Skip to content

Legal

Privacy Policy

Last updated: 13 June 2026 · Effective: 13 June 2026

This Privacy Policy explains how Joe Bones (“Joe Bones,” “I,” “me,” or “my”) handles personal information collected through the website at joebones.dev (the “Site”). The Site is a personal and professional portfolio — it shares my work, writing, and contact details. It does not have user accounts, does not sell anything, and does not run advertising.

The short version

  • I collect very little. The only information you actively give the Site is what you type into the contact form.
  • I don’t sell or rent your data — ever, to anyone.
  • No advertising or cross-site tracking. Site analytics are privacy-first and cookieless.
  • I’m based in Canberra, Australia, and handle personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
  • Therapy is separate. Counselling is provided through Inner Motus Therapy, not this Site. Health and clinical information for therapy clients is handled by that practice under its own privacy arrangements, not under this Policy.

1. Information I collect

a. Information you give me

When you submit the contact form, I collect the details you provide: your first name, last name (optional), email address, the subject you select, and your message. If you go on to discuss a consultation, I’ll hold whatever further information you choose to share in that correspondence (for example, your organisation, project scope, or technical requirements).

b. Information collected automatically

  • Analytics. The Site uses Cloudflare Web Analytics, which is privacy-first and does not use cookies or collect personally identifying information. It reports aggregate trends such as page views and referrers.
  • Spam protection. The contact form uses Google reCAPTCHA to distinguish people from bots. Google may process your IP address and interaction data for this purpose under its own privacy policy.
  • Server and security logs. Like any website, the hosting platform processes technical data (such as IP address and browser type) as part of delivering pages and protecting the Site from abuse.

The Site does not have user accounts, does not take payments, does not run a newsletter sign-up, and does not collect phone numbers or send SMS.

2. How I use information

I use the information above only to:

  • read and respond to your message or enquiry;
  • discuss, arrange, and carry out consultation work you’ve asked about;
  • keep the Site secure and free of spam and abuse;
  • understand, in aggregate, how the Site is used so I can improve it; and
  • meet any legal or regulatory obligations that apply to me.

3. Cookies and analytics

The Site does not use advertising or cross-site tracking cookies. The analytics described above are cookieless. Google reCAPTCHA, used on the contact form, may set cookies or use local storage as part of its bot detection; this is governed by Google’s privacy policy. You can block or delete cookies through your browser settings, though doing so may affect spam protection on the form.

4. How I share information

I don’t sell, rent, or trade your personal information. I share it only with a small number of trusted providers that help me run the Site, and only as needed:

  • Cloudflare — hosting, content delivery, and privacy-first analytics.
  • Resend — delivers contact-form submissions to my inbox.
  • Google — reCAPTCHA spam protection, and Google Workspace for the email account that receives and stores our correspondence.

These providers act on my instructions and are bound by their own terms and security obligations. I may also disclose information if I’m required to by law (for example, a court order), or to protect the rights, safety, or property of myself or others.

5. How long I keep it

I keep contact-form messages and related correspondence only as long as needed to respond, to carry out any work that follows, and to meet legal or record-keeping obligations — after which I delete them. Aggregate analytics contain no personal information and may be retained indefinitely.

6. How I protect it

Personal information is transmitted over encrypted connections (HTTPS) and held on reputable platforms that encrypt data at rest and apply access controls. No method of transmission or storage is perfectly secure, but I take reasonable steps to protect your information and will notify you and the relevant authority of an eligible data breach as required by law.

7. Your rights and choices

Under the Australian Privacy Principles you may ask me to access the personal information I hold about you, or to correct it if it’s inaccurate. Just get in touch through the contact page. I may need to verify your identity first, and I’ll respond within a reasonable time.

If you’re not satisfied with how I’ve handled your information, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Visitors in the EEA or UK. If you’re located in the European Economic Area or the United Kingdom, the GDPR gives you additional rights — including access, rectification, erasure, restriction, portability, and the right to object to or withdraw consent for certain processing. Where the GDPR applies, I rely on your consent (when you contact me) and on my legitimate interest in operating and securing the Site. You may also complain to your local data protection authority.

8. International visitors

I operate from Australia, and the Site runs on Cloudflare’s global network. If you access the Site or contact me from outside Australia, your information may be processed in Australia or other countries where my providers operate, which may have different data-protection laws than your own.

9. Links to other sites

The Site links to external sites and projects — including Inner Motus Therapy, my published research, and platforms I’ve built. Those destinations have their own privacy policies, and this Policy doesn’t cover them.

10. Children

The Site is intended for a general, professional audience and is not directed to children under 13. I don’t knowingly collect personal information from children. If you believe a child has contacted me, please let me know and I’ll delete the information.

11. Changes to this Policy

I may update this Policy from time to time to reflect changes to the Site or to legal requirements. The “Last updated” date above shows when it last changed. Material changes will be made clear on this page.

12. Contact

Questions or requests about this Policy or your information? Please reach me through the contact page.