Legal

Privacy Policy

Last updated: March 2026

Last updated: 20 April 2026

This privacy policy explains how Ehtisham Saeed ("I", "me", "my") collects, uses, stores, and shares personal information through the ehtishamsaeed.com/ website and related services including the RTOGrow product suite, RTO Scanner, and digital marketing services delivered through Everyshot.

Related: RTO Case Studies

Related: How Australian RTOs Are Actually Winning in 2026

This policy is written to align with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). Although I am based in Pakistan, clients are Australian RTOs and the services are delivered in the Australian context — so Australian privacy standards apply.

1. What personal information I collect

I collect personal information in the following ways:

Information you provide directly

  • Contact forms and booking forms: name, email, phone number, RTO name, RTO code, enquiry details, meeting preferences
  • Email correspondence: any information you include in emails, WhatsApp messages, or LinkedIn messages to me
  • Strategy calls: information you share during discovery calls, including business context, strategic goals, financial context (if disclosed), and operational details
  • Newsletter subscriptions: email address and any profile information provided
  • RTO Scanner submissions: URLs you scan (no personal information captured for the Scanner unless you provide it separately)
  • Client onboarding: for engaged clients, additional operational and business information necessary for service delivery

Information collected automatically

  • Website analytics: pages visited, referral source, device type, browser, approximate location (city-level from IP), session duration — collected via Google Analytics 4
  • Cookies: session cookies for website functionality, analytics cookies, and advertising cookies (for retargeting) where consented to
  • Server logs: IP address, user agent, request timestamps, pages requested — standard web server logging retained for up to 30 days

2. How I use personal information

  • Responding to enquiries and scheduling strategy calls
  • Delivering marketing services to engaged clients
  • Providing access to RTOGrow products (RTOGrow SMS, Easy RTO, Expertle, RTO Scanner) to registered users
  • Sending service-related communications (appointment confirmations, invoices, account notifications)
  • Sending marketing communications (newsletter, product announcements) where you have opted in
  • Improving website and product experience through analytics
  • Protecting against fraud, misuse, and security threats
  • Complying with legal obligations

3. Legal basis for processing

Under Australian Privacy Principles, personal information is processed on the following bases:

  • Consent — where you have provided explicit consent (newsletter subscription, advertising cookies)
  • Legitimate business interest — responding to enquiries, delivering services you requested, protecting security
  • Contractual necessity — delivering services to engaged clients
  • Legal obligation — tax records, regulatory compliance, lawful requests from authorities

4. Where personal information is stored

Client data and operational systems use Australian data residency where possible. Specifically:

  • Client website hosting: Australian hosting providers unless the client specifies otherwise
  • RTOGrow SMS: Supabase with Australian regional deployment for client RTO data
  • Email and business operations: Google Workspace with data residency configured appropriately
  • Booking and calendar: LeadConnector (GoHighLevel) — US-based, with data processing agreements in place
  • Analytics: Google Analytics 4 — US-based with EU-US/AU data protection frameworks
  • Marketing automation: mixed US and Australian providers, details provided to engaged clients on request

Some international data transfers occur (for tools like LeadConnector, Google Analytics, Stripe for payments). Where this happens, contracts include appropriate data protection provisions.

5. Who I share personal information with

Personal information is shared in the following situations:

  • Service providers (sub-processors): tools used to deliver services, including web hosting providers, Google (Workspace and Analytics), LeadConnector (booking), Stripe (payments), and email delivery services. These providers process data under contractual restrictions and cannot use the data for their own purposes.
  • Engaged clients’ authorised personnel: for marketing services, relevant information is shared with the client’s designated team members
  • Legal and regulatory requests: where required by Australian law, court orders, or regulatory authorities
  • Business transfers: if the business is transferred or merged, personal information may be transferred to the acquiring entity subject to the same privacy commitments

Personal information is never sold to third parties. Personal information is never shared with other clients or competitors.

6. How long personal information is retained

  • Enquiry data from contact forms: 24 months from last contact, then deleted unless escalated to active client status
  • Newsletter subscriber data: until unsubscribed, then deleted within 30 days of unsubscribe
  • Client records: retained for the duration of the engagement plus 7 years for business and tax record compliance (Australian Tax Office requirement)
  • Analytics data: 26-month default retention in Google Analytics 4
  • Server logs: 30 days
  • RTOGrow SMS client RTO data: retained for the duration of the subscription plus data export window (90 days after cancellation), then deleted unless extended retention is requested by the client for compliance purposes

7. Your rights under Australian Privacy Principles

You have the right to:

  • Access the personal information held about you
  • Request correction of inaccurate personal information
  • Request deletion of personal information (subject to legal retention requirements)
  • Opt out of marketing communications at any time
  • Object to processing on legitimate interest grounds
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe privacy obligations have been breached

To exercise any of these rights, email contact@ehtishamsaeed.com. Requests are responded to within 30 days.

8. Cookies and tracking technologies

This website uses cookies and similar tracking technologies:

  • Essential cookies: required for website functionality — cannot be disabled
  • Analytics cookies: Google Analytics 4 for understanding website usage — opted in on first visit
  • Advertising cookies: retargeting pixels (Google Ads, LinkedIn, Meta where active) — opted in on first visit, can be managed through browser settings

Cookie preferences can be managed through the cookie consent banner displayed on first visit, or by clearing cookies and revisiting the site.

9. Security measures

Personal information is protected through:

  • SSL/TLS encryption on all data transmission
  • Secure password management for all service accounts
  • Two-factor authentication on critical business systems
  • Role-based access control where multiple team members access systems
  • Regular security updates for WordPress, plugins, and managed services
  • Supabase Row Level Security for RTOGrow SMS data isolation

No system can guarantee 100 percent security. In the event of a data breach affecting your personal information, you will be notified as soon as practicable and within timeframes required by applicable law.

10. Children’s privacy

This website and the services offered are intended for business decision-makers at Australian RTOs (adults). Personal information is not knowingly collected from children under 18. If personal information of a child under 18 has been collected inadvertently, it will be deleted upon notification.

11. Changes to this privacy policy

This privacy policy may be updated to reflect changes in operational practices, sub-processors, or legal requirements. The “Last updated” date at the top of this policy reflects the most recent revision. Significant changes will be communicated via email to active clients and newsletter subscribers.

12. Contact

Questions, concerns, or requests regarding personal information and privacy: See also: Frequently Asked Questions.

For complaints under Australian Privacy Principles that cannot be resolved directly, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.