Privacy Policy

1. Scope & Application

This Privacy Policy applies to all personal information collected by Protocol Labsin connection with Neil the Seal Official through the Website (neiltheseal.com), the Cone Run game, and our merchandise store (“Store”).

By using our Website, Game, or Store, you consent to the collection and handling of your personal information as described in this Policy. If you do not agree with this Policy, please do not use our services or provide us with your personal information.

2. Personal Information We Collect

We may collect the following categories of personal information:

2.1 Identity & Contact Information

• Full name
• Email address
• Phone number (if provided)
• Billing and shipping addresses

2.2 Transaction & Order Information

• Order history and purchase records
• Payment method type (e.g., Visa, Mastercard — we do not store full card numbers)
• Transaction reference numbers
• Product preferences and cart data

2.3 Technical & Usage Information

• IP address and approximate geographic location
• Browser type and version
• Device type, operating system, and screen resolution
• Pages visited, links clicked, and time spent on the Website
• Referring URL (how you arrived at our Website)
• Session identifiers and cookie data

2.4 Communications

• Messages sent to us via contact forms or email
• Newsletter subscription preferences
• Feedback and correspondence

2.5 Sensitive Information

We do not intentionally collect sensitive information (as defined under the Privacy Act, including health, religious, political, or biometric information). If you inadvertently include sensitive information in communications to us, we will handle it in accordance with applicable privacy laws.

3. How We Collect Information

3.1 Directly From You

We collect personal information directly from you when you:

• Place an order in the Store;
• Create an account (if applicable);
• Subscribe to our newsletter;
• Contact us via form, email, or social media;
• Participate in any promotions or competitions;
• Submit feedback.

3.2 Automatically

We automatically collect certain technical information when you access the Website, including through cookies, web beacons, and similar tracking technologies (see clause 4).

3.3 From Third Parties

We may receive information about you from third-party service providers such as our payment processor (Stripe), shipping partners, and analytics providers. We will only use information received from third parties in accordance with this Policy and applicable law.

4. Cookies & Tracking Technologies

4.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences and understand how you interact with the site.

4.2 Cookies We Use

4.3 Local Storage

We use browser localStorage to store your shopping cart data and game high scores locally on your device. This data is not transmitted to our servers unless you complete a purchase. You can clear this data at any time through your browser settings.

4.4 Managing Cookies

You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect Website functionality. For more information about managing cookies, visit www.allaboutcookies.org.

5. Game Data

The Cone Run game stores game state, high scores, and settings exclusively in your device's browser localStorage. This data:

• Is stored only on your device and is not transmitted to our servers;
• Does not include any personally identifiable information;
• Is not shared with third parties;
• Can be cleared at any time by clearing your browser's site data.

If you choose to share your score using the in-game “Share Score” feature, the sharing is performed by your device's native sharing mechanism or clipboard. We do not receive or store any information through this feature.

6. Why We Collect & Use Your Information

We collect and use personal information for the following purposes:

• To process and fulfil orders — including shipping, payment processing, and order confirmation;
• To communicate with you — including sending order updates, responding to enquiries, and providing customer support;
• To operate and improve the Website and Game — including analysing usage patterns, fixing bugs, and enhancing user experience;
• To send marketing communications — where you have opted in or where permitted by law (see clause 9);
• To prevent fraud and maintain security — including detecting and preventing fraudulent transactions and unauthorised access;
• To comply with legal obligations — including record-keeping, tax, and regulatory requirements;
• For analytics and research — to understand our audience and improve our products and services.

We will not use your personal information for any purpose that is incompatible with the purpose for which it was collected without your consent or as required by law.

7. Disclosure to Third Parties

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may disclose your personal information to the following categories of third parties, only to the extent necessary:

• Payment processors (Stripe) — to process your payments securely;
• Shipping and logistics providers — to deliver your orders (name and address shared only);
• Email marketing platforms — to send newsletters and transactional emails (e.g., Mailchimp or similar), subject to your preferences;
• Analytics providers — to analyse website traffic and usage (anonymised/aggregated where possible);
• Cloud hosting providers — to host the Website and store operational data;
• Legal and professional advisors — where required for legal proceedings or regulatory compliance;
• Law enforcement and regulatory bodies — where required or authorised by law.

We take reasonable steps to ensure that third-party service providers with access to your personal information are bound by appropriate privacy and confidentiality obligations.

8. Overseas Transfers

Some of our service providers may be located outside of Australia (including in the United States and European Union). When we disclose your personal information to overseas recipients, we take reasonable steps to ensure that the recipient handles your information in a manner consistent with the Australian Privacy Principles.

Notably, Stripe (our payment processor) is based in the United States and is subject to its own Privacy Policy and applicable US law. By completing a purchase, you acknowledge that your payment data will be processed by Stripe outside of Australia.

9. Direct Marketing

9.1 Opting In

We will only send you marketing communications (newsletters, promotions, product updates) where you have:

• Explicitly subscribed to our newsletter; or
• Made a purchase and have not opted out of marketing communications from us (where permitted under the Spam Act 2003 (Cth)).

9.2 Opting Out

You can opt out of marketing communications at any time by clicking the “Unsubscribe” link in any marketing email, or by contacting us at privacy@neiltheseal.com. We will process your request within 5 business days. Please note that opting out of marketing communications will not affect receipt of transactional or service-related emails (e.g., order confirmations, shipping updates).

10. Data Security

We implement reasonable technical and organisational security measures to protect your personal information from unauthorised access, loss, misuse, alteration, or disclosure. These measures include:

• TLS/SSL encryption for all data transmitted between your browser and our Website;
• PCI-DSS compliant payment processing via Stripe (we do not store card numbers);
• Access controls limiting who can access personal information within our organisation;
• Regular review of our security practices.

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security and do not accept liability for unauthorised access or security breaches that are beyond our reasonable control.

In the event of an eligible data breach, we will comply with our notification obligations under the Notifiable Data Breaches scheme in the Privacy Act 1988.

11. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by law. In general:

• Order records: retained for a minimum of 7 years for tax and accounting purposes;
• Customer account data: retained while your account is active and for a reasonable period after;
• Marketing consent records: retained until you withdraw consent and for a reasonable period after;
• Website analytics data: typically anonymised or deleted after 26 months.

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.

12. Your Rights: Access & Correction

12.1 Right of Access

Under APP 12, you have the right to access the personal information we hold about you. To request access, please contact us in writing at privacy@neiltheseal.com. We will respond within 30 days. In most cases, access is provided free of charge; however, we may charge a reasonable fee for complex requests.

12.2 Right of Correction

Under APP 13, you may request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will act on your request within 30 days.

12.3 Right of Deletion

Subject to our legal obligations (e.g., mandatory record retention), you may request that we delete personal information we hold about you. We will consider all such requests and notify you of the outcome.

13. Complaints

If you believe we have not handled your personal information in accordance with this Policy or the Privacy Act, please contact us first at privacy@neiltheseal.com. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

14. Children's Privacy

Our Website and Game are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13 without verified parental or guardian consent.

If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately at privacy@neiltheseal.com and we will take steps to delete that information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any changes will be posted on this page with a revised “Last updated” date. We encourage you to review this Policy periodically. For material changes, we may notify you by email or a prominent notice on the Website.

16. Contact Us

For any privacy-related questions, requests, or complaints, please contact our Privacy Officer: