Legal

Privacy Policy

How we collect, use, share, and protect personal information across the Deep Stream Data website, our opt-in measurement panel, and our customer product.

Effective date: 23 April 2026
Last updated: 24 April 2026
Controller: Deep Stream (Australia) Pty Ltd (ABN 15 697 120 264 / ACN 697 120 264)

Contents

  1. Who we are
  2. Scope of this policy
  3. What we collect
  4. How we use information
  5. Legal bases (GDPR)
  6. Opt-in panel members
  7. Sharing and disclosure
  8. International transfers
  9. Retention
  10. Your rights
  11. California (CCPA)
  12. EEA and UK (GDPR)
  13. Australia (APPs)
  14. Cookies and tracking
  15. Children
  16. Security
  17. Changes to this policy
  18. Contact and complaints

1. Who we are

Deep Stream Data is a digital journey intelligence platform operated by Deep Stream (Australia) Pty Ltd ("Deep Stream Data," "we," "us," "our"), an Australian proprietary limited company. This policy describes how we handle personal information when you visit deepstreamdata.com, contact us, participate in our measurement panel, or use our product as a customer.

2. Scope of this policy

This policy covers three groups of people:

  • Website visitors — anyone who visits our website, reads our content, or contacts us.
  • Panel members — individuals who have given explicit, informed opt-in consent to contribute passive measurement data through our panel.
  • Customers — businesses, and the authorised individuals within them, who license the Deep Stream Data product.

If we introduce a separate, more detailed notice for panel members in the future, that notice will govern panel participation and will be presented at the point of panel sign-up.

3. What we collect

Website visitors

  • Contact details you choose to give us — name, email address, phone number, company, job title — when you request a demo, send us an email, or book through our scheduling tool.
  • Technical data our servers and content delivery network receive automatically — IP address, user agent string, referrer, requested URL, timestamp, and approximate geography derived from IP.
  • Meeting scheduling data you provide when booking a demo through our embedded scheduler (calendar time, time zone, optional notes). This data is processed by our scheduling provider and by us.

Panel members

  • Account and consent records — the identifier you used to join, the date and version of consent given, any consent preferences you have set, and records of any consent withdrawal.
  • Demographic information you choose to provide — age band, gender, country, and other optional attributes used to weight the panel and produce representative samples.
  • Passive web behaviour — URLs visited by devices running our panel software, timestamps, dwell time, and metadata about the browsing session. Panel members consent to this measurement before any data is collected. We exclude categories such as URLs identified as sensitive (banking, health, adult content) and we redact query strings that are known to contain personal identifiers.
  • Device information — operating system, browser, device category, and identifiers used only to de-duplicate sessions. We do not collect contact data, contact lists, messages, photos, or files from panel devices.

Customers

  • Account data — business name, billing contact, technical contact, and authentication credentials for users you authorise to access the product.
  • Usage data — what features are used, queries run, dashboards viewed, and audit logs of product activity.
  • Billing data — invoicing information, purchase orders, and payment status. We do not store full card numbers; payments are processed by our payment provider.

4. How we use information

We use personal information to:

  • Respond to enquiries and schedule demos.
  • Operate, maintain, and improve the website and product.
  • Recruit, onboard, and manage panel members who have given consent.
  • Produce measurement insights for customers using aggregated, de-identified panel data.
  • Bill customers, recover unpaid amounts, and manage our commercial relationships.
  • Detect, investigate, and prevent security incidents, fraud, and abuse.
  • Meet legal, regulatory, audit, tax, and accounting obligations.
  • Send service communications (e.g., security alerts, material policy changes). We use marketing communications only with the consent required in your jurisdiction and you can opt out at any time.

We do not sell personal information. We do not use panel data for advertising, retargeting, or profiling of individuals.

For individuals in the EEA, UK, or Switzerland, we rely on the following legal bases under the GDPR:

  • Consent — for panel participation, optional cookies and analytics, and marketing communications where consent is required.
  • Contract — where we need to process information to provide the product or service you have requested, including scheduling demos.
  • Legitimate interests — for website operation, product improvement, fraud prevention, and direct communications with existing business customers. We balance these interests against your rights and freedoms.
  • Legal obligation — where processing is necessary to comply with a law that applies to us.

6. Opt-in panel members

Our measurement panel operates on a strict consent-first basis. No passive data is collected from a device until the panel member has:

  • Reviewed a plain-language description of what will be measured and why.
  • Given explicit, affirmative consent to participate.
  • Installed or enabled our measurement software themselves.

Panel members can withdraw consent at any time. Withdrawal stops future collection immediately and triggers deletion of linkable identifiers within a reasonable period. Panel members can request access, correction, export, or deletion of their data by contacting privacy@deepstreamdata.com or using the in-app tools we provide.

Data produced for customers is always aggregated and statistically adjusted so that no individual panel member can be re-identified.

7. Sharing and disclosure

We share personal information only with:

  • Service providers who process data on our behalf under written contracts — including cloud hosting (Amazon Web Services, region: ap-southeast-2 and us-east-1), email delivery, scheduling, customer support, analytics (Google LLC, for Google Analytics 4 and Google Tag Manager — see Section 14), advertising measurement and retargeting (LinkedIn Ireland Unlimited Company and its affiliate LinkedIn Corporation, through the LinkedIn Insight Tag — see Section 14), and payment processing. These providers may only use the data to deliver services to us.
  • Professional advisors — auditors, lawyers, and accountants — where necessary and under confidentiality obligations.
  • Regulators, courts, or law enforcement — where required by valid legal process or to protect rights, property, or safety.
  • Successors — in the event of a merger, acquisition, or asset sale, subject to appropriate safeguards and continuity of this policy.

We do not share personal information with third parties for their own marketing purposes.

8. International transfers

We are based in Australia. Our service providers may process data in Australia, the United States, the European Union, or other jurisdictions. When we transfer personal information outside your country, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms — so that the data remains protected.

9. Retention

We keep personal information only for as long as we need it:

  • Website contact enquiries — up to 24 months after our last contact, or longer if you become a customer or panel member.
  • Server and security logs — typically 90 days, up to 12 months for investigations.
  • Panel data linked to an individual — while consent remains active, plus a short reconciliation period after withdrawal, after which identifiers are deleted or irreversibly de-identified.
  • Customer account and billing data — for the life of the contract and for up to seven years thereafter to meet Australian tax and accounting obligations.

Aggregated or fully de-identified data that cannot be linked back to an individual may be retained indefinitely for analytics and research.

10. Your rights

Subject to your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of information that is inaccurate or incomplete.
  • Request deletion of your information.
  • Request restriction of, or object to, certain processing.
  • Request a portable copy of information you provided to us.
  • Withdraw consent at any time, without affecting processing carried out before withdrawal.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, email privacy@deepstreamdata.com. We will verify your identity before acting and will respond within the timeframe required by law — typically 30 days.

11. California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, disclose, and retain about you; to request deletion; to correct inaccurate information; to limit the use of sensitive personal information; and not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA. To make a request, email privacy@deepstreamdata.com. You may designate an authorised agent to make a request on your behalf.

12. European Economic Area, United Kingdom, and Switzerland

If you are in the EEA, UK, or Switzerland, Deep Stream (Australia) Pty Ltd is the controller of your personal information. You can contact us at privacy@deepstreamdata.com. You also have the right to complain to your local supervisory authority. In the UK, that is the Information Commissioner's Office (ICO). A list of EEA authorities is maintained on the European Data Protection Board website.

13. Australia (Australian Privacy Principles)

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You have the right to access and correct the personal information we hold about you, and to make a complaint if you believe we have breached the APPs. We will respond to complaints within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

14. Cookies and tracking

Our website uses a small set of cookies and similar technologies. We do not use cookies to build advertising profiles across other sites, and we do not sell advertising.

