What makes HoTF different?

We're the agency behind the people. Not a posting service. Not a viral hacks team. We don't chase trends. One team sets your strategy, shapes your message, and runs your content engine at a premium standard. You stay the face. We bring the taste, direction, and execution.

Being great at what you do isn't enough anymore. Attention is earned digitally. Authority is reinforced publicly. The founders growing fastest aren't the loudest. They're the ones whose reputation is doing work for them before the first conversation starts.

Ambitious founders and high-potential creators. Usually with real credibility offline and a presence online that doesn't match it yet. You want your presence to feel like a natural extension of the business you've already built. Clear, premium, consistent. Without it becoming another full-time job.

Foundations don't need months. They need focus. The Blueprint sets the system up for the year. Standards, positioning, origin story, avatars, mission, authority narrative, and the content plan that flows from it. One focused week. You leave with the full map, not a half-built strategy.

Why a system, not a freelancer?

Consistency is what turns a personal brand into an asset. Not talent. Not motivation. Not taste alone. A system. The Reputation Accelerator is a repeatable engine built for the reality of running a business at the same time. It runs in your busy week the same way it runs in your quiet one. That's what compounds.

← Back to home

Privacy Policy

Effective date: 25 April 2026 · Last updated: 25 April 2026 · Version: 1.0

1. Introduction

By Blake Ryan (ABN 31 340 958 405) (“we”, “us”, “our”) operates the website and client portal located at clients.thehotf.com (the “Portal”) and provides personal branding, content production, and reputation management services (the “Services”).

This Privacy Policy explains how we collect, use, store, share, secure, and dispose of personal information and platform data, including data accessed through third-party APIs such as LinkedIn, Instagram (Meta), Google, and others. It applies to all visitors, prospects, clients, authorised users of client accounts, podcast guests, contractors, and anyone whose data is processed through our Services.

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR) and UK GDPR where applicable, the California Consumer Privacy Act (CCPA/CPRA) where applicable, and the platform-specific terms of every API we integrate with (including but not limited to the LinkedIn API Terms of Use, Meta Platform Terms, and Google API Services User Data Policy).

2. Who we are (Data Controller)

Entity: By Blake Ryan
ABN: 31 340 958 405
Registered address: 1 Chatterly Court, Frankston, Victoria 3199
Privacy contact: Blake Ryan
Email for all privacy and data requests: privacy@thehotf.com

For data we process on behalf of clients (e.g. their LinkedIn analytics, Instagram metrics, meeting transcripts), we act as a Data Processor with the client as Data Controller. For data we collect directly (e.g. website visitor analytics, billing records, prospect enquiries), we act as Data Controller.

3. Scope

This policy covers:

Website visitors to clients.thehotf.com (cookies, analytics, contact forms).
Prospects and leads who book discovery calls or submit enquiries.
Clients and authorised users who log in to the Portal.
Connected platform data retrieved via OAuth from LinkedIn, Meta (Instagram and Facebook), Google (Gmail, Calendar, Drive, YouTube, Analytics), Stripe, Fathom, and any other integration the client elects to connect.
Podcast guests, contractors, and third parties whose information passes through our systems.

4. Data map, what we collect and why

The following table is a full register of data categories we process. We collect only what is necessary to deliver the Services (data minimisation).

Source / Surface	Data categories	Purpose	Legal basis (GDPR)
Website visitors	IP address, device and browser metadata, pages viewed, referrer, cookie identifiers, Google Analytics 4 events	Operate, secure, and improve the website; aggregated traffic analysis	Legitimate interests; consent for non-essential cookies
Contact and enquiry forms	Name, email, phone, business name, message content, submitted attachments	Respond to enquiries; qualify leads; book discovery calls	Pre-contractual steps; consent
Account and Portal access	Name, email, password hash (never plaintext), role, login timestamps, session tokens, IP address	Authenticate users; provide the Portal; audit access	Performance of contract
Billing and payments (Stripe)	Billing name, billing address, invoice history, transaction IDs, last four digits of card, subscription status. We never see, store, or transmit full card numbers, these are tokenised by Stripe.	Process payments; issue invoices and receipts; tax and accounting compliance	Performance of contract; legal obligation
LinkedIn (Community Management API)	See Section 5 for the full LinkedIn data map	Provide post-level analytics, scheduling, reporting, and content management for the authorising member	Performance of contract; consent
Instagram and Facebook (Meta Graph API)	Account ID, username, profile picture URL, media items (posts, reels, stories) including captions and media URLs, comments, likes, reach, impressions, follower counts, audience demographics	Content scheduling, publishing, analytics and reporting for the connected account	Performance of contract; consent
Google Workspace integrations	Email metadata and content (only as needed), calendar events, files explicitly shared, YouTube video metrics, GA4 reports, scoped to the minimum OAuth scopes required	Operational workflows the client has specifically authorised	Performance of contract; consent
Fathom (meeting notes)	Meeting recordings, transcripts, AI summaries, attendee names and emails, meeting timestamps	Capture client and internal meeting context; populate CRM and content workflows	Legitimate interests; consent of all attendees
Notion (workspace and CRM)	Client records, deliverables, content briefs, meeting notes, internal task data	Internal operations and service delivery	Performance of contract; legitimate interests
AI processors (e.g. OpenAI, Anthropic)	Content drafts, transcripts, prompts, and outputs derived from the above data	AI-assisted drafting, summarisation, analytics, and content production	Performance of contract; legitimate interests
Podcast guests and contributors	Name, headshot, bio, social handles, recorded audio and video, written contributions	Produce and publish podcast episodes and derivative content	Consent (signed release); legitimate interests

