PRIVACY POLICY | ONE RED COW
top of page

PRIVACY  POLICY

Effective Date: April 2026

At One Red Cow, we respect your privacy and recognize our responsibility in safeguarding your enterprise and personal data. This Privacy Policy outlines our strict obligations regarding the collection, processing, and storage of your Personal Information and Corporate Data, reflecting our commitment to the Australian Privacy Principles (APPs) and the European General Data Protection Regulation (GDPR).

1. Data Collection & Processing Scope

Personal Information is information or an opinion that identifies an individual. In the course of operating a global creative and digital strategy agency, we collect data including names, corporate email addresses, IP addresses, digital analytics tokens, and secure financial records.

When providing services to enterprise clients (such as comprehensive AI audits or AEO analytics), One Red Cow acts strictly as a Data Processor on behalf of our clients, while the client retains the status of Data Controller. We only process data in accordance with the strict parameters outlined in our executing Statement of Work (SOW).

2. Artificial Intelligence (AI) Data Handling Policy

As an agency at the bleeding edge of Artificial Intelligence strategy, Answer Engine Optimization (AEO), and Generative AI implementation, we adhere to the strictest 2026 data sovereignty protocols:

  • No Public LLM Training: One Red Cow guarantees that absolutely no confidential client Personal Information, trade secrets, or unreleased strategic data is ingested into open, publicly-training generative AI models (such as the public tiers of ChatGPT, Claude, or Midjourney) without explicit, documented consent.

  • Enterprise-Grade Sandboxing: Where AI processing is required for data analysis or creative generation, we utilize closed-loop, enterprise-grade API architectures that guarantee data isolation and zero-retention policies.

  • AEO Auditing: Any analysis of a brand's AI digital footprint relies strictly on publicly accessible information parsed through non-intrusive crawler algorithms, ensuring no breach of private network boundaries.

3. Third-Party Disclosures & Sub-Processors

We do not sell, rent, or lease your Personal Information or Corporate Data to third parties. We may share data with trusted sub-processors (e.g., secure cloud hosting providers, analytics partners, localized voice-agent API hosts) only when necessary to deliver our contractual services.

All third-party sub-processors utilized by One Red Cow are bound by strict Non-Disclosure Agreements (NDAs) and are verified to comply with SOC 2 Type II or equivalent international data security standards.

4. International Data Transfers

Given the global nature of our enterprise clientele (including brands in the UK, EU, and US), data may occasionally be transferred outside of Australia. In such events, One Red Cow ensures that the receiving jurisdiction offers an adequate level of data protection, or that appropriate safeguards—such as Standard Contractual Clauses (SCCs)—are fully executed in compliance with the GDPR.

5. Data Security and Notifiable Breaches

Your Personal Information is secured utilizing AES-256 encryption at rest and TLS 1.3 in transit, protecting it from unauthorized access, modification, or disclosure.

In accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act, One Red Cow maintains a strict incident response protocol. Should an eligible data breach occur that is likely to result in serious harm, we will immediately notify the affected clients and the Office of the Australian Information Commissioner (OAIC).

6. Access, Correction, and "Right to be Forgotten"

You possess the right to request access to the Personal Information we hold about you and to update, correct, or request the deletion of this data (the "Right to be Forgotten"), subject to legal data retention obligations.

To protect the security of our network and our clients, One Red Cow requires stringent identity verification before processing any data extraction or deletion requests. We will not charge a fee for standard access requests, though excessive or highly complex retrieval requests may incur a reasonable administrative fee.

7. Policy Amendments

To ensure ongoing compliance with rapidly evolving international AI legislation and data sovereignty laws, this Policy may be amended periodically. The most current version will always be published on our website.

8. Privacy Complaints and the Privacy Officer

If you have queries regarding our data handling, or wish to lodge a formal complaint regarding our Privacy Policy, please contact our dedicated Privacy Officer in writing:

One Red Cow — Privacy Officer
Melbourne, Victoria, Australia
Email: info@oneredcow.com
Phone: +61 424 33 88 55

bottom of page