Skip to content

Legal · Last updated 30 May 2026

Privacy policy.

This policy describes what personal information is collected when you visit or write to Dr Zhitao Xiong via xiongzhitao.me, and how it is handled. It is written to comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth) where applicable.

What is collected

  • If you write to me through the contact form or by email: your name, email address, and the message body. No other contact details are required.
  • If you subscribe to the newsletter: your email address, optionally your first name, and a record of your consent (a timestamp and a hashed version of your IP address).
  • If you request a full report PDF: your email address, optionally your first name, the report you requested, and a record of your consent (a timestamp and a hashed version of your IP address). You also choose whether to receive future notes by ticking a second optional box.
  • If you log in to a reader account if available: your email address and a server-side session identifier. No password is stored; sign-in is by single-use email link.
  • Analytics: Cloudflare Web Analytics records page views in aggregate. It does not use cookies, does not track individuals across sites, and does not require a consent banner. No third-party analytics or advertising scripts run on this site.
  • Cookies: the only cookie this site sets is a single strictly-necessary session cookie, and only if you log in to a reader account. It keeps you signed in and is not used for tracking, analytics, or advertising. Because there are no non-essential cookies, there is nothing to opt in or out of and no cookie-preference banner is shown.

Why it is collected

  • Correspondence: to reply to your message. Messages and email addresses are retained in my Google Workspace inbox for as long as the correspondence remains useful.
  • Newsletter: to send you the issues you have subscribed to receive, and to honour your consent and unsubscribe rights under the Spam Act.
  • Report requests: to send the confirmation email and the report PDF download link, and to retain a record of consent under the Spam Act 2003 (Cth).
  • Analytics: to understand which writing is being read. Aggregate only; no individual reader is identified.

Who else sees your information

Two external services process personal data on behalf of this site:

  • Cloudflare hosts the site, the database, and the file storage at edge locations including Australia. Cloudflare can see request metadata (IP, user agent, requested URL).
  • Resend (United States) delivers transactional and newsletter email. Resend processes recipient email addresses and message content.

No data is shared with any other party. There is no advertising network, no analytics broker, no enrichment service.

Your rights under the Australian Privacy Principles

You may:

  • Request access to the personal information held about you.
  • Request correction if anything is inaccurate.
  • Unsubscribe from the newsletter at any time using the one-click link in every email; this is honoured immediately.
  • Request deletion of your account, your subscriber record, your report-request records, or your past contact correspondence at any time.

All requests reach me at me@xiongzhitao.me. I aim to respond as soon as possible or within 30 days.

Complaints

If you believe your privacy has been breached, write to me@xiongzhitao.me first. If the response is unsatisfactory, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Jurisdiction

This site is operated from Sydney, Australia. Disputes are governed by the law of New South Wales, Australia.

Changes to this policy

I will note any change to this policy here, with a new "last updated" date. Material changes will also be announced in a newsletter issue.