section 01
who we are
stralvox is a done-for-you cold email outreach service for marketing agencies, run by a sole founder (Aevert Forsyth De Ruijter, "Vert") based in Adelaide, South Australia, Australia. throughout this policy, "stralvox", "we", "us" and "our" refer to that business.
for any privacy question, request or complaint, we are the point of contact (in legal terms, the data controller for personal information we decide how and why to handle):
- business: Stralvox — a sole-founder business based in Adelaide, South Australia, Australia
- postal address & ABN: available on request — email us and we'll provide them
- email: stralvox@stralvox.com
- website: stralvox.com
what's in this policy
section 02
what we collect & why
we keep data collection deliberately small. on our own website there are no accounts to create, nothing to buy, and no logins. here is everything we actually collect:
| what | what's in it | why we collect it |
|---|---|---|
| contact form | your name, agency name, work email, and the message you write. submitted through a form handled by Netlify (our website host). | so we can read your enquiry and reply to you. that's the only reason. |
| calendly bookings | your name, email, the time you pick, and anything you type into the booking form, when you book a call via our Calendly link. | to schedule and run the call you booked, and send reminders. |
| analytics (microsoft clarity) | how you use the site — pages viewed, clicks, scrolling, approximate location, device/browser, and anonymised session recordings (replays of mouse movement and navigation). set via cookies. see section 03. | to understand what's confusing or working on the site so we can improve it. |
| emails you send us | whatever you include when you email stralvox@stralvox.com directly. | to correspond with you and keep a record of our conversation. |
| client data (during delivery) | if you become a client: details you give us to run your campaigns — your ideal customer profile, target lists, inbox replies, and outreach results. | to deliver the outreach service you've hired us for. |
we do not collect payment card details on the website, we do not run advertising pixels, and we do not sell your personal information to anyone. (note: this is separate from the cold-email prospect data we process on behalf of the outreach service, which is explained in section 06.)
section 03
cookies & analytics
a cookie is a small file a website stores in your browser. we use a single analytics tool — Microsoft Clarity — and the cookies that come with it.
what microsoft clarity does
Clarity helps us see how people use stralvox.com — which parts get attention, where people get stuck — through aggregated heatmaps and session recordings. Microsoft (which provides Clarity) acts as a processor of that data and may also use it in line with its own privacy practices. Clarity sets cookies such as _clck, _clsk and CLID to recognise sessions. Microsoft generally retains Clarity data for up to about 30 days.
consent — eu, uk & similar regions
analytics and session-recording cookies are not "strictly necessary", so under the eu/uk e-privacy rules (PECR in the uk) they require your consent. if you are visiting from the european economic area, the uk or switzerland, Clarity should only run after you opt in.
the live site currently loads Microsoft Clarity immediately, before any consent is asked for. to be compliant for eu/uk/swiss visitors you need a cookie consent banner that blocks Clarity until the visitor agrees (and Microsoft now expects consent signalling for these regions). until a banner is added, this section is aspirational, not accurate — get this sorted with a consent tool before relying on the policy.
how to control cookies
you can clear or block cookies in your browser settings at any time, and most browsers let you refuse them. blocking cookies won't stop you using the site. you can also turn on a "do not track" / global privacy control signal in your browser; where the law requires us to honour it, we will treat it as an opt-out.
section 04
lawful basis for eu & uk visitors (gdpr / uk gdpr)
if you're in the eu or uk, data protection law says we must have a valid "lawful basis" for each thing we do with your personal data. here's ours, in plain terms:
- replying to your contact form or email, and running a call you booked — lawful basis: legitimate interests (art. 6(1)(f)) and, where relevant, steps to enter a contract (art. 6(1)(b)). you asked us to get in touch, so handling your details to respond is expected.
- analytics cookies / Microsoft Clarity — lawful basis: consent (art. 6(1)(a)), which you can withdraw at any time.
- delivering the service to clients — lawful basis: contract (art. 6(1)(b)).
