This Privacy Policy explains how Red Ox Digital Pty Ltd trading as LetterDrops (LetterDrops, we, us or our) collects, uses, holds and discloses personal information across our two products — LetterDrops campaigns and Shield. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we apply those standards to all of our customers and contacts whether or not we are formally an APP entity.
By visiting our website, requesting a quote, booking a campaign, subscribing to Shield, scanning a QR code on one of our postcards, receiving a postcard, or visiting a landing page we host, you acknowledge this Policy.
A note on Shield and our two roles.
For most of what we do, we decide how personal information is handled and this Policy governs it. But when Shield follows up your leads and customers, we act as a service provider to you (the tradie) — you decide who is contacted and what is said, and you are responsible for having the consents that requires. We handle that information on your instructions. See section 4.
1. Information we collect
From you, when you book or subscribe
- Your name, business name, ABN (where given), trade, mobile number and email.
- The area you want to target and details of your job site.
- Job photos and brand assets you supply for use on ads and postcards (logos, vehicle photos, before/after shots, testimonials).
- Billing details. Card details are processed by our payment provider. We do not see or store full card numbers on our own systems.
- Your communications with us (SMS, WhatsApp, email, and notes).
To choose who receives a postcard
- To select recipients for a LetterDrop, we use publicly available property and land-ownership information to identify owner-occupied homes nearest your job. We use this only to choose delivery addresses.
- Postcards are addressed to the home (for example, "The Homeowner") — not to a named individual. We do not print individuals' names from these sources on the postcards, and we do not build or sell a named contact list of recipients from this process.
From your campaign, while it is running
- QR code scans and visits to the landing page we host for you.
- Engagement signals from the Meta ad component: impressions, reach, clicks, frequency. This data is provided to us in aggregate by Meta.
Through Shield
- Information about your leads and callers that Shield processes on your behalf — see section 4.
Automatically, when you use our website
- Device, browser and operating system information, IP address, referrer URL, pages viewed, and time on page.
- Cookies and similar tracking technologies (see section 8).
Sensitive information
We do not seek to collect sensitive information (as defined by the Privacy Act). Please do not include health, racial, political or other sensitive information in your job photos, captions or messages to us.
2. How we use information
We use personal information to:
- Quote, design, print, deliver and advertise your campaign, and route inbound leads to your phone.
- Select delivery addresses for postcards near your job site.
- Run the Meta ad component of your campaign in a radius around your job site.
- Operate Shield for you, on your instructions (see section 4).
- Communicate with you about your campaign or subscription, proofs, delivery windows, results and invoices.
- Improve our designs, targeting, copy and reporting.
- Detect, prevent and respond to fraud, misuse, security incidents and disputes.
- Comply with our legal, tax, accounting and record-keeping obligations.
- Send you direct marketing about LetterDrops services, on the terms in section 7.
3. Postcard recipients, QR scanners and ad viewers
If a member of the public scans the QR code on your postcard, clicks on the Meta ad or visits a landing page we host for you, we collect limited personal information about that person, for example standard analytics about their device and browsing behaviour, and any contact details they choose to give.
We use that information only to:
- connect their enquiry to you;
- attribute leads to the campaign that produced them; and
- report aggregate campaign performance to you.
We do not sell that information, and we do not pass identifiable lead lists to any party other than you (the tradie who booked the campaign) and our service providers acting on our instructions.
If you have received a postcard and would prefer not to receive marketing mail selected by us in future, you can contact us (see section 11) and we will take reasonable steps to exclude your address from address sets we select.
4. Shield: leads and callers we handle for you
When you subscribe to Shield, it follows up your new enquiries automatically — for example rescuing a missed call, capturing a new web lead, turning a landline voicemail into a lead, or sending a review request. To do that, Shield processes personal information about your leads and customers, which may include:
- their phone number, name and any contact or enquiry details they provide;
- call metadata (calling number, date, time, duration) and, where applicable, voicemail or call recordings; and
- the content of messages exchanged with them through Shield.
Our role. For this information we act as a service provider to you. You decide who is contacted and what is said. You are responsible for having the authority and consents required under the Privacy Act, the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth), and the call-recording / surveillance laws of your state or territory. We handle this information on your instructions, use it to provide Shield to you, and do not use it for our own marketing or sell it.
