Privacy Policy

Last updated: 9 December 2025

1. Introduction

Cyberensic ("we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity consulting services, GRC platform, and related services (collectively, the "Services").

As an Australian-owned boutique cybersecurity consultancy, we understand the importance of data protection and privacy. We are committed to handling your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Name, title, and contact information (email address, phone number, mailing address)
  • Business information (company name, job title, department)
  • Account credentials and authentication information
  • Payment and billing information
  • Communication preferences
  • Information provided during consultations, assessments, or service delivery

2.2 Technical Information

When you use our Services, we may automatically collect:

  • IP addresses and device information
  • Browser type and version
  • Operating system information
  • Usage data and analytics
  • Cookies and similar tracking technologies

2.3 Client Data

In the course of providing cybersecurity services, we may process data on behalf of our clients, including security configurations, vulnerability assessments, compliance documentation, and other information necessary for service delivery. This data is processed in accordance with our service agreements and applicable data protection requirements.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and delivering our Services, including cybersecurity consulting, compliance assessments, and GRC platform services
  • Communicating with you about our Services, updates, and support
  • Processing payments and managing billing
  • Improving and optimising our Services
  • Conducting security assessments and audits
  • Complying with legal obligations and regulatory requirements
  • Preventing fraud, abuse, and security threats
  • Sending marketing communications (with your consent where required)
  • Responding to inquiries and providing customer support

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our Services, such as cloud hosting providers, payment processors, and analytics services
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity
  • Legal Requirements: We may disclose information when required by law, court order, or regulatory authority, or to protect our rights, property, or safety
  • With Your Consent: We may share information with your explicit consent or at your direction
  • Professional Advisors: We may share information with our professional advisors (lawyers, accountants) as necessary for business operations

All third parties with whom we share information are required to maintain appropriate security measures and use the information only for the purposes specified.

5. Data Security

As a cybersecurity consultancy, we take data security seriously. We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Employee training on data protection and privacy
  • Compliance with ISO 27001 and other security standards
  • Incident response and breach notification procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider the nature of the information, the purposes for which it was collected, legal and regulatory requirements, and our legitimate business interests.

7. Your Rights and Choices

Under Australian privacy laws, you have certain rights regarding your personal information, including:

  • Access: You have the right to request access to the personal information we hold about you
  • Correction: You may request correction of inaccurate, incomplete, or out-of-date information
  • Deletion: You may request deletion of your personal information, subject to legal and contractual obligations
  • Opt-out: You can opt-out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us directly
  • Complaint: You have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

To exercise these rights, please contact us using the information provided in Section 12 (Contact Us).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve our Services. Cookies are small text files stored on your device. You can control cookie preferences through your browser settings, though disabling cookies may affect the functionality of our Services.

9. International Data Transfers

As an Australian company, we primarily store and process data within Australia. However, some of our service providers may be located outside Australia. When we transfer personal information internationally, we ensure appropriate safeguards are in place to protect your information in accordance with Australian privacy laws.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

Cyberensic

Email: info@cyberensic.com.au

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable privacy laws.

13. Australian Privacy Principles

This Privacy Policy is designed to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). As a cybersecurity consultancy, we are committed to maintaining the highest standards of privacy and data protection in all our operations.