Privacy Policy
Privacy Policy
Last Updated: January 1, 2026
Effective Date: January 1, 2026
When you use our Services, you’re trusting us to handle your personal information with care. We take that trust seriously. This Privacy Policy explains how Joe Bones (“Joe Bones,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information in connection with our website at joe-bones.com (the “Site”), our newsletter, blog, digital products, consultation services, and all associated features, applications, and content (collectively, the “Services”).
KEY PRIVACY POINTS
We encourage you to read this entire Privacy Policy, but here are some highlights:
We don’t sell your data. We do not sell your personal information to third parties.
Minimal data collection. We collect only what is reasonably necessary to operate, improve, and secure our Services.
Limited third-party sharing. We use a small number of trusted service providers (such as email platforms, analytics tools, and payment processors).
You have rights. Depending on where you live, you may have rights to access, correct, delete, or restrict the use of your personal information.
Security matters. We use technical and organizational safeguards to protect your information.
Global compliance. We comply with applicable privacy laws, including Australian Privacy Principles (APPs), GDPR, and the CCPA where applicable.
If you have questions or concerns, you can contact us through our contact page.
TABLE OF CONTENTS
- Information We Collect
- Use of Information
- Disclosure of Information
- Your Rights and Choices
- Details for Californians (CCPA)
- Details for Australians
- Details for European Residents (GDPR)
- Telephone and Text Message Communications (TCPA)
- International Data Transfers
- Data Retention
- Protection of Information
- Children Under 13
- Updates and Changes to This Policy
- Contacting Us
1. INFORMATION WE COLLECT
a. Information You Provide to Us
You may provide us with the following types of information:
Identifiers, such as your name, email address, phone number, and mailing address
Account information, such as username and password
Payment information, such as credit card details (processed and stored by third-party payment processors)
Commercial information, including:
- Records of purchases or subscriptions
- Transaction history
- Communication preferences
Communication content, such as emails, messages, feedback forms, or survey responses
Professional or business information, if you engage us for consultation or advisory services (e.g., organization name, project scope, technical requirements)
Audio or visual information, such as recordings of calls or meetings, only where you have provided explicit consent
Rough geolocation, inferred from IP address
Inferences, drawn from the information above to improve Services or personalize communications
b. Cookies and Other Technologies
We and our service providers may collect information automatically using technologies such as cookies, web beacons, local storage, and similar tools. This may include:
- IP address
- Browser type and operating system
- Device identifiers
- Pages viewed, links clicked, and interactions with the Site
You can manage cookies through your browser settings or via any cookie preference tools available on the Site.
c. Information From Third Parties
We may receive information from third parties, including:
- Service providers (payment processors, email platforms, analytics providers)
- Publicly available sources
- Referral sources (where applicable)
If combined information identifies you, we treat it as personal information under this Policy.
2. USE OF INFORMATION
We use personal information to:
- Provide and operate the Services
- Process payments and transactions
- Manage accounts, subscriptions, and communications
- Send newsletters, updates, or marketing communications (where permitted)
- Respond to inquiries and provide customer support
- Improve the functionality, performance, and content of the Site
- Conduct consultation or advisory services
- Maintain security, prevent fraud, and protect against misuse
- Comply with legal, tax, and regulatory obligations
- Establish, exercise, or defend legal rights
- Create aggregated or de-identified data for analytical or research purposes
Legal Basis for Processing (GDPR)
For individuals in the EEA or UK, we process personal data under the following legal bases:
- Contract performance: Processing necessary to provide Services you’ve requested
- Consent: Where you have given explicit consent for specific processing
- Legal obligation: Where we must process data to comply with legal requirements
- Legitimate interests: Where processing is necessary for our legitimate business interests (such as improving Services, ensuring security, and preventing fraud) and does not override your fundamental rights
3. DISCLOSURE OF INFORMATION
We may disclose personal information as follows:
a. Service Providers
We share information with vendors that help us operate the Services, such as:
- Payment processors
- Email and communication platforms
- Website hosting and analytics providers
- Cloud storage and security services
All service providers are contractually required to protect your information and use it only for specified purposes.
b. With Your Consent
We may disclose information when you explicitly authorize us to do so.
c. Legal Requirements
We may disclose information if required to do so by law, regulation, subpoena, or court order, or if necessary to protect the rights, safety, or property of Joe Bones or others.
d. Business Transfers
If we undergo a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction, subject to the same privacy protections.
e. Aggregated or De-Identified Information
We may share information that has been aggregated or de-identified so it cannot reasonably identify you.
4. YOUR RIGHTS AND CHOICES
a. Marketing Communications
You can unsubscribe from marketing emails at any time using the unsubscribe link in our emails or by contacting us through our website.
b. Cookies
You may disable cookies through your browser settings, though some features of the Site may not function properly.
c. Privacy Rights
Depending on your location, you may have the right to:
- Access your personal information
- Correct inaccurate information
- Request deletion of certain data
- Restrict or object to processing
- Request data portability (receive your information in a portable format)
- Withdraw consent for processing based on consent
- Lodge a complaint with a supervisory authority
We may need to verify your identity before responding to requests. To exercise these rights, contact us through our website.
