Privacy Policy

Thank you for visiting Immersive Realities. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. Please read it carefully — if you do not agree with any part of this policy, please discontinue use of our website and services.

This policy applies to all information collected through our website at immreal.io and any related services, communications, or events (collectively, the "Services").

---

1. An Overview of Data Protection

General information

The following provides a straightforward overview of what happens with your personal data when you visit this website. "Personal data" means any information that can be used to identify you. For full details, please read the sections below.

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details appear in Section 2 of this policy.

How do we collect your data?

We collect data that you actively provide — for example, by completing our contact form. Other data is collected automatically by our systems when you visit the website, primarily technical information such as your browser type, operating system, and the time of access. This technical data is collected automatically upon your arrival at the site.

What do we use your data for?

Some data is used to ensure the website functions correctly. Other data may be used to analyse how visitors use the site. Contact enquiry data is used solely to respond to your enquiry and manage our consulting relationship with you.

What rights do you have regarding your data?

You have the right to receive information about the source, recipients, and purposes of your personal data at any time, free of charge. You also have the right to request rectification or deletion of that data. If you have consented to data processing, you may revoke that consent at any time. You also have the right to restrict processing under certain circumstances and to lodge a complaint with a supervisory authority. Please contact us at any time if you have questions about your privacy rights.

2. The Responsible Party

The party responsible for data processing on this website is:

The controller is the legal entity that determines the purposes and means of processing personal data.

Storage duration

Unless a specific retention period is stated elsewhere in this policy, your personal data will be held until the purpose for which it was collected no longer applies. If you request deletion or withdraw consent, your data will be deleted unless we have a legal obligation to retain it (for example, under applicable tax or commercial law). Deletion will occur once those obligations cease to apply.

3. Hosting

This website is hosted by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, United States). When you visit our website, your connection data is processed by Cloudflare's global network. This includes your IP address, browser information, and the pages you access. Cloudflare may also process this data in the United States and other countries where it operates infrastructure.

Cloudflare is used on the basis of our legitimate interest in delivering a reliable, fast, and secure website. All data transfers to Cloudflare are protected by appropriate safeguards including Cloudflare's Data Processing Addendum. For more information, see Cloudflare's Privacy Policy.

Data processing agreement

We have entered into a Data Processing Agreement with Cloudflare, which ensures that personal data of our website visitors is processed only in accordance with our instructions and applicable privacy law.

4. General Information and Your Rights

Data protection

We handle your personal data as confidential information and in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where our operations involve individuals in the European Union, we also apply relevant provisions of the General Data Protection Regulation (GDPR) as a matter of good practice.

Please note that data transmission over the internet is not completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security of information transmitted to us electronically.

SSL/TLS encryption

This website uses SSL/TLS encryption for all data transmission. You can recognise an encrypted connection by the "https://" prefix in your browser's address bar and the padlock icon. When encryption is active, any data you transmit to us cannot be read by third parties in transit.

Right to access, rectification, and erasure

Within the scope of applicable law, you have the right at any time to request information about your personal data — including its source, recipients, and the purpose of processing — free of charge. You may also have the right to have your data corrected or deleted. Contact us at any time to exercise these rights.

Right to restriction of processing

You have the right to request that we restrict the processing of your personal data in the following circumstances: if you dispute the accuracy of the data we hold; if the processing is unlawful but you prefer restriction to deletion; if we no longer need the data but you require it to establish, exercise, or defend a legal claim; or if you have objected to processing and we are considering whether our legitimate grounds override yours.

Right to object

Where data is processed on the basis of legitimate interests, you have the right to object at any time on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for a legal claim.

Right to lodge a complaint

If you believe we have mishandled your personal data, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

5. Data Recorded on This Website

Server log files

The provider of this website automatically collects and stores information in server log files that your browser transmits automatically. This includes:

• Browser type and version
• Operating system
• Referring URL
• Hostname or IP address of the accessing device
• Date and time of the request
• Pages accessed

This data is not merged with other data sources and is used solely to ensure reliable delivery and performance of the website. It is processed on the basis of our legitimate interest in maintaining a technically functional and secure website.