We do not intentionally collect special category (sensitive) personal data such as health, racial, religious, biometric, or sexual orientation information. If such data is incidentally captured (for example, in a meeting transcript), we will treat it under the strictest handling controls and delete on request.

5. LinkedIn Member Data, specific disclosures

5.1 Data Categorisation

When a LinkedIn member or company page admin authorises our application via OAuth 2.0, we may access and process the following categories of LinkedIn Member Data:

Profile Data: member name, headline, profile URL, profile picture URL, vanity name, member ID (URN).
Content Data: post text, post URN, image and video URLs attached to posts, document URLs, post timestamps, post visibility settings.
Engagement Data: likes, comments, shares, reactions, impressions, click-through metrics, video views, video completion rates.
Organisational Data (where applicable): company page identifier, follower counts, page-level analytics, visitor demographics (provided in aggregated and anonymised form by LinkedIn).

We do not collect or store: LinkedIn passwords, private messages, connection lists beyond what is required for the authorised feature, or any data outside the scope of the OAuth permissions the member has explicitly granted.

5.2 Purpose Limitation

LinkedIn Member Data is used solelyto provide the authorising user with post-level and account-level analytics and reporting, content performance insights and trend reporting, and internal record-keeping for the user’s engagement with us.

We do not: sell, rent, lease, or licence LinkedIn Member Data; engage in data brokering; use it for advertising targeting; combine it with other sources for resale; use it to train general-purpose AI models; or provide it to any data aggregator except sub-processors strictly necessary to deliver the Service.

5.3 Data Retention and Deletion (LinkedIn)

Operational retention: Maximum 24 months for historical analytics, after which it is deleted or fully anonymised.
On disconnection: All stored LinkedIn Member Data is deleted within 30 days of revocation.
Right to be forgotten: Verified deletion requests are actioned within 7 business days. Email privacy@thehotf.com.

5.4 Technical Security (LinkedIn Member Data)

OAuth 2.0, we never store LinkedIn passwords.
Encryption in transit: TLS 1.2+. Encryption at rest: AES-256.
Access restricted on least-privilege basis with audit logs.
Breach response: reported to LinkedIn and affected users per applicable law (72 hours for GDPR).

5.5 Third-Party Data Processing (LinkedIn)

LinkedIn Member Data is retrieved exclusively via LinkedIn’s official APIs. We do not scrape LinkedIn, use unofficial endpoints, or purchase LinkedIn data from any third party.

6. How we use your information (purpose limitation)

We use the data described above to:

Provide, operate, and maintain the Portal and Services.
Authenticate users and secure accounts.
Deliver content production, scheduling, analytics, and reporting workflows the client has engaged us for.
Communicate with prospects, clients, and contractors about the Services.
Issue invoices, process payments, and meet tax and accounting obligations.
Improve and develop the Services in aggregate (using anonymised or de-identified data where possible).
Comply with legal obligations and respond to lawful requests by public authorities.

We will not use personal information for any materially different purpose without first obtaining consent or providing notice as required by law.

7. Sharing and sub-processors

We do not sell personal information. We share data only with:

Sub-processors who provide infrastructure or tools we rely on to deliver the Services, including: cloud hosting (AWS, Cloudflare, Vercel), database and auth providers (Supabase, Auth0), payment processors (Stripe), email and communications (Google Workspace, Postmark), AI processors (OpenAI, Anthropic), CRM (Notion), meeting capture (Fathom), analytics (Google Analytics 4).
The client whose account the data belongs to.
Professional advisers (legal, accounting, insurance) under confidentiality.
Authorities and courts where required by law.
A successor entity in the event of a merger, acquisition, or sale of assets.