5. DETAILS FOR CALIFORNIANS (CCPA)
California residents have rights under the California Consumer Privacy Act (CCPA).
During the 12 months leading up to the effective date of this Privacy Policy, we collected the following categories of personal information:
| Category of Personal Information | Disclosed To |
|---|---|
| Identifiers (name, email, phone, address) | Service providers |
| Financial information (payment details) | Payment processors |
| Commercial information (transaction records) | Service providers |
| Internet activity (website usage data) | Service providers, analytics providers |
| Geolocation data (from IP address) | Service providers |
| Audio/visual information (recordings with consent) | Service providers |
| Inferences drawn from the above | Service providers |
We do not “sell” or “share” personal information as those terms are defined under the CCPA. We do not sell or share information of individuals under 16 years of age.
California residents have additional rights under the CCPA, including:
- The right to know what personal information we collect
- The right to request deletion
- The right to opt out of sales or sharing (though we don’t engage in these practices)
- The right to non-discrimination for exercising privacy rights
6. DETAILS FOR AUSTRALIANS
For users in Australia:
- We comply with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
- You may request access to or correction of your personal information
- You may lodge complaints with the Office of the Australian Information Commissioner (OAIC)
7. DETAILS FOR EUROPEAN RESIDENTS (GDPR)
If you are located in the EEA, UK, or Switzerland, you have rights under GDPR.
Your Rights Under GDPR
- Right of access: You can request confirmation of whether we process your personal data and obtain a copy
- Right to rectification: You can request correction of inaccurate personal data
- Right to erasure (“right to be forgotten”): You can request deletion of your personal data in certain circumstances
- Right to restriction of processing: You can request that we limit how we use your data
- Right to data portability: You can request to receive your data in a structured, commonly used format
- Right to object: You can object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time
- Right not to be subject to automated decision-making: You have the right not to be subject to decisions based solely on automated processing
- Right to lodge a complaint: You can file a complaint with your local data protection authority
Cross-Border Transfers
If we transfer your data outside the EEA/UK, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions recognizing equivalent data protection
- Your explicit consent for the transfer
Supervisory Authority
You have the right to lodge a complaint with your data protection authority. For UK residents, this is the Information Commissioner’s Office (ICO). For EEA residents, contact your national data protection authority.
8. TELEPHONE AND TEXT MESSAGE COMMUNICATIONS (TCPA)
Consent to Communications
By providing your telephone number to us, you acknowledge and agree to the following:
Service-Related Communications: We may contact you via telephone calls or text messages (SMS/MMS) regarding:
- Account confirmations and updates
- Transaction confirmations
- Service-related notifications
- Payment and billing matters
Marketing Communications: We will only send you promotional or marketing text messages if you have provided express written consent.
Your Rights Under TCPA
- You are not required to consent to marketing texts as a condition of using our Services
- You may opt out at any time by replying STOP to any marketing text message
- You will not be charged by us for receiving text messages, but message and data rates from your carrier may apply
- We will not share your phone number with third parties for their marketing purposes
Revocation of Consent
You may revoke your consent for non-service-related calls or texts at any time by:
- Replying STOP to any text message
- Contacting us through our website
- Updating your communication preferences
Important: Opting out of marketing communications will not affect service-related notifications.
9. INTERNATIONAL DATA TRANSFERS
We are based in Australia. If you access our Services from outside Australia, your information may be transferred to, stored, and processed in Australia or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.
For transfers from the European Economic Area (EEA) or UK, we implement appropriate safeguards such as Standard Contractual Clauses to protect your information in accordance with GDPR requirements.
10. DATA RETENTION
We retain your information for as long as necessary to:
- Provide Services to you
- Comply with legal and regulatory obligations
- Resolve disputes and enforce agreements
After retention periods expire, we securely delete or anonymize your information.
11. PROTECTION OF INFORMATION
We implement physical, technical, and administrative safeguards to protect your information, including:
- Encrypted data transmission (SSL/TLS)
- Secure cloud storage with encryption at rest
- Access controls and authentication measures
- Regular security assessments
- Staff training on data protection
However, no system is completely secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.
12. CHILDREN UNDER 13
Our Services are not directed to children under 13 (or 16 in the EEA/UK). If you believe a child has provided us with personal information without appropriate consent, please contact us through our website so we can address the situation appropriately.
13. UPDATES AND CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will post updated versions on our website with a new effective date. Significant changes will be communicated to you via email or prominent notice on our website.
For EEA/UK residents, where changes require new consent or materially affect your rights, we will obtain your consent or provide appropriate notice as required by GDPR.
14. CONTACTING US
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us through the contact page on our website.