The Digital Speaker

Futurity Ventures Pty Ltd t/a The Digital Speaker · Sydney, NSW, Australia · ABN 89 422 409 835

Privacy Policy

Effective Date: 17 April 2026

TL;DR · The short, plain-English version

This summary is for your convenience only. The detailed Policy below governs — if there is any conflict, the detailed Policy wins.

Who holds your data. Futurity Ventures Pty Ltd (ABN 89 422 409 835), a Sydney-based Australian company trading as The Digital Speaker, is the data controller.
What we collect. Your contact details, anything you tell us directly, your Scorecard answers, newsletter engagement, basic device and usage data, and payment records. Stripe handles all card details — we never see your full card number.
What we do with it. Deliver keynotes, run the Scorecard, send the newsletter if you have subscribed, invoice you, and improve our services. We do not sell your data and we do not use it for third-party advertising.
AI processing. Scorecard answers are analysed by Anthropic’s Claude under a contract that prohibits Anthropic from using your data to train its public models. Reports are AI-assisted but are not automated decisions about you.
Where your data lives. Mostly Australia and the United States. For EU/UK data transfers we use Standard Contractual Clauses and, where available, the EU-US Data Privacy Framework.
Your rights. You can ask to access, correct, port, or delete your data, withdraw marketing consent, or object to certain processing. Email privacy@thedigitalspeaker.com and we respond within 30 days.
Deleting your Scorecard account. Self-service from the dashboard, or by email. Active data is removed within 30 days; backups cycle out within 90 days; we keep only what the law requires us to retain.
Complaints. Start with us at privacy@thedigitalspeaker.com. If you are still unhappy, you can escalate to the OAIC (Australia), your national data-protection authority (EU), or the ICO (UK).

1. About This Policy

This Privacy Policy explains how Futurity Ventures Pty Ltd, trading as The Digital Speaker (“we,” “us,” “our”), collects, uses, discloses, and protects personal information when you interact with us — whether you visit the website at thedigitalspeaker.com, subscribe to the Synthetic Minds newsletter, take the Intelligence Age Scorecard, book or attend a keynote, purchase a masterclass or Strategic Executive Briefing, or otherwise engage with our services (together, the “Services”).

We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (the APPs), and, where applicable, the EU General Data Protection Regulation 2016/679 (the GDPR) and the United Kingdom GDPR. We voluntarily apply the APPs to all of our processing activities regardless of our annual turnover.

2. Who We Are and How to Contact Us

The data controller (for GDPR purposes) and the APP entity responsible for your personal information is Futurity Ventures Pty Ltd (ACN 422 409 835), trading as The Digital Speaker, a company incorporated in Australia with its principal place of business in Sydney, New South Wales.

Australian Business Number (ABN): 89 422 409 835

Privacy contact: privacy@thedigitalspeaker.com

General enquiries: enquiries@thedigitalspeaker.com

Given the scale of our processing, we have not appointed a statutory Data Protection Officer under Article 37 of the GDPR. Privacy matters are overseen by Dr Mark van Rijmenam on behalf of the Company. All privacy enquiries should be directed to privacy@thedigitalspeaker.com and will be reviewed within five business days.

3. Personal Information We Collect

We collect personal information in three ways: information you give us, information we collect automatically, and information we receive from trusted third parties.

3.1 Information You Give Us

Identity and contact details: name, job title, organization, country, work email address, and phone number — collected when you submit an enquiry, book a keynote, purchase a Scorecard, subscribe to the newsletter, or attend a masterclass.
Intelligence Age Scorecard responses: your answers to the assessment (technology selections, gateway questions, adaptive deep-dive questions, open-ended reflections), the event you associated your assessment with (if any), and any feedback you submit after a keynote.
Team Scorecard data: for Team-tier customers, the identity and email of team members invited by the administrator, and their individual Scorecard responses.
Commercial information: billing address, company registration details, purchase-order references, and transaction records.
Payment information: we do not store full payment-card numbers. Payment details are collected and processed directly by Stripe (see clause 7). We receive and retain a transaction reference, the last four digits of the card, the card brand, the billing country, and the amount.
Feedback and testimonials: any feedback, testimonial, NPS score, or open-text comment you submit through post-keynote feedback forms, event-organizer report cards, or the pulse-check emails we send 30 days after an engagement.
Correspondence: any messages you send us by email, through our contact forms, or through the Delphi Digital Twin chat experience.

