Privacy policy

Privacy Policy

Last updated: 15 May 2026

Shift With Grace® collects and handles your personal information carefully. This policy sets out what we collect, why, how it's stored, your rights, and how to reach us with concerns.

1. Who we are

Shift With Grace is a burnout strategy business based in Brisbane, Australia, operated by Grace, the founder. Services include 1:1 strategy sessions (The One-Hour Shift), digital products, and online content delivered under The Soft Life Shift®.

Contact: hello@shiftwithgrace.com.au

2. What we collect

We collect only the information needed to deliver our services and run the business:

Contact details — name, email address, phone number
Booking information — session type, preferred times, intake form responses
Purchase information — products and sessions purchased, order confirmations. We do not see or store full payment card details; payments are processed by Shopify Payments and Stripe.
Email preferences — subscription status, opens, and clicks
Website activity — pages viewed, device type, approximate location, referral source. Collected via cookies, pixels, and analytics tools (see Section 7).
Advertising identifiers — hashed (encrypted) versions of email, phone number, name, or location used to measure ad performance and match audiences on platforms such as Meta and Google (see Section 8).

Information shared during a session (your circumstances, history, work context) is held only in the session notes required to deliver your personalised Blueprint. It is never shared with third parties.

3. Why we collect it

Your information is used to:

Deliver the session, product, or download you have booked or purchased
Send booking confirmations, session prep, and your post-session Blueprint
Send marketing emails you have opted into (newsletter, free resources, course content)
Operate, secure, and improve the website
Run advertising on Meta and Google where you have consented (in regions that require it) or where lawful interest applies

We do not sell your personal information.

4. How we store and protect it

Data is held on third-party platforms that maintain current encryption, access control, and data protection standards. The platforms we currently use are:

Shopify — store, checkout, customer accounts, and order records
Cowlendar — session scheduling and reminders
Shopify Email — newsletter and email automation (we may transition to Klaviyo or Mailchimp; this policy will be updated if we do)
Google Analytics — website traffic and content analytics
Google Ads — advertising and conversion tracking
Meta (Facebook and Instagram) — advertising and conversion tracking, including Meta Pixel and Meta Conversions API

Retention. Personal information is kept for seven years from your most recent interaction with us. This period aligns with Australian tax law requirements for financial records, the Queensland statute of limitations for contract claims (six years), and standard business record-keeping practice. After seven years, your information is securely deleted or de-identified.

Marketing data (email subscription, engagement) is held until you unsubscribe or request deletion.

5. Your rights

Depending on where you live, you may have the right to:

Access the personal information we hold about you
Correct information that is inaccurate or incomplete
Delete your information (note: this may end access to digital downloads, course content, and session records)
Restrict or object to certain processing
Receive a portable copy of your data
Withdraw consent at any time
Unsubscribe from marketing emails

US visitors (California, Virginia, Colorado, Connecticut, Utah, and other states with applicable laws). We do not "sell" or "share" personal information as defined under the CCPA/CPRA. You have the same rights listed above.

To exercise any right, email hello@shiftwithgrace.com.au. We respond within 30 days.

6. Data breach notification

If a data breach occurs that is likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme. Where international users are affected, we will also notify the relevant regulator — including the UK Information Commissioner's Office, EU supervisory authorities, or US state authorities — within the timeframes required by law.

7. Cookies and similar technologies

The website uses three categories of cookies:

Essential — required for core functions (cart, checkout, security, login). These run by default.
Analytics — measure traffic and content performance (Google Analytics, Shopify analytics).
Marketing — power advertising and personalisation (Meta Pixel, Meta Conversions API, Google Ads).

In regions that require consent (EU, UK, and certain US states), a cookie banner appears on first visit so you can accept or refuse non-essential cookies. You can change your preferences at any time.

You can also:

Manage cookies directly in your browser settings
Opt out of personalised ads via Meta Ad Preferences and Google Ad Settings
Unsubscribe from emails using the link in every email

8. Advertising and audience matching

When you visit the website, our advertising tools — primarily Meta Pixel, Meta Conversions API, and Google Ads — may share hashed (encrypted) versions of your email address, phone number, name, or location with the advertising platform. The hash is one-way and cannot be reversed into the original detail. This data is used to:

Measure how effectively our ads perform
Match website visitors with their existing accounts on Meta or Google so we can show relevant ads
Build audiences of similar people who may be interested in our services

Shopify Audiences may also use aggregated data across Shopify merchants to improve advertising targeting. Your individual data is not visible to other merchants.

9. International users and legal bases

We comply with the Australian Privacy Act 1988 (Cth), the EU and UK GDPR, and applicable US state privacy laws.

Under the GDPR, we rely on the following legal bases:

Consent — marketing emails, non-essential cookies, and ad personalisation
Contract — delivering bookings, products, and digital downloads
Legitimate interests — operating, securing, and improving the business

You can withdraw consent at any time where it applies.

10. International data transfers

We operate from Australia. Some service providers store data in other countries, including the United States and Ireland. For transfers originating in the EU or UK, we rely on Standard Contractual Clauses or equivalent safeguards. For transfers from Australia, we take reasonable steps to ensure overseas recipients handle your data in line with the Australian Privacy Principles.

11. Children

Our services are for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we discover that a minor has provided information through the site, store, or booking system, we will delete it.

12. Updates to this policy

This policy is updated when our services, tools, or legal obligations change. The "Last updated" date at the top of the page reflects the most recent revision. Material changes are flagged to email subscribers in advance.

13. Contact and complaints

Shift With Grace hello@shiftwithgrace.com.au PO Box 234, Fortitude Valley QLD 4006, Australia

If you have a privacy concern, contact us first. If we cannot resolve it to your satisfaction, you can lodge a complaint with the regulator in your jurisdiction: