Greg Mason
Contact now

Privacy Policy

Last Updated: April 2, 2026

Introduction

This document sets out the privacy policy of Greg Mason (referred to in this privacy policy as ‘we’, ‘us’, or ‘our’). For the purposes of applicable data protection law, (in particular, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and the UK Data Protection Act 2018), your data will be controlled by us.

This privacy policy applies whenever we collect your personal information and/or personal data (your personal data). This includes between you, the visitor to this website (whether directly as our customer or as personnel of our customer), and us, the owner and provider of this website, and provider of privacy coaching and related consulting services (including smart home privacy consulting) and also where we are directed by a third party to process your personal data. This privacy policy applies to our use of any and all data collected by us or provided by you in relation to your use of the website and the provision of our services to you.

We take our privacy obligations seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data in connection with your use of our website. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

For Australian clients, we aim to handle personal information in a way that is consistent with the Australian Privacy Principles in the Privacy Act 1988 (Cth), in addition to any obligations we may have under overseas data protection laws (such as the EU/UK GDPR).

Types of personal information we collect

The personal data we collect may include the following:

  1. your name or pseudonym;

  2. email address;

  3. your Signal username or other contact details you choose to provide;

  4. limited information about your circumstances that you choose to share so we can provide the Services (for example, your general privacy goals or the types of devices and platforms you use);

  5. records of our communications with you, including emails and session notes;

  6. payment‑related information you provide to us or to our third‑party payment providers (for example, that you have paid an invoice), but we do not directly collect or store full payment card details; and

  7. any other information you choose to provide to us that is reasonably necessary for us to provide the Services or operate our website.

How we collect personal information

We endeavour to ensure that information we collect is complete, accurate, accessible and not subject to unauthorised access.

We may collect personal data either directly from you, or from third parties, including when you:

  1. contact us through our website or via any forms we make available (for example, Formbricks forms);

  2. communicate with us via email, Signal, or other messaging tools we choose to use;

  3. engage us to provide privacy coaching or related services;

  4. pay our invoices or otherwise provide payment information;

  5. interact with our website, content and any online booking tools we use; and

  6. subscribe to our mailing list or respond to surveys or feedback requests (for example, Formbricks forms).

We may collect limited technical information when you use or access our website (for example, basic server logs). If we use web analytics tools, cookies or similar technologies, we will describe these in our Cookie Policy.

Use of your personal information

We collect and use personal data for the following purposes:

  1. to provide our privacy coaching and related services, and any information you request;

  2. for record keeping, administration, and to operate and improve our website and Services;

  3. to comply with our legal obligations, resolve disputes or enforce our agreements;

  4. where we have your consent, to send you updates, resources or information that may be of interest to you (you can opt out at any time);

  5. for our legitimate interests including:

  • to understand how clients use our Services and improve them;

  • to send you administrative messages, reminders, notices and updates; and

  • to consider applications if you ever seek to work with us.

Sharing your data

We may share your personal data in certain circumstances, as follows:

  1. where there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal data and non-personal data contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances;

  2. disclosures required by law or regulation;

  3. service providers and other affiliated third parties to enable us to provide our services to you including other professional advisers such as accountants, disaster recovery service providers or auditors and/or overseas counsel; and

  4. service providers we use to operate our business and deliver the Services, such as our website hosting provider Yola (based in the United States), Cookiebot by Usercentrics for consent management, Formbricks for forms and surveys, accounting software, Signal and SimpleX for communications, payment processors (for example, PayPal or card processors), and email service providers (such as Proton).

Security

We take reasonable steps to ensure your personal data is secure and protected from misuse or unauthorised access. Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems. However, we cannot guarantee the security of your personal data, and you are responsible for maintaining the security of your own devices, accounts and passphrases, and for following our recommendations in a way that is appropriate to your circumstances.

Links

Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.

Your rights

Depending on where you are located, you may have certain rights in relation to your personal data (for example, under the EU/UK GDPR or other local laws). These may include the rights described below.

You have various rights with respect to our use of your personal data:

  1. Access: You have the right to obtain access to your information (if we’re processing it) and certain other information (similar to that provided in this privacy notice). This is so that you’re aware and can check that we’re using your information in accordance with data protection law.

  2. Be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this privacy policy.

  3. Rectification: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using our contact form to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.

  4. Objecting: You also have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing.

  5. Restricting: You have the right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information but may not use it further.

  6. Erasure: You have the right to ask us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.

  7. Portability: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.

  8. Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority. In the UK, the supervisory authority is the Information Commissioner’s Office. In Australia, you can also raise concerns with the Office of the Australian Information Commissioner (OAIC).

  9. Withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your personal data for marketing purposes.

You may, at any time, exercise any of the above rights, by contacting us.

How long we keep data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will securely destroy your personal data in accordance with applicable laws and regulations. For example, we may keep basic records of our interactions and your invoices for up to 7 years for tax and record‑keeping purposes.

If you would like further information about our specific retention periods for your personal data, please contact us.

Transfers outside the European Economic Area ('EEA')

To provide our services, we may transfer the personal data we collect to countries outside of the UK or EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection.

When we do this, we will make sure that it is protected to the same extent as in the EEA and UK as we will put in place appropriate safeguards to protect your personal data, which may include standard contractual clauses.

Some of our service providers (for example, our website hosting provider) are located outside Australia, the UK and the EEA, including in the United States. When we transfer personal data internationally, we take steps to protect it as described above.

For more information, please contact us.

Questions & Contact

For further information about our privacy policy or practices, or to access or correct your personal data, or make a complaint, please contact us using the details set out on the Contact page.

We may change this privacy policy from time to time by posting an updated copy on our website and we encourage you to check our website regularly to ensure that you are aware of our most current privacy policy. Where we make any significant changes, we will endeavour to notify you by email.