Privacy Policy.

What we collect, how we use it, who we share it with, and how to exercise your rights under Australian privacy law.

1. Who we are

This Site is operated by Mark Di Paola, trading as Money, Markets & Mayhem ("we", "us", "our"). We are based in Australia. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs").

2. What we collect

We collect only the personal information we reasonably need to provide the Site and Services.

a. Information you give us

• Email address — when you sign up for the newsletter, request a notification for a coming product, or book a call.
• Name — when you book a 1:1 call.
• Topic notes — optional free-text you submit describing what you'd like to discuss on a call.
• Payment information — collected directly by our payment processors (see section 4). We do not see or store your card number, CVV, expiry, or wallet credentials.
• Email replies and other correspondence if you contact us.

b. Information collected automatically

• Server logs from our host (Vercel): IP address, user-agent string, request timestamps, and the URL you requested. Used for security, abuse prevention, and operating the Site.
• Cookies and similar technology — minimal. The Site uses functional cookies (e.g. to remember a chosen theme). We do not load advertising or cross-site tracking pixels by default.

3. How we use it

We use personal information to:

• Deliver what you asked for — send the newsletter, fulfil a paid download, confirm a booking;
• Process your payment and provide receipts;
• Send transactional emails (booking confirmations, calendar invites, refund updates, download links);
• Send the newsletter to people who have subscribed (you can unsubscribe at any time via the link in every email);
• Respond to your support enquiries;
• Operate, secure, and improve the Site;
• Comply with our legal and tax obligations.

We do not sell your personal information. We do not share it with advertisers for cross-site behavioural advertising.

4. Who we share it with

We use the following third-party service providers to operate the Site and Services. Each receives only the information they need to do their job, and each is subject to their own privacy policy and security practices.

• Stripe — card payment processing. stripe.com/privacy
• NowPayments — Bitcoin payment processing. nowpayments.io/privacy-policy
• Cal.com — call scheduling and calendar invites. cal.com/privacy
• Resend — transactional email delivery. resend.com/legal/privacy-policy
• beehiiv — newsletter delivery and subscriber analytics. beehiiv.com/privacy
• Vercel — site hosting and edge logs. vercel.com/legal/privacy-policy
• Google (YouTube Data API) — used to fetch public metadata for our own YouTube videos. No personal information about you is sent to Google.

Some of these providers are based outside Australia (e.g. United States, European Union). By using the Site you consent to your information being processed in those jurisdictions for the purposes described above. Each provider is bound by its own contractual and legal privacy obligations.

5. How long we keep it

• Newsletter subscribers — held by beehiiv until you unsubscribe or ask us to delete you.
• Booking and payment records — retained for a minimum of 7 years to meet Australian tax and accounting record-keeping obligations.
• Support correspondence — retained as long as reasonably necessary, typically 24 months.
• Server logs — typically rotated within 30 days by our host.

6. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These include: HTTPS across the entire Site, payment data handled only by PCI-compliant processors, server-side validation of webhooks, secrets kept in encrypted environment variables, and access limited on a need-to-know basis. No online system can be guaranteed perfectly secure, but we treat your information with care.

7. Your rights

Under the Australian Privacy Principles you have the right to:

• Access — request a copy of the personal information we hold about you;
• Correction — ask us to correct information that is inaccurate, out of date, incomplete, or misleading;
• Deletion — ask us to delete your information, subject to records we must retain by law (e.g. tax records);
• Unsubscribe — opt out of newsletters at any time;
• Complain — if you think we've mishandled your information, contact us first; if you're not satisfied, you may complain to the Office of the Australian Information Commissioner (OAIC).

To exercise these rights, email hello@moneymarketsmayhem.com. We may need to verify your identity before acting on a request. We aim to respond within 30 days.

8. Children

The Site is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be flagged via the newsletter or on the Site. Continued use of the Site after a change constitutes acceptance of the revised policy.

10. Contact

Privacy questions or requests: hello@moneymarketsmayhem.com.