Studio Terra Florals

Studio Terra Florals

← Studio Terra

Privacy Policy

Last updated: 18 May 2026

1. Who we are

Studio Terra Florals is a sole trader business based in Sydney, NSW, Australia (ABN [YOUR_ABN]). We operate studioterra.com.au and sell preserved and dried floral arrangements online and by commission.

For privacy enquiries, contact us at: [YOUR_LEGAL_EMAIL]

2. Information we collect

  • Order & enquiry data: name, email address, phone number, and delivery address — collected when you place an order, submit a custom enquiry, or contact us directly.
  • Payment details: processed entirely by Square Payments. We do not receive, store, or have access to your card number, CVV, or full payment credentials.
  • Email address: collected when you subscribe to our mailing list, with your explicit consent.
  • Anonymised session analytics: a randomly generated session ID, pages visited, time on page, and the referring website. No personally identifiable data is collected in analytics, and no tracking cookies are set.

3. How we use your information

  • Processing and fulfilling your order or commission
  • Communicating with you about your order, enquiry, or arrangement
  • Sending promotional or newsletter emails — only to addresses that have opted in
  • Improving the website through anonymised, aggregate analytics
  • Meeting our legal and tax obligations

4. Disclosure to overseas recipients (APP 8)

We use third-party service providers that may store or process your data outside Australia. By using our website or placing an order you consent to this cross-border transfer.

  • Square Payments (United States) — payment processing and checkout
  • Resend (United States) — transactional and marketing email delivery
  • Twilio (United States) — SMS order notifications
  • OpenAI (United States) — AI-assisted invoice parsing (admin only) and AI content generation
  • Vercel Inc. (United States) — website hosting, serverless functions, and data storage

We take reasonable steps to ensure each provider maintains appropriate data security practices.

5. AI-assisted content

Our administration system uses OpenAI to assist with parsing supplier invoices and drafting product descriptions and blog posts. This processing occurs solely within our internal tools. All AI-generated content is reviewed by a human before publication. Supplier invoice data shared with OpenAI is not retained beyond the import session.

6. Analytics

We operate our own lightweight analytics using anonymised session identifiers. We record which pages are visited, time spent on each page, and the referring website. No personally identifiable data is recorded. No third-party analytics platforms (such as Google Analytics) are used on this website.

7. Email marketing — Spam Act 2003

We only send marketing emails to addresses that have explicitly opted in. Every marketing email contains a clearly visible unsubscribe link. We honour all unsubscribe requests promptly. We do not purchase, rent, or share email lists.

8. Data retention

  • Order records: retained for 7 years to meet Australian Taxation Office requirements.
  • Subscriber email addresses: retained until you unsubscribe or request deletion.
  • Analytics events: retained for approximately 90 days.
  • Enquiry messages: retained for up to 2 years, then deleted.

9. Security

All data is transmitted over HTTPS. Our administration system is password-protected. We do not store card numbers or any payment credentials — Square's PCI-compliant infrastructure handles all payment data.

10. Your rights

Under the Australian Privacy Act 1988, you have the right to access, correct, or request deletion of personal information we hold about you. Email [YOUR_LEGAL_EMAIL] and we will respond within 30 days.

11. Complaints

If you believe we have breached the Australian Privacy Principles, please contact us first at [YOUR_LEGAL_EMAIL]. If unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. In the event of an eligible data breach likely to result in serious harm, we will notify affected individuals and the OAIC as required by law.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.

Studio Terra Florals · Sydney, NSW, Australia · studioterra.com.au

Privacy PolicyTerms & ConditionsRefund & Returns