3.2 Information We Collect Automatically

Device and usage data: IP address, approximate location derived from the IP address, device type, operating system, browser type and version, referring URL, pages viewed, time on page, and click-through behaviour.
Cookies and similar technologies: see clause 10.
Email engagement: whether you open marketing emails and which links you click.

3.3 Information From Third Parties

Business directories and professional networks (for example, LinkedIn, speaker bureaux), where you have made information publicly available and where we use that information to prepare for a meeting or a keynote.
Event organizers and speaker bureaux that have engaged us on your behalf.
Payment and fraud-prevention information from our payment processor (Stripe).

3.4 Sensitive Information

We do not knowingly collect sensitive information within the meaning of APP 3 or special categories of personal data within the meaning of Article 9 of the GDPR (such as health data, racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic or biometric data, or data about sexual orientation). You should not submit any such information into the Scorecard’s free-text fields. If we become aware that such information has been submitted, we will take reasonable steps to delete it.

4. How We Use Your Information and Our Legal Bases

We process personal information only where we have a lawful basis to do so. The following table summarizes our main purposes, the personal information used, the legal basis under the GDPR, and how long we typically retain the information.

Purpose	Information	Legal basis (GDPR)	Retention
Delivering keynote engagements (discovery calls, content preparation, logistics, travel)	Name, title, organization, email, phone, correspondence	Performance of a contract (Art. 6(1)(b))	7 years after the event, for contract, tax, and historical-record purposes
Delivering the Intelligence Age Scorecard (scoring, report generation, AI analysis, delivery)	Scorecard responses, identity and contact details, event association	Performance of a contract (Art. 6(1)(b))	Until you delete your account, then up to 30 days for deletion processing; aggregated benchmarks retained de-identified
Team administration and Strategic Executive Briefing delivery	Team roster, invited emails, Scorecard responses, briefing notes	Performance of a contract (Art. 6(1)(b))	Until contract ends + 7 years for records
Processing payments and issuing invoices	Name, billing address, transaction reference	Performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c))	7 years (Australian tax records)
Sending the Synthetic Minds newsletter and other marketing communications	Name, email, engagement metrics	Consent (Art. 6(1)(a)) for EU/UK; legitimate interests elsewhere (Art. 6(1)(f))	Until you unsubscribe + 30 days
Website analytics and performance monitoring	Device and usage data, approximate location	Legitimate interests (Art. 6(1)(f)): understanding usage and improving our services	26 months (aggregated)
Security, fraud prevention, abuse investigation	IP address, device data, account activity	Legitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c))	Up to 24 months
Post-keynote feedback and pulse-check	Name, email, NPS score, open-text feedback	Legitimate interests (Art. 6(1)(f)): improving future engagements	3 years
Producing aggregated, de-identified benchmarks and research	Scorecard responses and scores, stripped of identifiers	Legitimate interests (Art. 6(1)(f)): research and product improvement	Indefinitely, in de-identified form
Responding to legal requests, enforcing Terms, defending claims	Any necessary information	Legal obligation (Art. 6(1)(c)); legitimate interests (Art. 6(1)(f))	For the duration of the claim plus applicable limitation periods

Under the APPs, we only collect personal information that is reasonably necessary for one or more of our functions or activities, and we use and disclose it only for the primary purpose of collection (or for a related secondary purpose you would reasonably expect, or as otherwise permitted or required by law).

5. AI and Automated Processing

The Intelligence Age Scorecard is an AI-assisted diagnostic. Your responses are processed through a structured pipeline that includes:

a research phase, in which supporting context relevant to your country, industry, and role is prepared;
an analysis phase, in which large language models operated by Anthropic, PBC (a US-based AI provider) generate analysis under each of the four WAVE pillars;
a synthesis phase, in which a final report is assembled;
a Synthetic Review Panel (SRP) quality-gate phase, which reviews the report for clarity, balance, and consistency before delivery.