A current list of sub-processors is available on request from privacy@thehotf.com.

8. International data transfers

We are based in Australia. Some sub-processors store or process data in the United States, the EU, the UK, and other jurisdictions. We rely on Standard Contractual Clauses (SCCs), adequacy decisions, and vendor commitments to comparable security standards.

9. Data retention and deletion (general)

Data category	Retention period
Website analytics (GA4)	14 months (default)
Prospect / lead enquiry data	24 months from last contact, then deleted
Active client records	Duration of engagement plus 7 years (Australian tax requirement)
Billing and invoicing records	7 years (ATO requirement)
LinkedIn Member Data	Maximum 24 months; deleted within 30 days of disconnection
Instagram / Meta data	Maximum 24 months; deleted within 30 days of disconnection
Google integration data	Deleted within 30 days of disconnection
Meeting transcripts and recordings	24 months from meeting date
Account credentials and session logs	12 months after account closure

10. Security

Encryption at rest: AES-256 for all databases and persistent storage.
Encryption in transit: TLS 1.2 or higher.
OAuth 2.0 for all third-party integrations, we never store platform passwords.
Role-based access, MFA for admin accounts, audit logging.
Sub-processors vetted for SOC 2, ISO 27001, or equivalent.
Encrypted backups with defined retention and recovery procedures.
Breach response: Notifiable Data Breaches reported to the OAIC and affected individuals as soon as practicable. GDPR-covered breaches reported within 72 hours.

No system can be guaranteed 100% secure. We do not warrant absolute security and you provide your information at your own risk to the extent permitted by law.

11. Automated decision-making and AI processing

We use AI tools (including large language models from OpenAI and Anthropic) to process and summarise meeting transcripts, draft and refine content, generate analytics insights, and suggest optimal posting times or content formats.

These automated processes do not produce legal effects concerning you. All material outputs are reviewed by a human before external publication. We do not use AI for credit, employment, or similarly significant decisions.

LinkedIn Member Data, Instagram Member Data, and Google user data are not used to train any general-purpose AI model.

If you would prefer your data not be processed by AI tools, contact privacy@thehotf.com.

12. Cookies and similar technologies

Strictly necessary cookies: session management, security, authentication. Cannot be disabled.
Analytics cookies: Google Analytics 4. Set only with consent where required.
Functional cookies: to remember user preferences.

You can manage cookies via our cookie banner (where shown) or through your browser settings.

13. Your rights

Depending on your location, you may have the right to:

Access a copy of the personal data we hold about you.
Correction of inaccurate or incomplete data.
Deletion(“right to be forgotten”), subject to legal retention requirements.
Restriction or objection to certain processing.
Portability, receive your data in a structured, machine-readable format.
Withdraw consent at any time.
Lodge a complaint with a supervisory authority , in Australia, the OAIC; in the EU, your local DPA; in the UK, the ICO.

California residents have additional rights under the CCPA/CPRA. We do not sell or share personal information as defined under the CCPA.

14. Contact for data requests

Privacy Contact: Blake Ryan

Entity: By Blake Ryan

Email: privacy@thehotf.com

Postal: 1 Chatterly Court, Frankston, Victoria 3199

Response time: Acknowledged within 5 business days; substantive response within 30 days.

15. Children

The Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@thehotf.com and we will delete it.

16. Limitation of liability and disclaimers

To the fullest extent permitted by law, and except for liability that cannot be excluded under the Australian Consumer Law or any other non-excludable statutory right:

The Services and Portal are provided “as is” and “as available”.
We are not liable for loss or damage from unauthorised access resulting from events beyond our reasonable control.
Aggregate liability is limited to fees paid in the 12 months preceding the claim, or AUD $100, whichever is greater.
We are not liable for indirect, consequential, special, or punitive damages.
We are not responsible for acts, omissions, or policy changes of third-party platforms.

17. Indemnity

You agree to indemnify and hold harmless By Blake Ryan from any claim arising out of your breach of this policy, data you upload without legal authority, or your misuse of outputs delivered through the Services.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified to active users at least 30 days before they take effect. Continued use of the Services after the effective date constitutes acceptance.

19. Governing law and jurisdiction

This Privacy Policy is governed by the laws of Victoria, Australia. Disputes are subject to the exclusive jurisdiction of the courts of Victoria, save that nothing prevents you from exercising statutory rights in your country of residence.