- cold outreach to business prospects — lawful basis: legitimate interests (art. 6(1)(f)) in promoting a relevant b2b service to the right person, balanced against their rights, with an easy opt-out in every message. see section 06.
where we rely on legitimate interests, you have the right to object — just tell us and we'll stop unless we have an overriding lawful reason to continue. where we rely on consent, you can withdraw it at any time without affecting anything we did before you withdrew.
section 05
who we share data with (our service providers)
we don't sell your data. we do use a small set of trusted third-party tools to run the business. each one only gets the data it needs, and processes it on our behalf. these providers are mostly based in, or store data in, the united states.
| provider | what they handle for us |
|---|---|
| Netlify | hosts stralvox.com and processes contact-form submissions (your name, agency, email, message). |
| Microsoft Clarity | website analytics, heatmaps and session recordings (see section 03). |
| Calendly | scheduling — handles your name, email and chosen time when you book a call. |
| Apollo | b2b data source we use to find and verify business contact details of prospects for cold outreach (see section 06). |
| Instantly | the platform we use to send cold outreach emails and manage replies on campaigns. |
| Zoho Mail | our business email inbox (stralvox@stralvox.com), used to correspond with you. |
we may also disclose personal information if the law requires it (for example, a valid legal request), or to protect our rights, safety, or property. if stralvox is ever sold or transferred, personal information may pass to the new owner under the same protections.
these providers update their own sub-processors and data locations from time to time. for the current detail you can check each provider's own privacy and sub-processor pages.
section 06
prospect data & cold email outreach
a core part of what stralvox does is send cold business-to-business emails on behalf of marketing-agency clients. if you received an email from us or from a domain we run, this section explains how your information is used.
what we process and where it comes from
for outreach campaigns we handle business contact information — typically a person's name, job title, business email address, and company — sourced from b2b data providers such as Apollo. we only target people whose professional role is relevant to the offer being promoted. we do not send to personal/consumer email addresses for this purpose, and we don't knowingly process special-category (sensitive) data for outreach.
your choices if we've emailed you
- opt out any time. every outreach email includes a way to opt out / unsubscribe. we honour opt-outs promptly and add you to a suppression list so you aren't contacted again.
- ask us to delete you. email stralvox@stralvox.com and we'll remove your details (see section 08).
- find out more. you can ask where we got your details and why you were contacted.
the rules we work to
cold email is regulated differently in each country, and we aim to follow the rules that apply to the recipient:
- australia (spam act 2003): b2b outreach relies on inferred or express consent, must clearly identify the sender, and must offer a working unsubscribe that stays live for at least 30 days and that we action within 5 business days.
- us (can-spam): accurate sender and subject details, a valid physical postal address in the message, no deceptive headers, and a clear opt-out that we honour within 10 business days.
- eu / uk (gdpr & uk gdpr): we rely on legitimate interests for relevant b2b contact, disclose how we got your data on request, and provide an easy opt-out and objection route.
- canada (casl): casl is stricter and generally needs express or implied consent for commercial messages to businesses; we apply added caution for canadian recipients.
for us recipients, can-spam requires every outreach email to identify the sender, include a valid physical postal address, and offer a clear opt-out that is honoured promptly — the standards our campaigns operate to.
when you are a client, you control your target lists and your offer; for that outreach data, stralvox acts as your service provider / processor and you remain responsible for the lawful basis to contact those prospects. we'll set the specifics out in your client agreement.
section 07
how long we keep data
we keep personal information only as long as we genuinely need it, then delete it. as a guide:
- contact-form & email enquiries: kept while we're in conversation and for a reasonable period after, so we have a record. if nothing comes of it, we delete it (typically within about 24 months).
- calendly bookings: kept for the booking and our follow-up, then removed when no longer needed.
- analytics (Clarity): retained by Microsoft for roughly 30 days.
- prospect / outreach data: kept only for the active campaign; opt-outs are kept on a suppression list indefinitely so we can keep honouring your choice not to be contacted.