We do not use the Scorecard to make decisions that produce legal or similarly significant effects on you within the meaning of Article 22 of the GDPR. Reports are general strategic reflections and are not automated decisions. You may contact privacy@thedigitalspeaker.com to obtain meaningful information about the logic involved in the automated processing that applies to you, and to request human review of any aspect of your report.

In accordance with APP 1.4 and the transparency requirements commencing 10 December 2026 under Australia’s automated-decision-making reforms, this Policy discloses the categories of decisions substantially made by automated means (report scoring and AI-generated narrative content), the personal information used (your Scorecard responses and related metadata), and how that information affects those decisions (your responses are mapped to scores under each WAVE pillar and those scores shape the narrative).

We do not sell Scorecard data to external AI developers, and Anthropic processes your data as our data processor under contractual terms that prohibit the use of your data to train their public foundation models. De-identified, aggregated responses may be used to train our own internal assessment logic and to produce benchmarks.

6. When and To Whom We Disclose Information

We disclose personal information only where necessary and only to the following categories of recipients:

Service providers who process data on our behalf under contract (see clause 7), including hosting, email, payments, AI analysis, and analytics providers.
Event organizers and speaker bureaux, where they have engaged us on your behalf, for the limited purpose of delivering the keynote or event.
For Team-tier Scorecard customers, the nominated administrator of your organization will have access to aggregated team-level scores and benchmarks; they do not, by default, have access to an individual’s verbatim responses unless that individual expressly consents to share them.
Professional advisers (legal, accounting, tax) under professional duties of confidentiality.
Government agencies, regulators, courts, or law-enforcement bodies, where required by law or to protect our or another person’s rights, property, or safety.
A successor in interest, if we reorganize or sell our business, subject to protections consistent with this Policy.

We do not sell or rent your personal information, and we do not share it for third-party advertising or cross-context behavioural advertising.

7. Our Service Providers (Sub-Processors)

We use carefully selected service providers to operate the Services. Each processes personal information on our instructions under a written data-processing agreement and is bound by appropriate security and confidentiality obligations.

Provider	Purpose	Data processed	Location
Cloudflare, Inc.	Hosting, content delivery, edge compute (Workers), database (D1), storage (R2), and DDoS/security	All Scorecard and platform data, access logs, device data	United States (global edge)
Ghost Foundation (Ghost Pro)	CMS, blog, newsletter archive, marketing site	Author content, page views, newsletter member profiles	United States / EU
Anthropic, PBC	AI processing via the Claude API (report generation, analysis, synthesis)	Scorecard responses and generated content sent in real time; not used to train public models	United States
Stripe, Inc.	Payment processing for Scorecard, masterclass, and Strategic Executive Briefing purchases	Name, billing address, card details (collected directly by Stripe), transaction data	United States / Ireland
Customer.io (Peaberry Software, Inc.)	Transactional and marketing email delivery	Name, email, subscription preferences, email engagement metrics	United States / EU
Basin (JustUseFormspree)	Form-submission endpoints for contact and enquiry forms	Name, email, message content	United States
Delphi.ai	Digital-twin conversational chat widget (loaded only on user interaction)	Your chat messages with the digital twin	United States
Google LLC	Google Fonts (self-hosted where possible) and limited analytics	Device data, font-request metadata	United States (global)
Qwirl.com	Interactive proposal delivery for keynote engagements	Name, title, organization, proposal interactions	United States / EU
Zapier, Inc.	Integration workflows between Customer.io and Ghost	Email addresses, subscription events	United States

We review this list periodically and will update it when we add, replace, or remove providers. A current list is available at any time by request to privacy@thedigitalspeaker.com.

8. International Data Transfers

Because our service-provider ecosystem is predominantly based in the United States and the European Union, and because we operate from Australia, your personal information will be transferred across borders — including to jurisdictions that may not offer the same level of protection as your country of residence.