Contact form

If you submit an enquiry through our contact form, the information you provide — including your name, email address, company name, and the details of your enquiry — will be stored and used to respond to you. We will not share this information without your consent.

This data is processed to handle your pre-contractual or contractual request, or on the basis of our legitimate interest in responding effectively to enquiries. The information you submit will be retained until you request its deletion, withdraw your consent, or until the purpose for which it was collected no longer applies — subject to any mandatory legal retention obligations.

Email and direct communications

If you contact us by email, your message and any personal data it contains (such as your name and contact details) will be stored and used to handle your request. We do not share this data without your consent. Data is retained until the matter is resolved and for a reasonable period thereafter, subject to any legal retention requirements.

6. Analytics

This website uses Cloudflare Web Analytics, a privacy-first analytics service provided by Cloudflare, Inc. Cloudflare Web Analytics does not use cookies, does not track individual users across websites, and does not collect personally identifiable information. It provides aggregated, anonymised data about website traffic — such as page views, referral sources, and approximate geographic location at country level.

Because no personal data is collected or stored by Cloudflare Web Analytics, GDPR consent is not required for this tool. For more information, see Cloudflare Web Analytics.

7. Third-Party Services

Cloudflare Turnstile (spam protection)

Our contact form is protected by Cloudflare Turnstile, an accessibility-friendly alternative to traditional CAPTCHAs, provided by Cloudflare, Inc. Turnstile analyses browser signals to determine whether a submission is human, without tracking users or collecting personally identifiable information. For details, see Cloudflare Turnstile.

Resend (transactional email)

When you submit a contact form, confirmation and notification emails are delivered via Resend, a transactional email service operated by Resend Inc. (United States). Your email address and name are transmitted to Resend solely for the purpose of delivering these emails. Resend acts as a data processor on our behalf and is contractually required to protect your data. For details, see Resend's Privacy Policy.

LinkedIn

We maintain a company profile on LinkedIn, operated by LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). If you visit our LinkedIn profile or interact with LinkedIn content embedded on or linked from our website, LinkedIn may collect data about your visit in accordance with its own privacy policy. We recommend reviewing LinkedIn's Privacy Policy for details. We do not control LinkedIn's data processing activities.

8. Cross-Border Disclosure

Some of our service providers are located outside Australia, including in the United States. When we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle your information in a manner consistent with the Australian Privacy Principles (APP 8).

Current overseas service providers include:

• Cloudflare, Inc. (United States) — website hosting, CDN, security, analytics, and spam protection
• Resend Inc. (United States) — transactional email delivery
• LinkedIn Ireland Unlimited Company (Ireland) — social media presence

By providing us with your personal information, you consent to this cross-border disclosure.

9. Security of Personal Information

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

• Encrypted transmission of all data via HTTPS/TLS
• Website protection via Cloudflare's security infrastructure, including DDoS mitigation and WAF
• Spam and bot protection on our contact form via Cloudflare Turnstile
• Restricted internal access to personal information on a need-to-know basis
• Use of reputable, security-focused third-party service providers
• Regular review of our security practices

No method of transmission over the internet is completely secure. While we take all reasonable precautions, we cannot guarantee the absolute security of information you transmit to us.

10. Retention of Personal Information

We retain personal information for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Specifically:

• Contact enquiry data — retained for up to three years from the date of last contact, then securely deleted.
• Consulting engagement data — retained for the duration of the engagement and for a reasonable period thereafter, subject to any applicable legal or tax retention obligations.
• Server log files — retained for a short period for security and operational purposes, then deleted.

If you request deletion of your data or withdraw consent, we will delete your personal information unless a legal obligation requires us to retain it. Deletion will occur once those obligations cease to apply.

11. Your Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
• Request deletion of personal information we hold about you, subject to any legal obligations we have to retain it.
• Withdraw consent to processing at any time, where processing is based on your consent. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Complain about our handling of your personal information to us, or to the OAIC if you are unsatisfied with our response.

To exercise any of these rights, please contact us using the details in Section 12 below. We will respond within a reasonable time and in any event within 30 days.

12. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any third-party site you visit before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with a revised "last updated" date. We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or wish to make a privacy complaint, please contact us:

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

This Privacy Policy was last updated on 20 March 2026.