Legal

Privacy Policy

We take the privacy and safety of survivors seriously. This policy explains what information we collect, how we use it, and how it is protected.

Effective date: 23 April 2026  ·  The Purple Arrow ABN pending  ·  Queensland, Australia

Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Where Your Information Is Stored
  5. Who We Share It With
  6. Security
  7. Your Rights
  8. Amy — Our Digital Support Guide
  9. The Secure Vault
  10. Cookies & Browser Storage
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact Us

Important: The Purple Arrow is a support and advocacy service. We are not lawyers and nothing on this website or from Amy constitutes legal advice. If you are in immediate danger, please call 000.

1. Who We Are

The Purple Arrow ("we," "us," "our") is a domestic violence survivor support and advocacy service based in Queensland, Australia. We operate the website at thepurplearrow.com.au and related tools including the Secure Vault and the Amy support guide.

We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

For privacy questions, contact us at: hello@thepurplearrow.com.au

2. Information We Collect

We only collect information that is necessary to provide our services. This may include:

Information you provide directly

  • Your name, email address, and phone number (when you register, contact us, or use the vault)
  • Details about your situation, including the nature of any domestic violence you have experienced
  • Information about other people involved (respondents, children) — only what you choose to share
  • Documents, photos, and files you upload to your Incident Log in the Secure Vault
  • Messages you send through any contact or assistance forms

Information collected automatically

  • Basic server logs (page requests, IP addresses) — retained briefly by our hosting provider Netlify
  • Browser type and device information for technical support purposes

We do not use advertising trackers, Facebook Pixel, Google Analytics, or any third-party marketing tracking on our site.

3. How We Use Your Information

We use your information to:

  • Provide support, advocacy, and referral services
  • Respond to your requests for assistance with protection orders or safety planning
  • Maintain your Secure Vault account and keep your documents safe
  • Send you relevant updates or resources (only if you have opted in)
  • Improve the quality and safety of our services
  • Comply with legal obligations

We will never use your personal information for marketing purposes without your explicit consent, and we will never sell your data to any third party.

4. Where Your Information Is Stored

Because we are a static website without our own servers, your information is stored in a combination of the following systems:

Netlify (Form submissions)

When you submit a contact form, protection order request, or vault registration, the data is processed and stored by Netlify Inc., a United States-based company. Netlify complies with GDPR and maintains appropriate security standards. By submitting a form on our site, you consent to your data being transferred to and processed in the United States. You can review Netlify's privacy policy at netlify.com/privacy.

Clerk (Account authentication)

Your vault account credentials (email and password) are managed by Clerk Inc., a United States-based authentication provider. Clerk does not store your support details — only your account login information. You can review Clerk's privacy policy at clerk.com/privacy.

Your own device (Incident Log & Vault content)

Journal entries, incident notes, and attachments you add to your Incident Log are stored only on your device using your browser's local storage. This means:

  • We cannot access this data — it never leaves your device
  • If you clear your browser's site data, the information will be permanently deleted
  • The data is not synced across devices

We recommend regularly exporting your witness statement PDF as a backup of your incident records.

5. Who We Share Your Information With

We do not sell, rent, or trade your personal information. We may share it only in the following circumstances:

  • Infrastructure providers: Netlify and Clerk as described above — only to the extent necessary to operate our services
  • Legal requirements: If we are required by law to disclose information (e.g., a court order), we will do so only to the extent required
  • Safety: If we believe disclosure is necessary to prevent serious harm to you or another person, we may act accordingly — but we will always try to discuss this with you first where it is safe to do so

We will never share your information with police, other government agencies, or third parties without your consent unless legally compelled.

6. Security

We take security seriously, particularly given the sensitive nature of the information people share with us. Our measures include:

  • All traffic is encrypted over HTTPS (TLS)
  • The Secure Vault and Admin panel are protected by authenticated access only (via Clerk)
  • Sensitive pages (Vault, Admin, Amy) have noindex headers — they will not appear in search engines
  • No-cache headers on all sensitive pages prevent browsers from storing page content
  • The vault pages use Content Security Policy headers to prevent cross-site scripting
  • Admin access is restricted to authorised TPA team members only

No system is 100% secure. If you believe your information may have been compromised, please contact us immediately at hello@thepurplearrow.com.au.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Correct any information that is inaccurate or out of date
  • Request deletion of your personal information (subject to any legal obligations we may have to retain certain records)
  • Complain about how we have handled your information

To exercise any of these rights, please contact us at hello@thepurplearrow.com.au. We will respond within 30 days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or call 1300 363 992.

8. Amy — Our Digital Support Guide

Amy is a digital support guide, not a human and not a lawyer. She is a scripted conversational tool designed to help you understand your options and prepare documentation. She does not use artificial intelligence or machine learning.

When you use Amy, the following applies:

  • Information you share during the conversation is used only to generate your support documents
  • If you choose to generate a protection order application PDF, a summary of your responses is also submitted to The Purple Arrow team via a secure form so we can follow up and support you
  • Amy does not store conversation history on our servers — conversations exist only in your browser session and are cleared when you close the page
  • The PDF Amy generates is a preparation aid only — it is not a completed legal document. You must review it with a lawyer or Legal Aid Queensland before lodging anything with a court

If you are in immediate danger, do not use Amy — call 000 now. Amy is not a crisis line.

9. The Secure Vault

The Secure Vault is a private, password-protected area of our website for registered users. Inside the vault:

  • Your account is managed by Clerk (see Section 4)
  • Your journal entries, incident logs, and attachments are stored only on your device in browser local storage — we cannot access this content
  • Protection order requests submitted through the vault are received by our team via Netlify Forms
  • The vault has a Quick Exit button — pressing Escape three times or clicking Quick Exit will immediately close the page

We recommend using a private/incognito browser window when accessing the vault if you are concerned about others seeing your browser history.

10. Cookies & Browser Storage

We do not use advertising cookies or tracking cookies. Our site uses:

  • Session storage: Temporary data that is cleared when you close your browser tab (used for quick-exit safety features and temporary authentication flags)
  • Local storage: Used by the Secure Vault to store your journal entries and attachments on your device only
  • Clerk authentication cookies: Required to keep you logged in to your vault account. These are managed by Clerk Inc.

11. Children's Privacy

Our services are intended for adults. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information about a child, please contact us so we can delete it.

If your situation involves children, we may ask about them to better understand your circumstances and connect you with appropriate services — but we will not contact children or share their information outside of the protections described in this policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify registered vault users by email.

Continuing to use our services after changes are published means you accept the updated policy.

13. Contact Us

For any privacy questions, requests, or complaints, please contact:

The Purple Arrow
Email: hello@thepurplearrow.com.au
Queensland, Australia

We aim to respond to all privacy enquiries within 30 days.