Warren ← Back to report
Warren · Legal

Warren — Privacy Policy

Last updated: 6 July 2026 Effective date: 6 July 2026

Warren is a product of HopX Pty Ltd (ABN 50 683 525 813) ("Warren", "we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, store and protect personal information when you use the Warren website, deal rooms, and related services (the "Service").

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where the EU/UK General Data Protection Regulation (GDPR/UK GDPR) or the California Consumer Privacy Act as amended by the CPRA (together, "CCPA") applies to you, additional rights and disclosures are set out in Sections 12 and 13.

The short version (this box is a summary, not a substitute for the full policy)

  • Warren is neutral ground for two partners to agree a deal, tick off deliverables, and keep a shared record. We collect the minimum we need to run that.
  • We collect your account details, the content you put in deal rooms, your reputation record, and basic usage/analytics data.
  • We don't sell your personal information. We use a small set of trusted providers (hosting, AI, email, payments, analytics) to run the Service.
  • Because Warren is multiplayer, some information you enter is deliberately shared with your deal partner. Sealed records are, by design, a joint record both parties keep.
  • You can access, correct, export or delete your information — see Section 11 (and Sections 12–13 for GDPR/CCPA rights). Contact us any time at hugoc@warrenship.com.

1. Who we are and how to contact us

The entity responsible for your personal information (the data controller for GDPR purposes) is:

HopX Pty Ltd (trading as "Warren") ABN: 50 683 525 813 Privacy contact: hugoc@warrenship.com Registered address: Level 22, Tower 1, 101 Grafton Street, Bondi Junction NSW 2022, Australia

If you have a question, a request about your information, or a complaint, email us at the address above and we'll respond (see Section 14 for our complaints process and timeframes).


2. What Warren does, in privacy terms

Warren is partnership infrastructure. Two people open a shared "room", agree who is doing what, both co-sign the terms, confirm each deliverable as it ships, and walk away with a sealed record they both own. Over time a person builds a portable reputation record from those sealed deals.

This shapes how we handle data in three important ways:


3. Information we collect

We collect the following categories of personal information.

3.1 Information you give us directly

3.2 Information we collect automatically

3.3 Information from third parties

3.4 Sensitive information

Warren is not designed to collect "sensitive information" (as defined in the Privacy Act) or special category data (under the GDPR) — such as health, racial or ethnic origin, political, or biometric data. Please do not enter such information into deal rooms. If you do, you consent to us handling it as described in this policy.

3.5 Children

The Service is not directed to children and is intended for users aged 16 and over (18 in jurisdictions where that is the age of digital consent). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.


4. How we use your information, and our legal bases

We use personal information only for the purposes below. For users protected by the GDPR, the corresponding lawful basis is shown in brackets.

We will not use your personal information for a materially different purpose without telling you and, where required, obtaining your consent.

4.1 A note on marketing

Under APP 7, we will only use your information for direct marketing where you'd reasonably expect it or you've consented, and every marketing message includes an unsubscribe option. You can opt out any time by emailing hugoc@warrenship.com.


5. How we share and disclose information

We do not sell your personal information. We disclose it only as follows.

Where a disclosure would otherwise be a cross-border disclosure of personal information, see Section 9.


6. Reputation records and shared records

Two features deserve specific attention:


7. AI features and automated processing

Warren uses AI models (via a model-agnostic layer that may route to different third-party providers) to:

What you should know:


8. Cookies and analytics

We use cookies and similar technologies to keep you logged in, remember preferences, secure the Service, and understand how it is used (including Google Analytics 4 and event tracking such as CTA and signup-funnel events).

Where required by law (e.g. in the EU/UK), we request your consent for non-essential cookies via a cookie banner, and you can change your choices at any time. You can also control cookies through your browser settings. Blocking some cookies may affect how the Service works.


9. International data transfers

Warren is operated from Australia, and our service providers may process data in Australia, the United States, the European Union, and other countries. This means your personal information may be transferred to, and stored in, a country different from where you live.


10. How long we keep your information

We keep personal information only as long as necessary for the purposes in this policy, then delete or de-identify it. In general:

Category Retention
Account and profile data While your account is active, and up to 12 months after closure (to allow reactivation and handle disputes), then deleted or de-identified.
Deal room content (unsealed) While the room is active; deletable by you at any time, subject to the shared-room nature of the content.
Sealed records Retained as a joint record for both parties while either party maintains an account, because the record's value is that it is durable and mutual. Either party may export their copy.
Reputation record While your account is active; the shareable profile stops sharing when you disable it.
Payment and tax records As required by Australian tax and financial-record law — generally 5–7 years.
Support communications Up to 24 months after the matter is resolved.
Analytics and log data Typically 14–26 months, consistent with our analytics settings, then aggregated or deleted.

Specific periods may vary where a longer period is required by law, or to establish, exercise, or defend legal claims. Full detail is in our Data & Compliance statement.


11. Your choices and rights (all users)

Under the Privacy Act and APPs, you may:

To exercise any of these, email hugoc@warrenship.com. We will verify your identity before acting, respond within a reasonable time (generally 30 days), and won't charge you to make a request (we may charge a reasonable cost for giving access in some cases, and will tell you first).

On shared and sealed records: we will always act on requests about your own personal information. Where information is part of a mutual record with a deal partner (for example a sealed record), we can remove or restrict your personal information and your copy, but we cannot erase the other party's legitimate record of the shared facts. We'll explain what we can and can't do when you ask.


12. Additional rights for EEA/UK users (GDPR)

If you are in the European Economic Area or the United Kingdom, you also have the right to:

Our lawful bases are set out in Section 4. Where we rely on legitimate interests, we've balanced those against your rights; you can ask us for more detail on that assessment.


13. Additional rights for California users (CCPA/CPRA)

If you are a California resident, you have the right to:

We do not sell your personal information, and we do not "share" it for cross-context behavioural advertising as those terms are defined under the CPRA. We will not discriminate against you for exercising your rights. To make a request, email hugoc@warrenship.com; you may use an authorised agent, and we will verify your request before acting.


14. Complaints

If you're concerned about how we've handled your personal information, please contact us first at hugoc@warrenship.com so we can try to resolve it. We'll acknowledge your complaint promptly and aim to resolve it within 30 days.

If you're not satisfied with our response, you can contact:

You should also be aware that Australian law now includes a statutory tort for serious invasion of privacy (in effect from 10 June 2025). Nothing in this policy limits your rights under law.


15. Security

We take reasonable technical and organisational measures to protect personal information, including encryption in transit, access controls, and use of reputable infrastructure providers. Full detail is in our Data & Compliance statement. No system is perfectly secure; if we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC (and other regulators where required) in line with the Notifiable Data Breaches scheme and applicable law.


16. Changes to this policy

We may update this policy from time to time. If we make material changes, we'll update the "Last updated" date and, where appropriate, notify you by email or in-product. Continuing to use the Service after changes take effect means you accept the updated policy.


This document is provided for general information and to describe our practices. It is not legal advice. HopX Pty Ltd should have this policy reviewed by a qualified Australian legal practitioner before publication, and details in square brackets completed.