Privacy Policy

Effective Date: 11 March 2026

Man of Many Pty Ltd (ABN 73 163 331 280) (“us”, “we”, or “our”) operates the manofmany.com website, associated mobile applications, newsletters, membership services and related digital products (collectively, the “Services”).

We are bound by the Australian Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”). Where we collect personal information from individuals located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), we also comply with applicable obligations under the General Data Protection Regulation (“GDPR”) and the UK GDPR.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our Services. Unless otherwise defined below, terms used in this Privacy Policy have the same meanings as in our Terms & Conditions.

Definitions

Service – The manofmany.com website and related digital products operated by Man of Many Pty Ltd.
Personal Data – Data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). This may include identifying details such as name, email address, or any other data that can be used to identify you.
Usage Data – Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies – Small files stored on your device (computer or mobile device).
Data Controller – A natural or legal person who (alone, jointly with others, or in common with others) determines the purposes for which and the manner in which any personal information is, or is to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.
Data Processor (or Service Provider) – Any natural or legal person who processes data on behalf of the Data Controller. We may use the services of various Service Providers to process your data more effectively.
Data Subject (or User) – Any living individual who is using our Service and is the subject of Personal Data.
Automated Decision-Making (AI) – Any automated processing of personal data that uses machine learning or algorithms to make decisions or recommendations without human intervention, such as personalisation or automated content moderation.
Doxxing – The malicious posting or sharing of another person’s personal or identifying information with the intention to harass, threaten, or otherwise harm them.

Information We Collect

Information You Provide Directly

We collect personal information that you voluntarily provide when you:

Create a membership account – email address, display name, password (encrypted), membership tier selection, referral source
Subscribe to our newsletter – email address, name, content preferences, subscription date
Submit comments or user-generated content – display name, email address, comment text, IP address
Contact us – name, email address, subject matter and content of your communication
Participate in surveys or competitions – responses, contact details, demographic information (age range, location, interests)
Engage with branded content or promotions – contact details and any information you provide through partner campaigns

We may use your Personal Data to contact you with newsletters, marketing or promotional materials, or other information that may be of interest to you. You can opt out of receiving such communications at any time by following the unsubscribe link in any email, or by contacting us directly.

When you create an account or sign in, we may collect additional Personal Data to set up your user profile. This can include:

A username and password (stored in encrypted form)
Postcode, job type, job level, or salary range, if you choose to provide them
Any content, comments, posts, or items you save or upload to your profile

Providing optional data like salary range or job details helps us personalise content and provide more relevant recommendations. You remain free to omit or edit these fields at any time, and they will only be used to enhance your experience or compile de-identified/aggregated statistics.

Sensitive Information

We do not knowingly collect any sensitive information (e.g. racial/ethnic data, health data) under Australian law. If you believe you have provided us with sensitive data, please contact us so we can delete or otherwise appropriately protect it.

Browser Notifications

If you see pop-up notifications from our website in Chrome or Safari, you can remove them by adjusting your browser’s notification settings. Further instructions for managing notifications can be found here for Chrome and here for Safari.

Information Collected Automatically

When you access our Services, we automatically collect:

Device and browser information – device type, operating system, browser type and version, screen resolution, language settings
Usage data – pages visited, articles read, time spent on pages, scroll depth, click patterns, search queries within our site, referring URLs, exit pages
Network information – IP address (used for approximate geolocation at city/state level, then anonymised), internet service provider
Cookie and tracking data – unique identifiers set by cookies, pixels, and similar technologies (see Cookies and Tracking Technologies section for full details)

Information from Third Parties

We may receive information about you from:

Advertising partners – hashed or pseudonymised identifiers used for audience matching and ad measurement (e.g., ID5 universal identifiers)
Analytics providers – aggregated demographic and interest data from Google Analytics 4
Payment processors – transaction confirmation and payment status from Stripe (we never receive or store your full credit card number)
Social media platforms – publicly available profile information when you interact with our social media content or log in via a social platform

Location Data

With your permission, we may collect and store location data (e.g. your postcode). You can enable or disable location services at any time in your device settings. If provided, this information helps us tailor the Service to show you relevant local content or events.

