Privacy Policy
How medialab collects, uses, stores, and protects information when you engage our revenue systems, data enrichment, and go-to-market services.
01 About this policy
medialab (“we,” “our,” or “us”) builds and operates revenue infrastructure for our clients. This policy explains how we handle personal information across our engagements, from first contact through ongoing service delivery.
It applies to information handled in connection with:
- Our terms acceptance and onboarding process
- Data processed during delivery under a Statement of Work (SoW)
- Business contact information for ongoing client relationships
- Data handled through the third-party platforms we operate on your behalf
We act as a service provider to our clients. For data you ask us to process on your behalf, you remain the controller and we act on your documented instructions.
02 Information we collect
Information you provide directly
- Business contact details: company name, contact name, email, phone, and business address
- Billing information: payment details and invoicing requirements
- Project information: objectives, target criteria, and service requirements
- System access: CRM connections, API authorizations, and platform credentials needed to deliver the work
Client data for service delivery
To deliver our services, you may provide, or authorize us to access, data including:
- Prospect data: names, business roles, company information, and contact details
- Campaign data: email addresses, professional profiles, and other business contact information
- CRM data: customer and prospect records from your existing systems
- Performance data: campaign metrics, engagement statistics, and analytics
Information from connected platforms
We access and process data through the platforms we operate in, including Clay, HubSpot, Salesforce, LinkedIn, and the outreach and advertising tools specified in your SoW. Each platform maintains its own privacy practices.
03 How we use information
Service delivery
- Build and operate enrichment, routing, and reporting systems
- Conduct prospect research and market intelligence
- Develop and run go-to-market motions on your behalf
- Provide performance reporting and analytics
- Integrate workflows across your chosen platforms
AI-assisted delivery
We use AI to improve the quality and speed of our work, under clear guardrails:
- All AI processing includes human oversight before anything is delivered
- We apply data minimization, using only the information necessary for the task
- AI assists with research summaries, messaging frameworks, and optimization recommendations
- Outputs are reviewed to ensure accuracy and to prevent unintended disclosure of personal information
We do not sell personal information. We do not use client data to train third-party AI models, and we do not repurpose one client’s data for another.
Business operations & compliance
- Communicate about projects, process payments, and maintain records
- Provide support and account management
- Meet legal obligations, protect our rights, and investigate misuse
05 Data security
We apply security measures appropriate to the sensitivity of the data we handle:
- Encrypted data transmission and storage
- Access controls and user authentication
- Regular security reviews and updates
- Staff training on data protection
Data processed through third-party platforms is also subject to those platforms’ own security measures. No system is completely secure; you remain responsible for the systems and credentials under your control.
06 Breach notification
If we become aware of a breach affecting personal information, we will:
- Notify you in writing without undue delay, and within 72 hours where feasible
- Provide the information you need to assess the impact
- Cooperate with notifications required under the Notifiable Data Breaches scheme
- Take steps to contain and remediate the breach
07 International transfers
Some data may be processed outside Australia, including by cloud providers (often US-based), platform operators, and international subcontractors. Where data crosses borders we maintain safeguards such as:
- Contractual protections with each provider
- Selecting providers in jurisdictions with adequate privacy protections
- Technical measures protecting data in transit and at rest
08 Data retention
- Contact & billing information: the duration of the relationship, plus 7 years for tax and accounting purposes
- Project deliverables: as specified in your SoW, typically until completion
- Client data: only as long as necessary, then returned or destroyed as instructed
You are responsible for backing up deliverables and client data on delivery. We are not obligated to retain copies beyond the periods set out in your SoW.
09 Your privacy rights
Under Australian privacy law you may:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Request deletion, subject to our legal and contractual obligations
- Object to certain processing activities
- Lodge a complaint with the Office of the Australian Information Commissioner
To exercise any of these, contact us using the details below. We respond within 30 days and may first verify your identity. Some rights may be limited by legal or contractual obligations.
11 Changes to this policy
We may update this policy to reflect changes in our services, the law, or our data protection practices. We will notify you of material changes by email or through our website. Continued use of our services after notice constitutes acceptance.
12 Contact & complaints
For privacy inquiries, to exercise your rights, or to report an urgent data breach, contact our Privacy Officer:
Complaints
If you have concerns about how we handle your information, contact our Privacy Officer first so we can resolve it. If you are not satisfied, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.
This Privacy Policy should be read alongside our Terms and Conditions. Where the two are inconsistent, the Terms and Conditions prevail regarding service delivery and commercial arrangements.