Legal

Privacy Policy

How Sora Solutions collects, uses, stores and discloses personal information. Drafted to comply with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles.

1. Who we are

Sora Business Solutions ("Sora", "we", "us", "our") is an Australian marketing and technology agency trading as Sora Solutions, based in Newcastle, NSW. We help Australian service businesses with websites, SEO, paid ads, CRM, and automation.

This policy explains how we handle personal information collected through sorasolution.com and any associated services — booking calls, lead forms, CRM enquiries, email, SMS, and our client portals.

2. Information we collect

We collect personal information you give us directly — for example when you submit a lead form, book a call, sign up for a guide, email or call us, or sign a service agreement. This typically includes:

  • Name, business name, email, phone number
  • Trade or industry, suburb, business goals
  • Information about your current website, marketing, or operations
  • Billing information for paid services (collected by Stripe / Square — Sora does not store full card numbers)
  • Any other details you choose to share in conversation with us

We also collect information automatically when you visit our site:

  • IP address, browser type, device type, operating system
  • Pages visited, time on site, how you arrived (referrer, ad click identifiers)
  • Cookies and similar tracking technologies — see Section 6

3. How we use your information

We use the information we collect to:

  • Respond to enquiries, schedule calls, and provide quotes
  • Deliver the services you've engaged us for
  • Send service updates, invoices, and onboarding communications
  • Send marketing communications where you've consented (you can unsubscribe at any time — see Section 7)
  • Improve our website, marketing, and services using aggregated analytics
  • Meet our legal obligations (tax, record-keeping, anti-spam compliance)

4. Disclosure to third parties

We disclose personal information only to trusted service providers that help us run the business, under contracts that require them to protect your data. These include:

  • GoHighLevel — our CRM platform. Stores contact records, conversation history, and booking data.
  • Google (Workspace, Analytics, Ads, Search Console, Business Profile) — email, website analytics, ad delivery, and search performance.
  • Meta Platforms (Facebook, Instagram) — via the Meta Pixel for ad attribution and audience building, and the Meta Ads platform for delivering our ads. Meta receives hashed identifiers (e.g. email hashes) when you submit forms, in accordance with Meta's Business Tools terms.
  • Stripe and Square — payment processors. They handle card details directly under PCI-DSS; we never see your full card number.
  • Vercel and AWS — cloud hosting providers for our website and applications.
  • Sentry — application error monitoring. Personal information is scrubbed before transmission.
  • Twilio (via GoHighLevel) — SMS delivery.
  • Mailgun (via GoHighLevel) — email delivery.

We do not sell your personal information to anyone. We do not share it with third parties for their own marketing.

Some of these providers (notably Meta, Google, Stripe) are headquartered outside Australia, primarily in the United States. By using our site you consent to your personal information being transferred to and stored in those jurisdictions, which may have different privacy laws to Australia.

5. Storage and security

Personal information is stored in our service providers' systems (GoHighLevel, Google Workspace, Vercel, Stripe, etc.), all of which use industry-standard encryption in transit (TLS 1.2+) and at rest.

We take reasonable steps to protect the information we hold from misuse, interference, loss, unauthorised access, modification or disclosure — including access controls, two-factor authentication on admin accounts, and regular software updates.

We retain personal information only as long as needed to provide our services and meet legal, accounting, or reporting obligations. Inactive lead records are typically purged or anonymised within 24 months. Client records are retained for 7 years after the engagement ends, to comply with Australian tax law.

6. Cookies and tracking

Our website uses cookies and similar tracking technologies (pixels, local storage) for three purposes:

  • Essential — to make the website function (e.g. preserving form state).
  • Analytics — to understand how visitors use the site (Google Analytics).
  • Advertising — to measure the performance of our ads and show you relevant content on other platforms (Meta Pixel, Google Ads conversion tracking).

You can disable cookies in your browser settings, opt out of personalised ads via meta.com/about/ads (Meta) or adssettings.google.com (Google), or use private/incognito mode. Disabling cookies may affect site functionality.

7. Marketing communications and the Spam Act 2003

Where you provide consent (e.g. by submitting a form or booking a call), we may send you marketing emails or SMS related to our services. Every marketing message includes a clear opt-out. You can also email hello@sorasolution.com at any time to be removed from our marketing list.

Transactional communications about services you've engaged us for (e.g. invoices, appointment reminders) will continue regardless of marketing opt-out status, as permitted by the Spam Act.

8. Your rights under the Australian Privacy Principles

Under the Privacy Act 1988 (Cth) you have the right to:

  • Access the personal information we hold about you
  • Request that we correct any inaccurate or incomplete information
  • Request that we delete your personal information (subject to our legal retention obligations)
  • Withdraw consent for marketing communications at any time
  • Make a complaint about how we've handled your personal information

To exercise any of these rights, email hello@sorasolution.com with the subject "Privacy request". We'll respond within 30 days.

If you're not satisfied with how we've handled your complaint, you can refer it to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or call 1300 363 992.

9. Children's privacy

Our services are aimed at business owners. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, please contact us and we'll delete it.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the bottom reflects the current version. Material changes will be communicated via our website or to clients directly. Continued use of our services after a change constitutes acceptance.

11. Contact us

For any privacy questions or requests:

Email: hello@sorasolution.com

Phone: +61 409 422 868

Postal address available on request via the above contact methods.

Last updated: 14 May 2026

Sora Business Solutions (trading as Sora Solutions) · Newcastle, NSW, Australia