Privacy Policy
Disclaimer
This Privacy Policy is a template document and has not yet been reviewed by legal counsel. Before deploying to production, this policy must be reviewed and approved by an Australian privacy lawyer and, for EU users, by an EU data protection compliance specialist (GDPR/DPA). Do not rely on this document as final legal guidance.
1. About Us
StudioLedger ("we", "us", "our", or "the Platform") is a creator marketplace platform operated by StudioLedger Pty Ltd, based in Australia. We facilitate escrow-protected contracts between creators (service providers) and marketmakers (buyers) using the XRP Ledger (XRPL), a public blockchain network.
Our service combines:
- Multi-currency wallet functionality (XRP, RLUSD, stablecoins)
- Escrow-protected contract execution
- Minted Craft Credential (MCC) issuance (portfolio proof of completed work)
- Community arbitration for dispute resolution
We process personal information to provide this service, comply with legal obligations under Australian and international law, and protect the integrity of our platform.
2. Information We Collect
2.1 Account Information
When you create a StudioLedger account, we collect:
- Legal name (full legal name as you intend it for contracts and payment)
- Email address (via Google OAuth or direct entry)
- Phone number (for verification and communication)
- Date of birth (age verification, compliance)
- Residential address (jurisdiction verification, AML/CTF compliance)
- Country of residence (sanctions screening, regulatory compliance)
- Nationality (KYC/AML screening, Travel Rule eligibility)
- Role(s) (creator, marketmaker, or both)
- Display name (username, may differ from legal name)
2.2 Identity Verification Data
If required for higher-value transactions or as a condition of account verification:
- Government-issued photo ID (passport, driver's license, national ID)
- Facial recognition data (live biometric capture for liveness detection)
- Verification results from our KYC provider (Sumsub or Onfido)
- Sanctions screening results (DFAT, OFAC, EU, UN list checks)
2.3 Wallet Data
- XRPL wallet address (platform-generated or user's existing wallet)
- Wallet provider type (Xaman, MetaMask, Phantom, GemWallet, Crossmark, or platform-generated)
- Public key (required for transaction signing)
- Wallet balances (XRP, RLUSD, stablecoins — periodically queried from the blockchain)
2.4 Transaction Data
All transactions you initiate on the Platform or via the XRPL are recorded:
- Escrow transactions (creation, finish, cancellation)
- Payment transactions (transfers between wallets)
- MCC minting transactions (Work Credentials, Usage Right Licenses, Membership Access Tokens)
- DEX swap transactions (currency conversions)
- Trust line transactions (setting up currency relationships)
- Transaction amounts, currencies, counterparty addresses
- Transaction hashes, sequence numbers, ledger closes
- Timestamps, status (pending/confirmed/failed)
2.5 Contract Data
- Contract terms (scope, deliverables, timeline, payment structure)
- Milestone details (descriptions, due dates, approval requirements)
- Contract status (draft, funded, active, completed, disputed, cancelled)
- Approval/rejection records (who approved what, when, with feedback)
- Contract amendments (versioning, change history)
2.6 MCC (Minted Craft Credential) Data
- MCC tokens issued (Work Credentials, Licenses, Access Passes)
- Taxon type (Taxon 1 = Work Credential, Taxon 2 = License, Taxon 3 = Access Pass)
- Associated contract ID and milestone ID
- MCC metadata (stored on IPFS via Pinata)
- Ownership transfers (when MCCs are bought, sold, or transferred)
2.7 Deliverable Data
- Deliverable files (uploaded by creator to fulfill milestones)
- File hashes (IPFS content addressing — stored on IPFS/Pinata)
- Descriptions and metadata (context for deliverables)
- File size, format, upload timestamp
2.8 Platform Usage Data
- Login history (date, time, IP address, success/failure)
- Pages visited (dashboard, profile, contracts, marketplace, settings)
- Time spent on pages (analytics)
- Device type and OS (mobile, desktop, operating system)
- Browser type and version (Chrome, Firefox, Safari, etc.)
- IP address and geolocation (country, city — approximated from IP)
- Referral source (how you found StudioLedger)
2.9 Communications Data
- In-platform messages (between creators and marketmakers)
- Dispute evidence (uploaded files, written statements, contract excerpts)
- Support tickets and communications (emails, form submissions)
- Notification preferences (email, SMS, in-app)
2.10 Sensitive Information (Special Category Data)
We do not intentionally collect:
- Race, ethnicity, or religious beliefs
- Political opinions or affiliations
- Trade union membership
- Genetic or biometric data (except facial recognition for KYC liveness detection)
- Health data or medical information
- Sexual orientation or gender identity
Exception: Facial recognition data collected during KYC verification is processed strictly for identity verification and liveness detection, then deleted after verification is complete.
3. How We Use Your Information
3.1 Service Provision
We use your information to:
- Create and maintain your account
- Process escrow contracts and milestones
- Mint and track Minted Craft Credentials
- Facilitate payments and currency conversions
- Provide wallet functionality and balance queries
- Support dispute resolution and arbitration
- Send transaction confirmations and status updates
3.2 KYC/AML Compliance (Anti-Money Laundering & Counter-Terrorism Financing)
Under the Australian Anti-Money Laundering/Counter-Terrorism Financing Act 2006 and equivalent international regimes:
- Verify your identity using government-issued ID and facial recognition
- Screen your wallet address against DFAT, OFAC, EU, and UN sanctions lists
- Monitor for suspicious activity and unusual transaction patterns
- Comply with the Travel Rule (sharing customer information for high-value transactions >AUD$3,000 USD equivalent)
- Conduct sanctions due diligence on counterparties
- Report suspicious matters to the Australian Transaction Reports and Analysis Centre (AUSTRAC) where legally required
- Comply with UN, FATF, and OFAC obligations
3.3 Transaction Monitoring
- Monitor contract and transaction patterns for fraud, money laundering, or sanctions violations
- Flag high-risk transactions for review
- Block or cancel transactions that violate compliance rules
- Investigate disputes and verify transaction legitimacy
3.4 Dispute Resolution and Arbitration
- Store and process dispute evidence
- Assign arbitrators and community panels
- Mediate between disputing parties
- Track dispute outcomes and enforcement
3.5 MCC Minting and Credentialing
- Record MCC issuance and ownership
- Link MCCs to completed contracts and milestones
- Track MCC transfers and trading
- Calculate reputation scores based on MCC holdings
3.6 Analytics and Improvement
- Analyze platform usage to improve features
- Track user behavior and engagement (anonymized where possible)
- Identify bugs, performance issues, and security risks
- Generate aggregate reports (no personal data in public reports)
3.7 Legal and Compliance
- Respond to legal requests (court orders, subpoenas, government inquiries)
- Comply with tax obligations (reporting to Australian Tax Office if applicable)
- Enforce Terms of Service and resolve disputes
- Protect our legal rights and the rights of others
3.8 Communications
- Send you transaction confirmations and receipts
- Send updates about contract status
- Send security alerts and verification requests
- Send marketing emails (only with your consent)
- Send support responses and service notifications
4. Legal Bases for Processing
We process your personal information under the following legal bases (Australian Privacy Act 1988 and GDPR):
| Purpose | Legal Basis |
|---|---|
| Account creation & service provision | Contract performance (we need your data to provide the service) |
| KYC/AML/CTF compliance | Legal obligation (Anti-Money Laundering Act 2006, Travel Rule, sanctions law) |
| Transaction monitoring & fraud prevention | Legal obligation + legitimate interests |
| Dispute resolution | Contract performance + legitimate interests |
| Compliance, taxes, legal requests | Legal obligation + legitimate interests |
| Communications (essential) | Contract performance + legal obligation |
| Marketing & newsletters | Consent (opt-in, can be withdrawn) |
| Analytics & platform improvement | Legitimate interests (with privacy safeguards) |
| Security and abuse prevention | Legitimate interests (protection of the platform and users) |
For EU users: We rely on the following GDPR legal bases:
- Article 6(1)(b) — Contract performance
- Article 6(1)(c) — Legal obligation
- Article 6(1)(f) — Legitimate interests (fraud prevention, security, analytics)
- Article 6(1)(a) — Consent (for marketing)
- Article 9(2)(a) — Explicit consent (for biometric data in KYC)
5. Blockchain Data Disclosure
Critical: The XRP Ledger is a public blockchain. Any transaction recorded on the XRPL is permanently visible to the entire world.
5.1 What is Public
When you conduct transactions on StudioLedger, the following information is recorded on the XRPL and is permanently public:
- Your XRPL wallet address (or pseudonym if you use a platform-generated account)
- Recipient wallet address
- Amount and currency
- Transaction hash and timestamp
- Transaction type (escrow, payment, MCC mint, etc.)