How We Use Your Information

Service Delivery and Operations

Providing, maintaining and improving our website and content
Processing and managing your membership account, including billing through Stripe
Delivering newsletters and email communications via Mailchimp
Moderating comments and user-generated content
Responding to your enquiries and support requests
Allowing you to participate in interactive features (e.g. commenting, saving posts)

Personalisation and Content Recommendations

Recommending articles and content based on your reading history and stated interests
Customising newsletter content to match your preferences
Tailoring the frequency and type of communications you receive

Analytics and Performance

Understanding how our audience engages with our content to inform editorial decisions
Measuring website performance, traffic patterns and content effectiveness
Conducting audience research and analysis (using aggregated, de-identified data)
A/B testing of site features, layouts and content presentation

Advertising and Commercial Operations

Serving relevant advertising through Google Ad Manager and programmatic demand partners
Measuring advertising campaign performance for our commercial clients
Building first-party audience segments based on content consumption patterns (e.g., “watches enthusiasts”, “fitness readers”) for contextual ad targeting
Facilitating data matching with advertising partners using hashed, pseudonymised identifiers – never plain-text personal information

Security and Fraud Prevention

Detecting and preventing fraudulent activity, spam and abuse
Protecting against misuse or potential doxxing, and ensuring the safety of our users
Protecting the security and integrity of our Services
Enforcing our Terms and Conditions

Legal Compliance

Complying with applicable laws, regulations, legal processes or governmental requests
Establishing, exercising or defending legal claims

We rely on various legal grounds to process your Personal Data, such as performance of a contract, user consent, and legitimate interests, in accordance with the Australian Privacy Act and relevant regulations.

Artificial Intelligence and Automated Decision-Making

We use AI and automated tools in the following ways:

Content recommendations – algorithms analyse reading patterns to suggest relevant articles. These recommendations do not have a significant legal or personal impact on you.
Comment moderation – automated systems flag potentially harmful content for human review. You may request human review of any automated moderation decision by contacting us at [email protected]
Editorial assistance – AI tools (such as Claude, Gemini and ChatGPT) are used to assist with research, fact-checking and editing workflows. AI-generated text is never published as original journalism without human review, editing and verification. Our full Responsible AI Usage & Ethics Policy is published separately.
Internal analytics – AI-powered tools help us analyse audience trends, business performance and operational data. This processing uses aggregated or de-identified data wherever possible.

We do not use automated decision-making that produces legal effects or similarly significant effects on individuals without human oversight.

No Doxxing Policy

We are committed to preventing the malicious publication of private personal information (“doxxing”). Under the Criminal Code Amendment (Prohibition of Doxxing) Act 2024 (Cth), the malicious release of personal data is a criminal offence in Australia. We prohibit users of our Services from posting another person’s private information without consent, and we will cooperate with law enforcement in investigating any doxxing incidents.

If you encounter doxxing or feel your personal data has been misused in this manner, please notify us at the contact details below, and we will take prompt action to investigate and remove infringing content.

Advertising & Data Matching

We may partner with advertising and analytics providers (e.g. ID5) for the purpose of delivering relevant ads or aggregated audience insights. Where permitted, we may share a hashed or coded identifier (e.g. hashed email) with these partners so they can recognise you across different sites in a privacy-respecting way. This helps us:

Avoid showing you repetitive ads
Show ads more aligned with your interests
Increase our ad revenue, which supports our free content

We treat hashed identifiers with the same care as direct personal information. Our partners are contractually bound to protect data and use it only for agreed purposes.

Our current programmatic demand partners include: Google Ad Exchange, Google AdSense, Magnite (Rubicon), Teads, OpenX, Media.net, Microsoft/Xandr (AppNexus) and GumGum. A complete and current list is maintained in our ads.txt file.

You can opt out of data matching or targeted advertising at any time by contacting us or adjusting your cookie preferences. You will still see ads, but they may be less personalised.

If you are located in the EEA or UK, we process your personal data on the following legal bases under the GDPR:

Account creation and membership services – Performance of a contract (Art. 6(1)(b))
Newsletter delivery – Consent (Art. 6(1)(a))
Essential cookies and site functionality – Legitimate interest (Art. 6(1)(f))
Analytics and performance measurement – Consent (Art. 6(1)(a)) via our Consent Management Platform
Advertising and ad personalisation – Consent (Art. 6(1)(a)) via our Consent Management Platform
Comment moderation and content integrity – Legitimate interest (Art. 6(1)(f))
Security and fraud prevention – Legitimate interest (Art. 6(1)(f))
Legal compliance and regulatory obligations – Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interest, we have conducted a balancing assessment to ensure our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting us.

We do not sell your personal information. We share personal information only in the following circumstances:

Service Providers and Processors

We engage trusted third-party service providers who process personal information on our behalf, subject to contractual obligations to protect your data and use it only as we instruct. These include:

Cloud hosting and database (Supabase, Vercel) – account data, usage data for infrastructure and data storage
Email marketing (Mailchimp/Intuit) – email, name, preferences, engagement for newsletter delivery and analytics
Payment processing (Stripe) – email, payment metadata (no card numbers) for membership billing
Web analytics (Google Analytics 4) – pseudonymised usage data, device info for audience measurement
Content management (WordPress, self-hosted) – content, comments, user accounts for website operation
Customer support (Google Workspace) – email correspondence for communication

These third parties only access Personal Data to perform tasks on our behalf and are contractually obligated not to disclose or use it for other purposes.

