We use cookies to improve your experience. Essential cookies keep the site working; optional ones help us improve.

Contact us
Blog

Privacy Policy

Data Privacy & Compliance

Effective May 18, 2026

HEXONOVA PTY LTD (trading as HexoNOVA, ABN 76 679 691 028) respects your privacy and is committed to protecting your personal and health information.

This policy explains what information we collect, how we use it, who we share it with, and how you can access or correct it. It is written to align with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and includes the additional disclosures we are required to make about our use of third-party platforms and tools to deliver our services.

Who We Are

In this policy, "we", "us", and "our" refer to HexoNOVA (H).

  • HexoNOVA. 30 Mcculloch Street, Curtin, ACT, 2605, AU

Contact for privacy matters:

Email: privacy@hexonova.com.au

Phone: 0493123495

Data Security

We take reasonable steps to protect your information from misuse, loss, unauthorised access, modification, or disclosure. These steps include:

  • Secure storage of physical and electronic records
  • Password-protected access to our business management systems with role-based access controls
  • Encrypted connections (HTTPS / TLS) for data we send to and receive from our website
  • Encryption at rest for the customer data held by our platform provider
  • Staff training on privacy and confidentiality
  • Regular review of our data handling practices and the data handling practices of the providers we depend on

No system is perfectly secure. If a data breach affecting your information occurs and we assess it is likely to result in serious harm to you, we will follow the Notifiable Data Breaches Scheme under Part IIIC of the Privacy Act 1988 (Cth) — notifying you and the Office of the Australian Information Commissioner where the threshold is met, and taking steps to contain and remediate the breach.

How We Communicate With You

We may contact you by email, SMS, or WhatsApp where you have given us your details and consented to receive those communications, or where the message is a transactional one you would reasonably expect (for example, a booking confirmation or an order receipt). You can stop receiving marketing communications at any time:

  • Email. Use the unsubscribe link at the bottom of any marketing email we send.
  • SMS. Reply STOP to any marketing SMS you receive from us. We will record your opt-out and stop sending marketing SMS to that number.
  • WhatsApp. Block our business number from your WhatsApp app, or reply asking us to remove you, and we will stop sending you WhatsApp messages.

Transactional messages (booking confirmations, order receipts, appointment reminders for services you have engaged us to provide) continue regardless of your marketing preferences because they are necessary to deliver the service you have engaged us for. If you no longer want to receive those, please tell us so we can pause the underlying service.

Our Use of the Hixel Platform

Our website, booking system, online storefront, and customer messaging are delivered using the Hixel platform, operated by Hexonova Pty. Ltd. trading as Hixel. Hixel acts as our data processor for the information you submit through our site and the messages we exchange with you through our channels — Hixel handles that information on our instructions and under a written agreement.

For more detail about how Hixel processes that information on our behalf — including where it is stored, the sub-processors Hixel uses, and Hixel's commitments around AI-assisted features (next section) — see Hixel's privacy policy. Nothing in Hixel's policy overrides our obligations to you under this policy or the Privacy Act.

AI-Assisted Tools

We use AI-assisted features built into the Hixel platform to help us work faster — for example, to draft email or SMS templates, suggest content, qualify enquiries, and pre-flight outbound messages for compliance with carrier rules before we send them. These features are powered by a third-party large-language-model provider (currently Microsoft Azure AI Foundry, also known as Azure OpenAI Service) and are operated by Hixel on our behalf.

We only include the information that is needed for the AI tool to do its job. The AI provider's commercial terms commit that the inputs we send are not stored beyond the immediate request and are not used to train AI models. Some of the AI processing happens in Microsoft data centres outside Australia under the provider's Global Standard service tier — this cross-border disclosure is made for the purposes of Australian Privacy Principle 8. AI output is reviewed by a human (us) before it is sent to you, used, or relied on.

Cookies and Our Website

Our website uses cookies, scripts, and similar technologies to help it function, to understand how it is used, and to keep it safe. The specific tools enabled on our site depend on the choices we have made — open the cookie consent control on any page of our site to see which categories are active and to change your preferences. The categories of tool we may enable are listed below.

Analytics and behaviour tools (when enabled)

  • Google Analytics. A web analytics service provided by Google LLC. Helps us understand how visitors use our website (for example, which pages are most popular and how people navigate between them). It uses cookies and may collect information including pages visited, time on site, referring URL, and anonymised usage patterns. Google Analytics data is processed in accordance with Google's privacy policy at policies.google.com/privacy.
  • Meta Pixel (Facebook Pixel). An advertising and analytics tool provided by Meta Platforms, Inc. Helps us measure the effectiveness of our advertising and understand the actions visitors take on our site. May collect information about your device, browser, IP address, and the pages you view. This information may be shared with Meta and used for advertising personalisation on Facebook and Instagram. Meta's privacy policy is available at facebook.com/privacy/policy.
  • Microsoft Clarity. A user-behaviour analytics service provided by Microsoft Corporation. Records session replays and heatmaps to help us understand how visitors interact with our website. Sensitive form fields (for example, payment details) are masked by default. Microsoft's privacy policy is available at privacy.microsoft.com/privacystatement.

Technical information we collect

  • IP addresses. We store visitor IP addresses temporarily to protect the website from abuse (for example, to rate-limit requests and to protect against denial-of-service attacks). We also store IP addresses associated with contact form submissions so that we can investigate if a form is misused. IP addresses are retained only for the period necessary for these security purposes.
  • Approximate location. Our website may resolve your approximate location (typically from your IP address) to offer location-relevant information, such as directing you to your nearest location. This does not track your precise GPS location unless you explicitly grant that permission in your browser.

Third-party tools and cross-border disclosure

Where the analytics or pixel tools above are enabled on our site, they are operated by Google, Meta, or Microsoft. These providers are based outside Australia, and some of the data collected through these tools may be processed on servers in the United States and other countries. Where any of these tools is active on our site, by using our site you acknowledge that your interaction data may be transferred to and processed in those jurisdictions.

Managing cookies

Most web browsers allow you to control cookies through your browser settings, including blocking or deleting cookies. You can also adjust the categories of non-essential tool you allow through the cookie consent control on every page of our site. Note that blocking cookies may affect some functionality on our website.

Complaints

If you believe we have mishandled your personal information, please contact us first at privacy@hexonova.com.au. We take complaints seriously and will respond within 30 days.

If you are not satisfied with our response, you can make a complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001

Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. The updated policy will be published on our website with the "last reviewed" date shown below.

For significant changes, we will notify existing clients by email where appropriate.

This policy was last reviewed on June 22, 2026.

© 2026 HEXONOVA PTY LTD
TermsPrivacy policyHixel