To protect your information during these transfers, we rely on one or more of the following safeguards:

For transfers from the European Economic Area, the United Kingdom, or Switzerland: the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Addendum), together with supplementary technical and organizational measures where required by Schrems II.
For transfers to the United States: where the recipient participates in the EU-U.S. Data Privacy Framework or the UK Extension, we rely on its certification as an adequacy mechanism, in addition to Standard Contractual Clauses as a backup.
For transfers from Australia: we take reasonable steps to ensure overseas recipients do not breach the APPs in accordance with APP 8, except where an express exception applies (for example, where you have consented after being informed that APP 8.1 will not apply).

You may request a copy of the safeguards we rely on by emailing privacy@thedigitalspeaker.com.

9. Marketing Communications

We send marketing communications — most notably the Synthetic Minds newsletter — only where we have a lawful basis to do so. For EU and UK recipients, we rely on your explicit, informed opt-in consent. For recipients elsewhere, we may rely on our legitimate interest in marketing our own similar services to people who have engaged with us, in accordance with applicable law including the Spam Act 2003 (Cth).

Every marketing email contains a working one-click unsubscribe link. You can also email privacy@thedigitalspeaker.com to be removed from all marketing lists. Transactional and service emails related to an active engagement (for example, Scorecard delivery, keynote logistics, receipts, and security alerts) are not marketing and will continue regardless.

10. Cookies and Similar Technologies

We use a minimal set of cookies and local-storage items, in three categories:

Strictly necessary: required for the Services to function (for example, maintaining your Scorecard session, remembering your language, and loading report styles conditionally). These cannot be disabled through our consent banner because the Services cannot operate without them.
Analytics: help us understand how the Services are used so we can improve them. Analytics cookies are set only after you accept them in the consent banner (for EU/UK visitors) or continue to use the Services (elsewhere, where permitted by law).
Marketing and attribution: help us measure the effectiveness of our campaigns and partnerships (for example, the ?assoc= tracking parameter used by the Scorecard to attribute an assessment to the event at which you were invited to take it). These cookies are not set for advertising purposes and are not shared with third-party advertising networks.

You can manage your preferences at any time through the consent banner or your browser settings. Disabling non-essential cookies does not prevent you from using the Services.

11. Data Retention

We retain personal information only as long as necessary for the purposes for which it was collected and as required by applicable law (including Australian tax and record-keeping laws, which generally require financial records to be kept for 7 years).

When personal information is no longer required, we take reasonable steps to destroy it or de-identify it. We may retain:

backup copies for a limited period in accordance with our disaster-recovery policy;
de-identified aggregate data (from which no individual can reasonably be identified), indefinitely, for research, benchmarking, and product improvement;
records required to defend against or bring a legal claim, for the duration of the relevant limitation period.

12. How We Protect Your Information

We take the security of your information seriously. Technical and organizational measures in place include: encryption in transit (TLS 1.2 or higher) on all connections; encryption at rest on our databases and object storage; hardened role-based access controls; multi-factor authentication on administrative accounts; principle-of-least-privilege access to production systems; segregation of production and test environments; strict secret management; logging and monitoring of administrative activity; and regular review of third-party sub-processor security practices.

No system is perfectly secure. While we take reasonable steps to protect your information, we cannot guarantee that it will never be subject to unauthorized access or disclosure. If you believe your account has been compromised, please contact privacy@thedigitalspeaker.com immediately.

13. Data-Breach Notification

If a data breach occurs that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988 (Cth). Where the breach involves personal data of individuals in the European Economic Area or the United Kingdom, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Articles 33 and 34 of the GDPR. Where notification to affected individuals is required, it will include, at a minimum: a description of the breach, the kinds of information involved, the steps we are taking, and the steps you can take to mitigate risk.

14. Your Rights

Depending on where you live, you may have the following rights in respect of the personal information we hold about you.