- Memo fields (if you include any data)
5.2 What is Private (Not on Blockchain)
The following information is stored only in our secure database, not on the blockchain:
- Your legal name, email, phone, address (KYC data)
- Contract terms and negotiations (if not included in escrow memos)
- Private messages between parties
- Dispute evidence and arbitration records
- Your payment history and account activity
5.3 Irreversibility
Once a transaction is recorded on the XRPL, it cannot be deleted, modified, or censored. This is a fundamental property of blockchain technology. We cannot remove this data, and neither can any other party. Your transaction history on the XRPL is permanently part of the public ledger.
5.4 Address De-anonymization Risk
If you use a platform-generated XRPL address, your real identity is not automatically visible on the blockchain. However, if you:
- Link your platform account to a public wallet you control
- Include identifiable information in transaction memos
- Have your address analyzed by third-party blockchain analytics tools
...then your identity may be de-anonymized, and your transaction history may be linked to your real name.
5.5 Your Blockchain Choices
- Use platform-generated wallet: Your identity is hidden from the blockchain; only your generated address appears
- Bring your own wallet: Your existing wallet address is linked to your account; your transaction history on that address becomes part of your StudioLedger profile
- Do not link identifiable data to memos: Avoid including your name, email, or other PII in transaction memo fields
6. Third-Party Data Sharing
We share your personal information with the following third parties:
6.1 Cloud Infrastructure & Hosting
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase (PostgreSQL) | Account data, contract data, transaction records, communications | Database hosting, encrypted at rest |
| Vercel | Account data, usage logs, IP addresses | Frontend hosting and analytics |
| Cloudflare R2 (planned) | Deliverable files, PDFs | File storage and CDN |
Data residency: Supabase may store data in multiple regions (US, EU, or hybrid). We will clarify residency preferences during setup. EU users should note that US data transfer complies with Standard Contractual Clauses (SCCs).
6.2 Blockchain Network
| Provider | Data Shared | Purpose |
|---|---|---|
| XRPL Network | Wallet address, transaction amounts, currency, counterparty addresses, transaction hashes | Public blockchain ledger (irreversible, permanent, public) |
| IPFS / Pinata | Deliverable file hashes, MCC metadata | Distributed file storage (immutable, permanent, publicly accessible if not encrypted) |
Blockchain transparency: All XRPL nodes worldwide have access to transaction data. This is not a data sharing choice; it is the nature of public blockchain technology.
6.3 Identity Verification & KYC
| Provider | Data Shared | Purpose |
|---|---|---|
| Sumsub or Onfido | Government ID images, facial biometric data, full name, DOB, address | Identity verification and liveness detection |
| Sanctions Screening Provider | Wallet address, name, nationality | Checking against DFAT, OFAC, EU, UN sanctions lists |
Data handling: These providers are GDPR-compliant and are selected for their privacy and security standards. Biometric data is deleted after verification is complete.
6.4 Authentication
| Provider | Data Shared | Purpose |
|---|---|---|
| Google (OAuth) | Email address, basic profile | Account creation and sign-in |
Scope: Only your email and basic profile info are shared; we do not access your Google Drive, Gmail, or other Google services.
6.5 Regulatory & Government
| Agency | Data Shared | Scenario |
|---|---|---|
| AUSTRAC (Australia) | Name, wallet address, transaction records, beneficial ownership data | Suspicious Matter Reports (SMRs) if required by AML/CTF law |
| Australian Tax Office | Income/transaction data | If required by tax law (depends on your jurisdiction) |
| Law Enforcement | Account data, transaction records, communications | In response to court orders, subpoenas, or legal requests |
| Sanctions Authorities | Wallet address, name | If sanctions violations are detected |
Notification: We will notify you of legal requests unless legally prohibited from doing so.
6.6 Service Providers
We may share limited data with:
- Payment processors (if fiat on/off-ramp is added in future)
- Customer support tools (ticketing systems, chatbots)
- Analytics services (anonymized usage data)
- Email delivery services (Sendgrid or equivalent — to send transactional emails)
7. International Data Transfers
StudioLedger is operated from Australia, but serves users globally.
7.1 Where Your Data Goes
- Primary storage: Australia (Supabase Australia region, if available)
- Backup/redundancy: May include US and EU regions (Supabase multi-region setup)
- Blockchain: XRPL is decentralized across the world; your transactions are visible everywhere
- IPFS: Distributed globally by nature of IPFS architecture
- KYC provider: May be US-based (Sumsub, Onfido have US operations)
7.2 EU Users & GDPR
If you are located in the EU, your personal data may be transferred to countries outside the EU/EEA (Australia, USA). These transfers are protected by:
- Standard Contractual Clauses (SCCs) — between StudioLedger and third-party processors
- Adequacy decisions — where applicable (EU-Australia, EU-US frameworks)
- Your explicit consent — for blockchain data transfers (inherent to using a global ledger)
We will ensure adequate safeguards are in place before any transfer. For details, contact privacy@studioledger.ai.
7.3 APEC Cross-Border Privacy Rules (CBPR)
StudioLedger complies with the APEC Cross-Border Privacy Rules framework, which governs data flows between Australia, the US, Japan, and other APEC economies.
8. Data Retention
8.1 Account Data
- Retained while your account is active — indefinitely
- Deleted upon account closure — within 30 days, except where legally required
- Exceptions: AML/CTF records retained for 7 years (statutory requirement); tax records retained as required by law
8.2 Transaction Records
- Retained indefinitely for compliance and dispute resolution
- AML/CTF records: 7 years (Anti-Money Laundering Act 2006)
- AUSTRAC reportable data: 7 years
- Tax records: As required by Australian Tax Office (typically 5 years)
8.3 KYC/AML Verification Data
- Biometric data (facial recognition): Deleted immediately after verification is complete (typically within 24 hours)
- Identity documents: Retained for 7 years (AML/CTF compliance)
- Verification results: Retained for 7 years
8.4 Blockchain Data
- XRPL transactions: Permanent and irreversible (cannot be deleted)
- IPFS deliverables: Permanent and globally distributed (cannot be deleted; can only be made inaccessible locally)
- MCC tokens: Permanent (recorded on XRPL)
8.5 Dispute & Arbitration Records
- Retained indefinitely for enforcement and appeal purposes
- Can be accessed by involved parties upon request
8.6 Usage & Analytics Data
- Retained for up to 90 days (analytics)
- Aggregated data retained indefinitely (anonymous statistics)
9. Your Rights
9.1 Australian Privacy Principles (APPs) — For Australian Users
Under the Privacy Act 1988 (Australian Privacy Principles), you have the right to:
APP 1 — Right to Know
- What personal information we hold about you
- Contact us in writing (privacy@studioledger.ai) with a request for access
- We will provide the information within 14 days (or longer if complex)
- Fee: Reasonable costs only (typically free for first request)
APP 2 — Right to Correct
- Request correction of inaccurate or incomplete information
- We will update your information within 14 days
- If we disagree, we will add a correction note to your file
APP 3 — Right to Complain
- Lodge a complaint to the Office of the Australian Information Commissioner (OAIC)
- Website: https://www.oaic.gov.au/
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
- No fee required
APP 6 — Use and Disclosure
- Limit how we use and disclose your information
- We will only use it for the purposes stated (or related purposes)
- We will not sell your information to marketing companies
9.2 GDPR Rights — For EU Users
If you are in the EU, you have the following additional rights under the General Data Protection Regulation (GDPR):
Right of Access (Article 15)
- Request all personal data we hold about you
- We will provide it in a structured, commonly-used format within 30 days
- Free of charge
Right to Rectification (Article 16)
- Correct inaccurate or incomplete personal data
- We will do so within 30 days (or explain why we cannot)
Right to Erasure (Article 17) — "Right to be Forgotten"
- Request deletion of your personal data
- Limitations: We cannot delete data if:
- Required by law (AML/CTF Act, tax law, 7-year retention)
- Needed to perform the contract
- Required for legal proceedings
- Recorded on the blockchain (irreversible)
- We will explain our reason if we cannot comply
Right to Restrict Processing (Article 18)
- Request that we limit how we use your data (e.g., store it but don't actively process it)
- Applies when you dispute accuracy or we're unlawfully processing it
- We will comply within 30 days
Right to Data Portability (Article 20)
- Request your data in a portable, machine-readable format (CSV, JSON, etc.)