If you are a member of the public and have a question or request about information held in Shield about you, please contact the business that messaged you (the tradie). You can also contact us (see section 11) and we will refer your request to that business and assist as a service provider.
5. Who we share it with
We share personal information with the following categories of recipient, only as needed to run your campaign or subscription:
- Print and distribution partners, including Australia Post and our printers, who handle production and delivery of postcards.
- Advertising platforms, principally Meta Platforms Inc. (Facebook and Instagram), which serves the digital component of your campaign.
- Messaging, telephony and call-handling providers, who power Shield's follow-up, deliver messages and handle calls and voicemail.
- Hosting, analytics and email providers, who power our website, landing pages and customer comms.
- Payment providers, who process invoices and card payments.
- Professional advisers (accountants, lawyers, auditors), where reasonably required.
- Government, regulators or law enforcement, where required or authorised by law.
- An acquirer or successor, if our business or assets are sold, restructured or merged.
We require our service providers to handle personal information consistently with this Policy and the APPs.
6. Overseas disclosure
Some of our service providers store or process data outside Australia. In particular, Meta is headquartered in the United States and operates infrastructure globally; some of our hosting, analytics, messaging and telephony providers may also operate in the United States, the European Union or other jurisdictions. Where this happens, we take reasonable steps to ensure those recipients handle personal information consistently with the APPs, but you should be aware that overseas privacy laws may differ from Australian law.
7. Direct marketing & the Spam Act
Our marketing to you. From time to time we may send you marketing communications about LetterDrops services, for example new offers, area availability or seasonal prompts. We send these in accordance with the Spam Act 2003 (Cth):
- We only send commercial electronic messages where we have your express or inferred consent (for example, because you are a customer or have asked for a quote).
- Every message identifies us and includes a functional unsubscribe option.
- You can opt out at any time by replying STOP, clicking the unsubscribe link, or emailing us (see section 11). Once you opt out we will action your request within five business days.
Postcards. The postcards we design are addressed to the home, not to a named individual, and are delivered by Australia Post. They are not commercial electronic messages, so the Spam Act does not apply to them.
Messages sent through Shield. Where Shield sends messages to your leads and customers, you are the sender for the purposes of the Spam Act and the Do Not Call Register Act. You are responsible for holding the necessary consent, identifying your business, and honouring opt-outs. We provide the tools to help you comply, but we are not the sender of those messages.
8. Cookies, pixels and analytics
We use cookies and similar technologies on our website and on the landing pages we host. These are used to:
- keep the site working (essential cookies);
- measure how the site is performing (analytics cookies); and
- allow us, and the tradie whose campaign you are viewing, to measure the effectiveness of Meta ads and to retarget visitors with related ads (advertising cookies, including the Meta Pixel).
You can disable cookies in your browser settings, and you can manage ad personalisation directly with Meta, Google and other ad networks. Some parts of the site may not work as intended if cookies are disabled.
9. Storage, security and retention
We store personal information on cloud-hosted services and in our internal business systems, protected by access controls, encryption in transit and reasonable administrative safeguards. No system is perfectly secure; we cannot guarantee absolute security but we take the steps a reasonable Australian small business is expected to take.
We retain personal information for as long as we need it for the purpose it was collected, plus any period required by law (for example, tax records under the Income Tax Assessment Act and related regulations are kept for at least five years). Campaign analytics, and lead and call data held in Shield, are retained for the period needed to provide the service and resolve disputes, and are then archived or de-identified. Where we hold lead and call data as a service provider, we will also action a reasonable deletion request from the tradie who controls it.
10. Access, correction and complaints
You have the right to:
- Access the personal information we hold about you.
- Correct information that is inaccurate, out of date or incomplete.
- Complain if you think we have mishandled your personal information.
Please send your request to the contact details in section 11. We will respond within a reasonable time (usually within 30 days). There is no charge for a routine access or correction request. Where the information is held through Shield on behalf of a tradie, we may need to refer your request to that business.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by phone on 1300 363 992.
11. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top of the page shows when it last changed. If we make a material change we will take reasonable steps to notify existing customers (for example, by email or a notice on the site) before the change takes effect.
12. Contact us
For privacy questions, access requests, corrections or complaints:
- Red Ox Digital Pty Ltd trading as LetterDrops
- Email: info@letterdrops.com.au
- SMS / WhatsApp: +61 494 720 298
- ACN: 690 623 646
Back to home