14.1 Rights Under the GDPR (EU/UK Residents)

Access: to obtain confirmation that we process your personal data and a copy of it.
Rectification: to have inaccurate or incomplete personal data corrected or completed.
Erasure (“right to be forgotten”): to have your personal data deleted where one of the grounds in Article 17 applies.
Restriction of processing: to have our processing restricted in the circumstances set out in Article 18.
Data portability: to receive a copy of the personal data you have provided us in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller.
Objection: to object to processing based on our legitimate interests (including profiling) and to direct marketing at any time.
Withdrawal of consent: where we rely on your consent, to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
Lodging a complaint: with the supervisory authority in your country of residence (see clause 17).

14.2 Rights Under the Australian Privacy Principles

Access: to request access to the personal information we hold about you under APP 12.
Correction: to request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading under APP 13.
Opt-out of direct marketing: to request that we stop sending you direct marketing communications under APP 7.
Anonymity or pseudonymity: to deal with us anonymously or using a pseudonym where it is lawful and practicable to do so under APP 2 (subject to the inherent requirements of each Service).
Complaints: to lodge a complaint with the OAIC (see clause 17).

14.3 How to Exercise Your Rights

To exercise any of these rights, email us at privacy@thedigitalspeaker.com. We will respond within 30 days (or as soon as reasonably practicable under the APPs). We may ask you to verify your identity before actioning a request. You may authorize an agent to act on your behalf; we will require appropriate evidence of their authority. We will not charge you a fee to exercise your rights unless your request is manifestly unfounded or excessive, in which case we will tell you what the fee is and why before we proceed.

15. Intelligence Age Scorecard Account Deletion

You can close your Scorecard account and delete your personal information at any time. To do so:

log into your Scorecard dashboard and use the self-service “Delete my account” option; or
email privacy@thedigitalspeaker.com from the address associated with your account, asking us to delete your account.

On receipt of a valid request, we will:

disable access to your account immediately;
delete your Scorecard responses, generated report, account profile, and associated personal information from our active systems typically within 30 days;
remove personal information from backup copies as they cycle out in the ordinary course (typically within 90 days);
retain only the minimum information required by law (for example, Stripe transaction records for Australian tax purposes);
retain de-identified, aggregated benchmark data that cannot be linked back to you.

We will confirm completion of the deletion by email. If we are unable to complete a deletion request for legal reasons, we will explain why.

16. Children’s Privacy

The Services are designed for executive and professional audiences. They are not directed at children under the age of 16 (or any higher age of digital consent applicable in your country, such as age 13 in parts of the United States), and we do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact privacy@thedigitalspeaker.com and we will take appropriate steps to delete it. We will also comply with the forthcoming Children’s Online Privacy Code in Australia once it takes effect.

17. Complaints

If you have a concern about how we have handled your personal information, please contact us first at privacy@thedigitalspeaker.com. We take all concerns seriously and will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the regulator that supervises us:

Australia

Office of the Australian Information Commissioner (OAIC)

Website: oaic.gov.au

Telephone: 1300 363 992 (within Australia)

Post: GPO Box 5218, Sydney NSW 2001

European Union

You may lodge a complaint with the data-protection authority of the EU Member State in which you live, work, or in which the alleged infringement occurred. A list of EU supervisory authorities is available at edpb.europa.eu.

United Kingdom

Information Commissioner’s Office (ICO)

Website: ico.org.uk

Telephone: 0303 123 1113

18. Changes to This Policy

We may amend this Policy from time to time to reflect changes in our practices, the Services, or applicable law. The current version is always available at thedigitalspeaker.com/privacy/. Material changes will be notified by updating the Effective Date above and, where appropriate, by direct notice to active account holders. Please review this Policy periodically.

19. Contact

Futurity Ventures Pty Ltd

trading as The Digital Speaker

Sydney, New South Wales, Australia

ACN 422 409 835 · ABN 89 422 409 835

Privacy: privacy@thedigitalspeaker.com

General: enquiries@thedigitalspeaker.com

Web: thedigitalspeaker.com

This Policy was last updated on 17 April 2026 and supersedes all prior versions.

Privacy Statement