Privacy policy

We value your privacy as much as our own and are committed to keeping personal and business information safe. We actively promote privacy and security by design, and ethical privacy practices in all aspects of our work.

Our values and approach to privacy

We value your privacy as much as our own. We are committed to keeping the your personal and business information safe and consciously design our systems around the principles of:

  • privacy by design
  • security by design
  • data minimisation

We actively promote ethical privacy practices in all aspects of our work, including in our own business practices, as well as when providing professional services to clients. Our approach is not the ‘norm’ in this industry, but — as with all aspects of our work — by nature we take an authentic, ethical approach.

We do not agree with widespread practices found on other websites, including extensive tracking of your behaviour for advertising and marketing purposes without, or prior to gaining, your informed consent. We also do not agree with the publication of long and complex policies. We support effective marketing, but believe this should be done in an ethical manner.

We hope to work with people who value our commitment to privacy and security.

Information we collect and how we use it

We may come into contact with personal information through a number of different roles and relationships:

When you visit this website

This website is hosted in Melbourne, Australia.

When you visit our website a basic server log is created, which includes your IP address, date and time, type of web browser, and pages accessed. We explicitly do not log the previous site visited (known as ‘HTTP referer’, tracked by most other sites). Server logs are a standard part of any web server’s operation and are necessary to ensure the reliability and security of our infrastructure. Logs are protected securely, and are deleted automatically within one month, following the data minimisation principle of not storing data any longer than necessary.

This website does not use any cookies, which you can confirm using your browser’s tools. This website does not use analytics, advertising, third-party social media buttons, or any other mechanism designed to track your behaviour.

This website includes many links to external websites, primarily in our porfolio of work; each is responsible for providing their own privacy statement.

If you send us an email or call us

If you send us an email or call us with an enquiry, we will record your contact details and any other information you give us as part of the project brief. We will only use your information for the purpose for which you provided it. Webmistress collaborates with professional graphic designers and other specialists in Hobart. We will share your information with one of our graphic design associates if reasonably expected to respond to your enquiry, which will commonly be in the initial stages of reviewing a project and setting up a first meeting. Your email address will not be added to a mailing list and we will not send you any marketing material as a result of sending us an enquiry.

If you commission us for work

Any information you provide to us through the course of our work with you will only be used for the the purpose for which you provide it.

We collect your business name, contact details, and keep records of work related communications, as well as the invoices we send you and the payments you make. We do not require or collect your bank account or credit card information.

We will add your email address to our client mailing list, stored in Campaign Monitor, which is used to send out infrequent news, updates, and notifications to our clients. We do not track your email newsletter activity (normally tracked by most other newsletters).

Some projects may involve handling limited personal data of your customers when setting up systems for you. We only handle your customers’ personal data if necessary for the project, and we treat it confidentially. We will never disclose such data to any third parties. We actively minimise our access to personal data, and remove our access to confidential data wherever possible, once our access is no longer needed.

We actively promote best practices such as privacy by design, security by design, and data minimisation in our work, and encourage all clients to publish a privacy statement on their website. Please note that, while we will meet obligations as agreed with individual clients of Webmistress, the responsibility for the privacy policy of an individual client is with that client.

Who’s responsible for your information

Rebecca Skeers, the owner of Webmistress, is responsible for the storage of your information. This applies to information supplied to Webmistress directly (not information in the public domain or supplied by you to other businesses commissioned separately for aspects of your project, who will have their own privacy policies). You can contact Rebecca by email at or by phone on 03 6231 9351 if you have any concerns about the information we store.

Who has access to your information

Only people directly involved with your project will have access to personal or business information associated with the project, and only if it is necessary to fulfil their role in the project.

We will not disclose any personal information to another party unless you have consented to the disclosure, or the use or disclosure is reasonably expected to answer your enquiry or complete the work requested (for example, between other suppliers, such as graphic designers or photographers, directly involved in the quoting for, or completion of, your project).

How we store and secure your information

In every aspect of our work, we implement multiple practices to ensure the protection of personal information, and go to great lengths to ensure security of data and hardware.

Your connection to our website,, is protected using Secure Sockets Layer (SSL). You can confirm this by checking for the presence of “https” and the padlock symbol in your browser’s address bar.

Where we store your information in third-party services, for maximum security, we restrict access only to people who genuinely need it.

Where personal information is stored in an online or third-party service, we follow best practices to secure those accounts. We store passwords in an encrypted password manager, use a different, randomly generated, long and complex password for each service. We use two-factor authentication (2FA) as well as any additional security features when they are available.

The computers we use (including mobile devices) are all protected by passcode, fingerprint, or facial recongition. We additionally utilise any extra security features available on that particular device.

Any paper copies containing personal or business information are shredded once no longer needed.


If you have any complaints about the ways in which we handle information, or to correct information we hold, please contact us by email at, by phone on 03 6231 9351, or by post to GPO Box 1764, Hobart TAS 7001, Australia.

Changes to this policy

Our commitment to excellence and our authentic, ethical approach will never be altered, however, we reserve the right to adjust this policy to provide clarity or to cover changes in web technology or other aspects of our work.