- We will provide it within 30 days
- You can then transfer it to another service
Right to Object (Article 21)
- Object to processing based on legitimate interests
- Applies to marketing, analytics, and profiling
- We will stop processing (except where required by law)
Right to Withdraw Consent (Article 7)
- Withdraw consent for marketing emails and optional data processing
- Click "Unsubscribe" in any marketing email
- Email privacy@studioledger.ai to withdraw consent
Right Not to Be Subject to Automated Decision-Making (Article 22)
- We do not use fully automated decision-making to make significant decisions about you
- Any automated screening (e.g., sanctions checks, fraud detection) is reviewed by a human
Right to Lodge a Complaint
- Contact your relevant Data Protection Authority (DPA)
- Examples:
- Ireland: Data Protection Commission (https://www.dataprotection.ie/)
- Germany: State Data Protection Commissioner
- France: CNIL (https://www.cnil.fr/)
- Etc. — find yours: https://edpb.ec.europa.eu/about-edpb/members_en
9.3 How to Exercise Your Rights
Submit all requests to: privacy@studioledger.ai
Include:
- Your full legal name
- Email address associated with your account
- Clear description of what you're requesting
- Any relevant order or reference number
We will:
- Acknowledge your request within 3 business days
- Respond fully within 14–30 days (depending on jurisdiction and complexity)
- Ask for proof of identity if necessary (to prevent unauthorized access)
9.4 Blockchain Data Rights Limitations
Important: Your rights to access, correct, and delete do NOT apply to blockchain data (XRPL transactions, IPFS hashes). This data is:
- Irreversible — cannot be modified or deleted
- Public — visible to everyone on the XRPL
- Permanent — recorded on a distributed ledger outside our control
You can view your own blockchain transactions by querying the XRPL, but we cannot delete them.
10. Cookies and Tracking
10.1 Session Cookies
We use session cookies to:
- Keep you logged in
- Remember your preferences
- Protect against cross-site request forgery (CSRF)
Type: First-party, necessary, not used for tracking Expiry: End of browser session (deleted when you close the browser)
10.2 Analytics Cookies
We may use analytics tools (Google Analytics or equivalent) to:
- Track how many users visit each page
- Measure user engagement and time on site
- Identify popular features and areas for improvement
- Detect errors and performance issues
Anonymized: These cookies do not directly identify you; they assign you a random ID Consent: Optional (you can opt out)
10.3 Third-Party Cookies
Third-party services (Google OAuth, Supabase, Vercel) may set their own cookies. Consult their privacy policies:
- Google: https://policies.google.com/privacy
- Supabase: https://supabase.com/privacy
- Vercel: https://vercel.com/legal/privacy-policy
10.4 Cookie Preferences
Most browsers allow you to:
- Delete all cookies
- Block specific types of cookies
- Receive a warning before accepting cookies
We recommend disabling analytics cookies if you prefer maximum privacy (core functionality will not be affected).
10.5 Do Not Track (DNT)
Some browsers send a "Do Not Track" signal. We honor this signal by not loading analytics scripts if DNT is enabled.
11. Security Measures
We implement industry-standard security controls:
11.1 Data Encryption
- In Transit: HTTPS/TLS 1.3 on all web connections
- At Rest: AES-256 encryption for sensitive data (passwords, seeds, secrets)
- Database: Supabase encryption at rest (AES-256 by default)
11.2 Access Controls
- Role-based access: Only employees with a legitimate need can access personal data
- Authentication: Multi-factor authentication (MFA) for staff accounts
- Logging: All access to sensitive data is logged and monitored
- Principle of least privilege: Staff have minimal necessary access
11.3 Wallet Security
- Seed phrases: Encrypted with AES-256, never transmitted unencrypted
- Private keys: Never stored in plaintext; generated client-side when possible
- Xaman signing: All transactions signed by the user's Xaman app (seed not exposed to servers)
11.4 Application Security
- Input validation: All user inputs validated server-side to prevent injection attacks
- Rate limiting: API endpoints rate-limited to prevent brute force attacks
- CORS: Cross-origin requests restricted to authorized domains
- Security headers: Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options enabled
- Bug bounty: We welcome responsible disclosure of security vulnerabilities (contact security@studioledger.ai)
11.5 Incident Response
If a data breach occurs:
- We will investigate immediately
- Notify affected users within 30 days (or sooner if possible)
- Notify regulators as required by law
- Provide steps to protect affected data
11.6 Limitations
No security system is 100% foolproof. Blockchain data, once recorded, is inherently public and cannot be made private.
12. Children and Minors
StudioLedger is not intended for users under 18 years old.
We do not knowingly collect personal information from minors. If we discover we have collected data from someone under 18, we will delete it immediately.
If you are under 18: Do not use this platform. If you believe a minor's data has been collected, contact privacy@studioledger.ai.