- client data: kept for the length of our engagement and a reasonable period afterward, or as our agreement and the law require.
these are good-faith estimates and may change. if you want your data removed sooner, just ask (see section 08).
section 08
your rights & how to ask
depending on where you live, you have rights over your personal information. wherever you are, we'll do our best to honour these requests:
- access — ask for a copy of the personal data we hold about you.
- correction — ask us to fix anything inaccurate or out of date.
- erasure / deletion — ask us to delete your data (some records may need to be kept where the law requires).
- opt out / object — opt out of cold outreach, or object to processing based on legitimate interests.
- withdraw consent — for anything based on consent, such as analytics cookies.
- portability / restriction — where the law gives you these, ask us to limit processing or provide your data in a portable form.
- no discrimination — we won't treat you worse for exercising any of these rights.
how to make a request
email stralvox@stralvox.com with what you'd like. we may need to confirm who you are before acting, to protect your data. we aim to respond within a reasonable time and within the deadlines the law sets (generally within 30 days; for eu/uk requests, within one month).
complaints
if you're unhappy with how we've handled your data, please tell us first so we can put it right. you also have the right to complain to a regulator:
- australia: the Office of the Australian Information Commissioner (OAIC), oaic.gov.au.
- uk: the Information Commissioner's Office (ICO), ico.org.uk.
- eu: your local data protection authority.
section 09
australian privacy act note
stralvox is based in Australia. we aim to handle personal information consistently with the Australian Privacy Principles (APPs) under the Privacy Act 1988, even where a strict reading of the law might not yet require it of a small business.
historically, many small businesses (broadly, those with under AU$3 million annual turnover) have been exempt from much of the Privacy Act. the government has agreed in principle to remove that exemption as part of a future round of reforms, so we've chosen to follow the principles now rather than wait. that means: being open about what we collect, collecting only what we need, keeping it reasonably secure, and giving you access and correction rights.
as of mid-2026 the general small-business exemption has NOT yet been repealed and the government has not set a firm date — it's part of a "second tranche" of reforms still being worked on. (a separate, targeted change from 1 july 2026 brings sectors like real estate agents, lawyers and accountants under the Act via anti-money-laundering rules, but that doesn't apply to stralvox.) so the line above is a deliberate choice to act ahead of the law, not a current legal obligation. confirm the latest status with a lawyer before publishing — and once you have an ABN/registered address, add them in section 01.
we also follow the Spam Act 2003 and the ACMA's rules for commercial email, including identifying the sender and offering a working unsubscribe (see section 06).
section 10
california (ccpa / cpra) note
if you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you rights over your personal information, including the right to know what we collect, the right to delete it, the right to correct it, and the right to opt out of the "sale" or "sharing" of personal information.
we do not sell your personal information, and we do not share it for cross-context behavioural advertising. because of that, we don't run a "Do Not Sell or Share My Personal Information" page — there's nothing to opt out of in that sense. we still honour browser-based opt-out signals (like Global Privacy Control) where the law requires.
the categories of personal information we collect, the reasons, and who we share it with are all listed in section 02 and section 05. to exercise any California right, email stralvox@stralvox.com; we won't discriminate against you for doing so.
section 11
security, international transfers & children
security
we take reasonable steps to protect personal information — limited access, reputable providers, and sensible account security. but no method of storage or transmission over the internet is 100% secure, so we can't guarantee absolute security.
international transfers
we operate from Australia and use tools run by overseas providers — for example Netlify, Microsoft Clarity, Calendly, Apollo and Instantly (largely US-based), and Zoho Mail (which operates globally). that means your information may be stored or processed outside your home country, including in the United States. where the law requires safeguards for those transfers (for example, eu/uk standard contractual clauses), we rely on the protections offered by those providers.
children
stralvox is a business-to-business service. our website and services are not directed to anyone under 16, and we don't knowingly collect their personal information. if you believe a child has given us data, contact us and we'll delete it.
section 12
changes to this policy & how to contact us
we may update this policy as our business, tools or the law change. when we do, we'll change the "last updated" date at the top. for significant changes we'll try to make it obvious on the site. please check back from time to time.
questions, requests or complaints about privacy? email us — a real person reads it.
last updated: 16 june 2026