Privacy Policy

Website: https://www.nbh.co and https://nbhos.app
Type of business: Diamond HubSpot Solutions Partner specialising in CRM, marketing, sales automation, and AI-powered business solutions
Effective Date: 26th day of February, 2026 (Updated)

This Privacy Policy applies to https://www.nbh.co and https://nbhos.app (collectively, the “Sites”), which are owned and operated by Neighbourhood Pty Ltd (ABN to be confirmed). The data controller is Neighbourhood Pty Ltd. You may contact us at:

• Email: weare (at) nbh.co
• Phone: 1300 716 141
• Mailing Address: Level 2, Suite 2B, 130 Commercial Road, Tenerife, Queensland, Australia

By using our Sites, you agree to the conditions set out in this Privacy Policy.

1. Scope and Compliance

We are committed to protecting your personal data in accordance with:

• The Australian Privacy Principles (APPs) under the Privacy Act 1988.
• The General Data Protection Regulation (GDPR) for users in the European Union (EU) and the United Kingdom (UK).
• The California Consumer Privacy Act (CCPA), if and to the extent it applies to personal data of California residents.

2. Legal Basis for Processing (GDPR)

For users in the EU/UK, we only collect and process personal data when we have a valid legal basis under Article 6 of the GDPR. This includes:

• When you have provided consent to processing for specific purposes.
• When processing is necessary for our legitimate interests (unless overridden by your fundamental rights and freedoms), such as for the conduct of business or marketing.

3. Personal Data We Collect

We collect only the data necessary for the purposes described in this Privacy Policy.

Automatically Collected Data

• IP address
• Approximate location (city, state, country) based on IP
• Clicked links
• Content viewed
• Browser type and device information

Data Collected in a Non-Automatic Way

• First and last name
• Email address
• Phone number
• Company name and job title
• Auto-fill data through forms on our Sites (via HubSpot)

4. How We Use Personal Data

Collected data is used for:

• Marketing & Sales Analytics (e.g., analysing how visitors use our Sites)
• Communication (e.g., responding to inquiries or requests)
• Service delivery (e.g., managing client projects and CRM operations)

For users who have provided contact details, we may also track:

• Email opens and clicks
• Website interactions
• Invoice openings and payments (to manage client billing and track invoice statuses within HubSpot)
• Remarketing and conversion tracking

5. Artificial Intelligence and Automated Processing

We use artificial intelligence (AI) tools to support our internal business operations, including content creation, data analysis, and workflow automation. These tools are provided by third-party AI service providers, including:

• Anthropic (Claude)
• OpenAI (GPT)
• Google (Gemini)

How we safeguard your data when using AI:

• All AI providers we use operate under zero data retention policies — your personal data is not stored by AI providers after processing.
• AI tools are used to assist our team, not to make automated decisions that produce legal effects or similarly significant effects on individuals.
• We do not use AI for profiling that would affect your rights or freedoms.
• Personal data shared with AI tools is limited to what is strictly necessary for the task at hand.

If you have concerns about how AI is used in relation to your data, please contact us.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods vary by data type:

• Website analytics data: up to 14 months
• Marketing contact data: up to 2 years from last engagement
• Client and project data: up to 5 years from the end of the engagement
• Financial and billing records: up to 7 years (as required by Australian tax law)

You may request deletion of your data at any time before these periods expire by contacting us via email, phone, or the methods described below. Where a legal obligation requires us to retain data for longer, we will inform you of the applicable retention period.

7. How to Access, Modify, Delete, or Challenge Collected Data

If you wish to:

• Confirm whether we hold any personal data about you.
• Access, correct, or delete your personal data.
• Exercise any other rights under the GDPR or the Privacy Act 1988.

You may contact us by email at weare (at) nbh.co or by phone at 1300 716 141. You may also write to our physical address. We accept data subject requests through any reasonable method of communication and will respond within 30 days.

8. Disclosure of Personal Data

We may disclose personal data:

• Internally to our employees who need it for legitimate business or compliance purposes.
• Externally to certain third parties under the following conditions:
  • HubSpot — CRM, data storage, analytics, marketing automation, and form submissions.
  • Google — website analytics, advertising, and conversion tracking.
  • Anthropic, OpenAI, and Google Gemini — AI-assisted business operations (under zero data retention agreements).
  • Resend — transactional email delivery.
  • DigitalOcean — cloud infrastructure and hosting.
  • Slack — internal team communications and notifications.
  • Professional advisors (e.g., auditors, legal advisors, insurers) under strict confidentiality and solely for legitimate business or legal requirements.

We will not sell or share your personal data except in the following situations:

• If the law requires it.
• If necessary for legal proceedings.
• To protect our rights.
• In the event of a company sale or merger.

9. International Data Transfers

We may transfer personal data to countries such as the United States (where many of our service providers are based). When we do, we rely on the following to protect your information:

• Adequacy decisions by the relevant data-protection authority, where applicable.
• Standard Contractual Clauses (SCCs) or equivalent safeguards, ensuring GDPR and/or APP compliance.

10. Use of Cookies

We use cookies to:

• Remember your preferences (functional cookies).
• Analyse site use (analytical cookies).
• Personalise marketing (targeting cookies).
• Facilitate engagement tracking using third-party cookies from HubSpot and Google.

You can disable cookies or opt out of certain types of tracking through your browser settings or by clicking “unsubscribe” in marketing emails.

11. Australian Privacy Principles (APP)

In addition to GDPR obligations, we adhere to the APPs under the Privacy Act 1988 and are regulated by the Office of the Australian Information Commissioner (OAIC). If you believe we have breached the APPs, you may lodge a complaint with us or directly with the OAIC.

12. CCPA (California Residents)

If the CCPA applies to you, you may have additional rights (e.g., right to know, delete, or opt out of the sale of personal information). Please contact us to exercise any applicable rights under California law.

13. Data Security Measures

We use industry-standard safeguards such as SSL/TLS encryption to protect data in transit and restrict data access internally. Where possible, data is encrypted at rest within HubSpot and other systems. Access to personal data is limited to authorised personnel who require it for business operations.

Additional security measures include:

• Cookie-based authentication gating on all internal applications
• Regular access reviews and formal offboarding procedures
• Device-level security enforced via mobile device management (MDM)

14. Data Breach Notification

We have an internal procedure for handling data breaches. If a breach compromising your personal data occurs:

• We will notify relevant supervisory authorities and affected individuals within 72 hours, if required by law.
• We will provide details specifying the nature of the breach and any recommended steps for affected users to protect themselves further.

15. Children’s Privacy

We do not knowingly collect or use personal data from children under 16 years of age. If we learn that a child under 16 has provided personal data, we will delete it as soon as possible unless we have a legal obligation to retain it.

16. Liability and Third-Party Links

Our Sites may contain links to other websites. We are not responsible for the privacy policies or practices of linked sites. We accept no liability for their usage of your data. We recommend that you review the privacy policies of any third-party sites you visit.

17. Modifications

We may amend this Privacy Policy from time to time to remain compliant with the law or to reflect changes in our data collection practices. When we update our Privacy Policy, we will revise the “Effective Date” at the top. In some cases, we may also notify you via email.

18. Contact Information

If you have any questions, concerns, or complaints about our Privacy Policy or data handling practices, you can contact our Data Protection Officer:

• Name: Trav White
• Email: weare (at) nbh.co
• Phone: 1300 716 141
• Address: Level 2, Suite 2B, 130 Commercial Road, Tenerife, Queensland, Australia

You can also direct general inquiries to us at weare (at) nbh.co or the phone number above.