and in any event within 30 days of receipt. Where we need additional information to verify your identity before responding, we'll request it promptly.

Most requests are handled at no cost. Where a request is manifestly unfounded, excessive or repetitive, we may charge a reasonable fee or refuse the request, and we'll tell you why.

Cookies

The site uses cookies and similar technologies for functional, analytical and performance purposes. Full detail of which cookies we set and how to manage them is in the Cookie Notice.

Security

We take reasonable steps (consistent with Australian Privacy Principle 11 and Article 32 GDPR) to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure — including HTTPS in transit, encryption at rest where supported, access controls on our infrastructure, regular patching, least-privilege internal access, multi-factor authentication for administrative access, regular backups, and ongoing review of our security controls.

No system is completely secure. We do not warrant absolute security and you acknowledge that you provide personal information at your own risk.

Notifiable Data Breaches

Under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988), we will notify you and the Office of the Australian Information Commissioner (OAIC) as soon as practicable if we become aware of an eligible data breach — meaning a breach of our security that is likely to result in serious harm to one or more individuals — unless an exception applies.

Under Articles 33 and 34 of the GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach (unless the breach is unlikely to result in a risk to your rights and freedoms), and we will notify you directly without undue delay where the breach is likely to result in a high risk to your rights and freedoms.

Breach notifications will describe (so far as we are able to at the time): the nature of the breach, the categories and approximate number of individuals and records affected, the likely consequences, and the measures we are taking to address it and mitigate its possible adverse effects.

Children

This site is directed at adult operators of farms and agriculture-adjacent businesses. We don't knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we'll delete it.

Complaints

If you have a privacy complaint, contact us first at [email protected]. We'll investigate and respond.

If you're not satisfied with our response, you can complain to:

  • Australia — Office of the Australian Information Commissioner (OAIC), oaic.gov.au
  • European Union / EEA — your national data protection authority
  • United Kingdom — Information Commissioner's Office (ICO), ico.org.uk

Changes to this policy

We may update this policy from time to time. The "Updated" date at the top of the page shows the latest revision. Where changes are material, we'll let you know — by email if we have your contact, by a notice on the site if we don't.

Contact

Email [email protected] or write to RedEarthOne, 2/14 Binnacle Court, Yamba, NSW 2464, Australia.