Legal // Data Protection

Privacy Policy

Last updated: 11 July 2026

This Privacy Policy explains how GTA Sensei (“we”, “us”, “our”) collects, uses, stores and protects your personal information when you visit [YOURDOMAIN.COM], purchase our digital products, or interact with our content. We comply with the Australian Privacy Act 1988 (Cth) and, where applicable, the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).


1. Who We Are

GTA Sensei operates this website and sells digital products, including downloadable guides, audio content and related resources. We are based in Sydney, Australia. For the purposes of applicable privacy law, we act as the data controller of the personal information described in this policy.

2. Information We Collect

Information you provide directly

  • Contact details — your name and email address when you make a purchase, subscribe to our mailing list, or contact us.
  • Purchase information — records of the digital products you buy from us.
  • Communications — messages you send us via email or contact forms.

Information collected automatically

  • Device and usage data — IP address, browser type, operating system, pages visited, time on page and referring URLs.
  • Analytics data — anonymised behavioural data such as clicks, scrolling and session recordings collected through our analytics tools (see Section 6).
  • Advertising data — event data used to measure the performance of our advertising campaigns.

We do not collect or store your full payment card details. Our payment processor handles these securely (see Section 5).

3. How We Use Your Information

We use your personal information to:

  • Process your orders and deliver digital products to your email address.
  • Send transactional emails such as receipts, download links and order updates.
  • Send marketing emails only where you have opted in, with an unsubscribe link in every message.
  • Respond to your questions, requests and support enquiries.
  • Analyse site performance and improve our products, content and user experience.
  • Measure and optimise our advertising campaigns.
  • Detect, prevent and address fraud, abuse and security issues.
  • Comply with our legal and tax obligations.

Where the GDPR applies, we rely on the following legal bases: performance of a contract (order processing and delivery), consent (marketing emails and non-essential cookies), legitimate interests (analytics, security and site improvement) and legal obligation (tax and accounting records).

4. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the site and understand how visitors use it. These include:

  • Essential cookies — required for core site functions such as checkout. These cannot be switched off.
  • Analytics cookies — help us understand site traffic and user behaviour so we can improve the experience.
  • Advertising cookies — allow us to measure ad performance and show relevant ads on third-party platforms.

You can control or delete cookies through your browser settings. Blocking some cookies may affect how parts of the site work. Where required by law, we display a cookie consent notice and honour your choices.

5. Payments

We process payments through Stripe, a PCI-DSS Level 1 certified payment processor. When you make a purchase, you provide your payment details directly to Stripe. We never see or store your full card number. Stripe’s handling of your data is governed by the Stripe Privacy Policy.

6. Third-Party Services

We work with a small number of trusted service providers who process data on our behalf:

  • Stripe — payment processing.
  • Meta (Facebook) Pixel — advertising measurement and campaign optimisation.
  • Microsoft Clarity — anonymised session analytics such as heatmaps and scroll behaviour.
  • Cloudflare — website hosting, content delivery and security.
  • [EMAIL PROVIDER, e.g. Gmail / your ESP] — product delivery and email communication.

Each provider is bound by its own privacy policy and only receives the data necessary to perform its service. We do not sell your personal information to anyone.

7. Data Retention & Security

We keep personal information only as long as we need it for the purposes described in this policy. Order and tax records are retained for a minimum of five years as required by Australian law. Marketing data is kept until you unsubscribe or ask us to delete it.

We protect your data with industry-standard measures, including HTTPS encryption across the entire site, secure third-party infrastructure and access controls limiting who can view personal information. No method of transmission over the internet is 100% secure, but we take reasonable steps to safeguard your data and will notify you and the relevant regulator of any eligible data breach as required by law.

8. International Data Transfers

We are based in Australia, and some of our service providers operate in other countries, including the United States. Where your data is transferred internationally, we rely on the safeguards our providers maintain, such as standard contractual clauses and equivalent protections, to keep your information secure.

9. Your Privacy Rights

Depending on where you live, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — ask us to delete your personal information, subject to legal retention requirements.
  • Objection & restriction — object to or restrict certain processing, including direct marketing.
  • Portability — receive your data in a structured, machine-readable format (GDPR).
  • Opt out of sale or sharing — we do not sell personal information; California residents may still submit an opt-out request (CCPA).
  • Withdraw consent — withdraw consent at any time where processing relies on it, such as unsubscribing from emails.

To exercise any of these rights, contact us through the website. We respond within 30 days. Australian residents may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

10. Children’s Privacy

Our website and products are not directed at children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. We will post the updated version on this page and revise the “Last updated” date above. Significant changes will be highlighted on the site or, where appropriate, notified to you by email.