Business Transfers

If Man of Many Pty Ltd is involved in a merger, acquisition, asset sale, restructuring or insolvency proceeding, your personal information may be transferred as part of that transaction. We will notify you before your personal information becomes subject to a different privacy policy.

Legal and Safety Disclosures

We may disclose personal information where we reasonably believe disclosure is necessary to:

Comply with a legal obligation, court order, subpoena or government request
Protect the rights, property or safety of Man of Many, our users or the public
Detect, prevent or address fraud, security or technical issues
Enforce our Terms and Conditions

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Membership account data – duration of membership + 2 years after cancellation (contractual and legal/tax obligations)
Newsletter subscriber data – until you unsubscribe + 30 days (grace period for resubscription)
Comment and user-generated content – indefinite (published content) or until deletion requested
Payment records – 7 years from transaction date (Australian tax law)
Analytics data (GA4) – 14 months (Google default retention)
Server logs and IP addresses – 90 days (security and fraud prevention)
Cookie data – varies by cookie (see Cookies section)
Correspondence and enquiries – 2 years from last contact
Job applicant data – 12 months from application date

When retention periods expire, we securely delete or irreversibly anonymise the data.

International Data Transfers

Man of Many is based in Australia. Your personal information may be transferred to, and processed in, countries other than your country of residence, including the United States, where many of our service providers are based (Supabase, Stripe, Mailchimp, Google, Vercel).

For transfers from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions where applicable, and Binding Corporate Rules of our service providers where available.

For transfers from Australia, we take reasonable steps to ensure overseas recipients handle your personal information consistently with the APPs, in accordance with APP 8.

Data Security

We implement reasonable and appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse or alteration. These measures include:

Encryption – data in transit protected by TLS 1.2+ (HTTPS); sensitive data at rest encrypted using AES-256
Access controls – role-based access with principle of least privilege; multi-factor authentication required for all administrative systems
Password security – user passwords are salted and hashed using bcrypt; we never store passwords in plain text
Payment security – PCI DSS compliant through Stripe; we never receive, process or store credit card numbers on our systems
Infrastructure – hosted on Supabase (SOC 2 Type II certified) and Vercel with automated security patching
Monitoring – continuous monitoring for suspicious activity, with incident response procedures in place
Staff training – mandatory privacy and security awareness training for all employees and contractors

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. We continuously assess and update our security practices to reduce risks of data breach.

Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will:

Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and no later than 30 days after becoming aware of the breach, in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act
Notify affected individuals as soon as practicable
For EEA/UK residents, notify the relevant supervisory authority within 72 hours where required by the GDPR

Cookies and Tracking Technologies

What Are Cookies?

Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognise you and make your next visit easier and the Service more useful to you. We also use similar technologies including pixels, web beacons and local storage.

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

How We Use Cookies

We use cookies for the following purposes:

To enable certain functions of the Service
To provide analytics
To enable advertisement delivery, including behavioural advertising

We classify cookies into four categories:

Essential Cookies (Always Active)

These are strictly necessary for our website to function. They cannot be disabled.

wordpress_sec_* (Man of Many) – WordPress authentication – Session
PHPSESSID (Man of Many) – Server session management – Session
cmp_consent (Man of Many) – Stores your cookie consent preferences – 12 months

Analytics Cookies (Require Consent)

These help us understand how visitors interact with our website.

_ga (Google Analytics) – Distinguishes unique users – 2 years
_ga_* (Google Analytics) – Maintains session state – 2 years
_gid (Google Analytics) – Distinguishes unique users – 24 hours
_gat (Google Analytics) – Throttles request rate – 1 minute

Advertising Cookies (Require Consent)

These are used to deliver relevant advertising and measure ad campaign performance.

__gads (Google Ad Manager) – Ad serving and frequency capping – 13 months
__gpi (Google Ad Manager) – Ad personalisation – 13 months
IDE (Google/DoubleClick) – Ad targeting and measurement – 13 months
MUID (Microsoft Advertising) – User identification for ads – 13 months
prebid_* (Prebid.js) – Header bidding auction data – Session to 30 days
id5id (ID5) – Universal identifier for ad matching – 90 days

Social Media Cookies (Require Consent)

These are set when you interact with embedded social media content.

_fbp (Meta/Facebook) – Page interaction tracking – 90 days
fr (Meta/Facebook) – Ad delivery and measurement – 90 days
VISITOR_INFO1_LIVE (YouTube/Google) – Video player preferences – 6 months
YSC (YouTube/Google) – Video view tracking – Session

We implement Google Consent Mode v2, which communicates your consent choices to Google services. The following consent signals are managed:

ad_storage – controls advertising cookies
analytics_storage – controls analytics cookies
ad_user_data – controls sending user data for advertising
ad_personalization – controls ad personalisation features

When you decline consent, Google services operate in a privacy-preserving mode using aggregated, cookieless measurement.

