Effective Date: 1 January 2025
Version: 3.0 — Ultra-Final (Djenie Edition)

1. WHO WE ARE

In Delay There Lies No Plenty Pty Ltd ACN 162 881 138 ATF Future Thinking Family Trust t/a Djenie ABN 98 399 797 036 (“Djenie”, “we”, “our”) provides membership-management systems, custom software development, and digital consulting services. This Privacy Policy explains how we collect, use, store, protect, disclose, and transfer Personal Data across all relevant jurisdictions.
We comply with:

  • Australian Privacy Act 1988 & Australian Privacy Principles (APPs)
  • EU GDPR / UK GDPR
  • CPRA (California)
  • China PIPL
  • LATAM privacy laws including LGPD (Brazil)

2. SCOPE

This Policy applies to:

  • visitors of djenie.com
  • users of Djenie’s membership systems (SMS v2)
  • client organisations and administrators
  • support, operational, and consulting interactions

3. KEY TERMS

Personal Data, Controller, Processor, Subprocessor, Customer, Member, and other terms are defined in Annex A.

4. CONTROLLER VS PROCESSOR ROLES

Djenie acts as:
Controller for:

  • account data, support records, operational logs, analytics, billing

Processor for:

  • data provided by customers (e.g., membership records, onboarding information, program data, uploaded documents)

Processor obligations are governed by the Data Processing Agreement (DPA).

5. DATA WE COLLECT

We may collect:

  • identity data (name, email, organisational role)
  • account and login details
  • usage and device information (logs, telemetry)
  • membership data provided by customer organisations
  • support communications
  • no payment card data (payments handled by third parties)

Sensitive data is only processed when explicitly provided by the customer with a lawful basis.

6. HOW WE COLLECT DATA

  • directly from users
  • from customer administrators provisioning accounts
  • automatic logging via cookies and security tools
  • integrations (APIs, SSO, SAML/IdP)

7. PURPOSES & LEGAL BASES

Contract:

  • delivering membership-management services
  • authentication and authorisation
  • secure access to client organisation platforms

Legitimate Interests:

  • system security and fraud prevention
  • improving platform reliability and user experience
  • aggregated analytics (non-essential analytics in EU/UK require consent)

Consent:

  • marketing communications (where applicable)
  • non-essential cookies (EU/UK/China)
  • any sensitive data

Legal Obligations:

  • tax, accounting, regulatory reporting

8. SPECIAL / SENSITIVE DATA

Djenie does not intentionally collect special category data unless:

  • it is provided by a customer organisation, and
  • explicit or separate consent has been obtained under GDPR/PIPL/LGPD.

9. AUTOMATED DECISION-MAKING

Djenie does not use automated decision-making producing legal or significant effects.
AI tools used internally do not replace human judgement.

10. COOKIES & TRACKING TECHNOLOGIES

Cookies are used for:

  • authentication
  • performance and diagnostics
  • optional analytics (where lawful consent exists)
    See the Cookie Notice and Cookie Preferences Policy for full details.

11. SHARING PERSONAL DATA

Shared with:

  • customer administrators
  • subprocessors under strict contractual safeguards
  • professional advisers
  • regulators if legally required
    We do not sell or share data for targeted advertising.

12. INTERNATIONAL TRANSFERS

Cross-border transfers rely on:

  • Standard Contractual Clauses (SCCs)
  • UK Addendum
  • adequacy decisions
  • supplemental measures for PIPL
  • contractual controls for LATAM transfers

13. DATA RETENTION

Data is retained for:

  • service delivery
  • legal compliance
  • dispute resolution
  • security and audit logging

Customer Data (Processor role) is retained according to customer instructions.
A detailed retention schedule is available on request.

14. SECURITY MEASURES

Djenie maintains:

  • encryption in transit (TLS 1.2+) and at rest (AES-256)
  • RBAC and MFA
  • secure SDLC practices
  • network segmentation and cloud hardening
  • vulnerability scanning and patching
  • continuous monitoring and alerting
  • breach notification processes aligned with APPs, GDPR, CPRA, PIPL

15. PRIVACY RIGHTS

Individuals may request:

  • access
  • correction
  • deletion
  • restriction
  • portability
  • withdrawal of consent
  • objection (where applicable)

16. CHILDREN’S DATA

Regional thresholds:

  • under 13 (US COPPA)
  • under 14 (China PIPL)
  • under 16 (EU/UK GDPR; member-state variations)

Parental/guardian authorisation required as applicable.

17. MARKETING COMMUNICATIONS

  • Service-essential messages cannot be opted out of.
  • Marketing communications follow an opt-in or opt-out model based on jurisdiction.

18. THIRD-PARTY LINKS

Third-party services linked from djenie.com are governed by their own privacy policies.

19. CHANGES TO THIS POLICY

Material changes will be communicated via email or platform notices.

ANNEX A — DEFINITIONS

Personal Data, Processing, Controller, Processor, Customer, Subprocessor, Member, and other core terms consistent with GDPR/APPs.

VERSION CONTROL & GOVERNANCE

Version: 3.0 — Ultra-Final (Djenie Edition)
Effective Date: 1 January 2025
Approval: Chief Executive Officer, Djenie
Change Summary: Full rewrite for Djenie’s operational structure; removed all Cushi-specific AI contexts; aligned to SMS v2 functions and customer-controlled datasets.
Review Cycle: Annual or earlier if legally required.