Categories

  • Strictly necessary — required for the site to function (for example, maintaining a session if you are logged into the product, or remembering your cookie preferences). These are set regardless of consent.
  • Analytics — we use Google Analytics 4, delivered through Google Tag Manager, to understand how visitors use the site so we can improve it. In the EEA, UK, and other jurisdictions that require consent for analytics cookies, these are only set after you accept them via our cookie banner.
  • Advertising and measurement — we use the LinkedIn Insight Tag, also delivered through Google Tag Manager, to measure the effectiveness of LinkedIn advertising campaigns, build retargeting audiences of people who have visited our site, and access aggregated professional demographics (such as seniority, company, industry) about our site visitors. Individual visitors are not identified to us through this tool. In the EEA, UK, and other jurisdictions that require consent, these are only set after you accept them via our cookie banner.
  • Embedded scheduling — the demo scheduler on our contact page is provided by a third party that may set its own cookies when you interact with it.

Google Analytics 4 cookies

When analytics are active, Google Analytics 4 sets the following first-party cookies:

  • _ga — distinguishes users. Retention: up to 2 years.
  • _ga_<container-id> — maintains GA4 session state, where <container-id> is the GA4 property identifier. Retention: up to 2 years.

Google Analytics processes data on our behalf under written data-processing terms. IP addresses are truncated before being stored (IP anonymisation is on by default in GA4). Google may transfer data to the United States under the European Commission's Standard Contractual Clauses and the EU–US Data Privacy Framework. Further information is available in Google's privacy policy and Google's data processing terms.

LinkedIn Insight Tag cookies

When advertising and measurement cookies are active, the LinkedIn Insight Tag (provided by LinkedIn Ireland Unlimited Company for visitors in the EEA, UK, and Switzerland; by LinkedIn Corporation elsewhere; both subsidiaries of Microsoft Corporation) may set the following cookies:

  • li_sugr — browser identifier used to match members and non-members for analytics and advertising. Retention: up to 90 days.
  • bcookie — LinkedIn browser identifier. Retention: up to 1 year.
  • bscookie — secure LinkedIn browser identifier. Retention: up to 1 year.
  • lidc — load-balancing cookie used by LinkedIn to route requests. Retention: 1 day.
  • UserMatchHistory — syncs LinkedIn ad IDs with Deep Stream Data visitor events for retargeting. Retention: up to 30 days.
  • AnalyticsSyncHistory — records the last sync with LinkedIn advertising services. Retention: up to 30 days.

LinkedIn processes data as a joint controller with Deep Stream Data for the purposes set out in the LinkedIn Ads Agreement and Joint Controller Addendum. LinkedIn may transfer data to the United States under the European Commission's Standard Contractual Clauses and the EU–US Data Privacy Framework. Further information is available in the LinkedIn Privacy Policy and the LinkedIn Cookie Policy. IP addresses collected via the Insight Tag are not stored by LinkedIn after they have been resolved to approximate geography.

How to control or opt out

  • Use your browser settings to block or delete cookies. Blocking strictly necessary cookies may break parts of the site.
  • Install the Google Analytics Opt-out Browser Add-on to prevent Google Analytics from loading on any website you visit.
  • Opt out of LinkedIn-managed advertising and data collection at linkedin.com/psettings/guest-controls (if you are not a LinkedIn member) or linkedin.com/psettings/advertising (if you are a member).
  • In jurisdictions that require prior consent for analytics or advertising cookies, you can withdraw consent at any time by changing your selection on our cookie banner or by emailing privacy@deepstreamdata.com. Withdrawal does not affect processing carried out before withdrawal.

15. Children

Our website, panel, and product are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, email privacy@deepstreamdata.com and we will delete it.

16. Security

We use a combination of administrative, technical, and physical safeguards to protect personal information, including encryption in transit and at rest, role-based access controls, audit logging, and periodic security reviews. No system is perfectly secure. If we ever become aware of a notifiable data breach, we will notify affected individuals and regulators as required by applicable law.

17. Changes to this policy

We may update this policy from time to time. When we make material changes, we will post the updated policy on this page and, where appropriate, notify you by email or through the product. The "Last updated" date at the top of the page reflects the most recent revision.

18. Contact and complaints

If you have a question about this policy or want to exercise a right, contact us:

If you are in Australia and your complaint is not resolved to your satisfaction, you may contact the OAIC. If you are in the EEA, UK, or Switzerland, you may contact your local supervisory authority.

This policy is a general description of our practices and does not create rights or obligations beyond those provided by applicable law. See also our Terms of Service.