For programmatic advertising, we comply with the IAB Europe Transparency and Consent Framework v2.2. Your consent preferences are communicated to all participating advertising vendors through the TCF consent string.

Third-Party Cookies

In addition to our own cookies, we may also use various third parties’ cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and so on. We partner with third parties that collect information across various channels, including offline and online, for purposes of delivering more relevant advertising to you. Our partners may place or recognise a cookie on your computer, device, or directly in our emails/communications, and we may share personal information with them if you have submitted such information to us, such as your name, postal address, email address, or device ID. Our partners may link the non-personal information we share with them to the cookie stored on your browser or device, and they may collect information such as your IP address, browser or operating system type and version, and demographic or inferred-interest information. Our partners use this information to recognise you across different channels and platforms over time for advertising, analytics, attribution, and reporting purposes. For example, our partners may deliver an ad to you in your web browser based on a purchase you made in a physical retail store, or they may send a personalised marketing email to you based on the fact that you visited a particular website.

You can manage your cookie preferences at any time by:

Clicking “Cookie Settings” in the footer of any page on our website
Adjusting your browser settings to block or delete cookies
Using opt-out mechanisms provided by advertising networks (see Advertising Opt-Out Options)

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Please note that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, and some of our pages might not display properly.

Chrome: https://support.google.com/accounts/answer/32050
Internet Explorer: http://support.microsoft.com/kb/278835
Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
Safari: https://support.apple.com/en-au/guide/safari/sfri11471/mac

Where Can You Find More Information About Cookies?

Your Rights

Rights Under Australian Privacy Law

Under the Privacy Act, you have the right to:

Access your personal information held by us
Request correction of inaccurate, incomplete, out-of-date or misleading personal information
Complain about a breach of the APPs

Under the GDPR and UK GDPR, you also have the right to:

Erasure (“right to be forgotten”) – request deletion of your personal data in certain circumstances
Restriction – request that we restrict processing of your personal data
Portability – receive your personal data in a structured, commonly used, machine-readable format
Object – object to processing based on legitimate interest, including profiling
Withdraw consent – where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing
Automated decision-making – not be subject to decisions based solely on automated processing that produce legal or similarly significant effects

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]
Post: Privacy Officer, Man of Many Pty Ltd, Level 3, 69 Reservoir Street, Surry Hills NSW 2010

We will respond to your request within 30 days for requests under Australian law, or one month for requests under GDPR/UK GDPR (extendable by a further two months for complex requests, with notification). We may ask you to verify your identity before processing your request. There is no fee for making a request, unless it is manifestly unfounded or excessive.

Unsubscribing from Communications

You can unsubscribe from our marketing emails at any time by clicking the “unsubscribe” link at the bottom of any email, updating your preferences in your membership account, or contacting us at [email protected]. We will process your request within 5 business days. You may still receive transactional communications related to your membership or account.

Advertising Opt-Out Options

In addition to managing cookies through our Consent Management Platform, you can opt out of personalised advertising through:

Google: adssettings.google.com
Digital Advertising Alliance: aboutads.info/choices
Mobile opt-out: aboutads.info/appchoices
Network Advertising Initiative: optout.networkadvertising.org
European Interactive Digital Advertising Alliance: youronlinechoices.eu
ID5 Universal ID: id5.io/privacy

Opting out of personalised advertising does not mean you will stop seeing advertisements – it means the ads you see may be less relevant to your interests.

Do Not Track Signals

We do not currently support Do Not Track (“DNT”) browser signals. You can enable or disable DNT in your browser settings, but our tracking behaviour will not change in response to a DNT signal. You can manage your tracking preferences through our cookie consent settings instead.

Links to Other Sites

Our Service may contain links to external websites. We do not control and assume no responsibility for their content or privacy policies. We encourage you to read the privacy policy of every website you visit.

Children’s Privacy

Our Service is not intended for anyone under the age of 18 (“Children”). We do not knowingly collect Personal Data from minors. If you believe your child has provided Personal Data, please contact us. We will promptly remove such data.

Changes to This Privacy Policy

We may update our Privacy Policy periodically to reflect changes in our practices, technology, legal requirements or other factors. When we make material changes, we will:

Update the “Effective Date” at the top of this policy
Post a notice on our website for at least 30 days
For material changes that affect your rights, notify you by email (if you have an account or subscription)

We encourage you to review this Privacy Policy periodically for any updates.

Complaints

If you believe we have breached the Australian Privacy Principles or your rights under the GDPR, you may:

1. Contact us first – we will investigate and respond within 30 days.