For parents/guardians: If your child has created an account, contact us immediately, and we will assist in account deletion.
13. Changes to This Policy
We may update this Privacy Policy to:
- Reflect changes in our practices
- Comply with new laws or regulations
- Improve clarity and transparency
13.1 Notification
- Minor changes: Updated without notice (clarifications, formatting)
- Material changes: Announced at least 30 days in advance via:
- Email to your registered address
- Banner on the Platform
- Updated "Last Updated" date
13.2 Your Options
If you disagree with material changes:
- You may request account closure
- All rights (including data portability) remain available
- You cannot undo blockchain transactions
14. Contact Us
14.1 Privacy Questions or Requests
Email: privacy@studioledger.ai Response time: 3 business days acknowledgment; 14–30 days full response
Mailing address: StudioLedger Pty Ltd / StudioLedger Australia
14.2 Complaints
To StudioLedger (first step): Email privacy@studioledger.ai with details of your complaint
To regulators (if unsatisfied):
Australia: Office of the Australian Information Commissioner (OAIC)
- Website: https://www.oaic.gov.au/
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
EU: Your relevant Data Protection Authority (find yours: https://edpb.ec.europa.eu/about-edpb/members_en)
15. Glossary
| Term | Definition |
|---|---|
| AML/CTF | Anti-Money Laundering / Counter-Terrorism Financing compliance (Australian law) |
| AUSTRAC | Australian Transaction Reports and Analysis Centre (regulator) |
| Blockchain | Distributed ledger technology; in our case, the XRP Ledger (XRPL) |
| Cookies | Small data files stored on your browser; used for authentication and analytics |
| GDPR | General Data Protection Regulation (EU privacy law) |
| IPFS | InterPlanetary File System; distributed, content-addressed storage |
| KYC | Know Your Customer; identity verification process |
| MCC | Minted Craft Credential; NFT proof of completed work on XRPL |
| Memo field | Optional text data included in XRPL transactions (visible on blockchain) |
| OAuth | Secure login method using a third-party provider (e.g., Google) |
| Personal data | Information that identifies or can identify you (name, email, wallet address, etc.) |
| PII | Personally Identifiable Information (subset of personal data) |
| Sanctions | Government restrictions on transactions with certain individuals or countries |
| Special category data | Sensitive data (biometrics, race, health, etc.) requiring extra protection |
| Travel Rule | Regulatory requirement to share customer info for high-value crypto transfers |
| Trust line | XRPL mechanism to enable trading of issued currencies |
| XRPL | XRP Ledger; public blockchain used by StudioLedger for settlement |
16. Acknowledgments
This Privacy Policy is compliant with:
- Australian Privacy Act 1988 (Australian Privacy Principles / APPs)
- Privacy (Australian Consumer Law) Amendment Regulations 2023
- GDPR (EU General Data Protection Regulation) — Articles 4, 6, 9, 13–22, 32–34
- APEC Cross-Border Privacy Rules (CBPR)
- Payment Card Industry Data Security Standard (PCI DSS) — where applicable
- AUSTRAC Compliance Obligations
Document Information
| Field | Value |
|---|---|
| Document Name | StudioLedger Privacy Policy |
| Version | 1.0 |
| Effective Date | March 2026 |
| Last Updated | March 22, 2026 |
| Operator | StudioLedger Pty Ltd (Remy Ruozzi) |
| Contact | privacy@studioledger.ai |
| Status | TEMPLATE — Requires Legal Review Before Production Use |
⚠️ CRITICAL DISCLAIMER
This Privacy Policy is a template document and has NOT been reviewed by a qualified privacy lawyer. Before deploying this policy in production:
- Have it reviewed by a licensed Australian privacy lawyer (preferably with international/blockchain experience)
- Have GDPR compliance reviewed by an EU Data Protection specialist
- Ensure alignment with your actual data practices — if the policy says you don't do something, you must not do it
- Customize jurisdiction-specific sections based on your operational reality
- Update contact details and legal entity name to match your organization
- Review third-party integrations (KYC vendors, hosting providers, etc.) and confirm their privacy practices match our commitments
- Have AUSTRAC compliance verified before accepting high-value transactions
- Implement all promised security controls before launch
Do not use this document as final legal guidance. Consult qualified legal counsel in both Australia and your users' jurisdictions.
StudioLedger Pty Ltd | ACN 696 549 809 | ABN 31 696 549 809
End of Privacy Policy