This policy is written to explain our actual business model: cyber security services, academy training, attack surface monitoring and reporting workflows. It should still be reviewed by a solicitor before publication.
Scope
OziCyber Pty Ltd provides cyber security consulting, penetration testing, incident response, governance and compliance services, cyber security training, and security software solutions including OziCyber Training Academy, OziCyber Recon ASM and OziCyber MainFrame.
This Privacy Policy explains how we collect, use, store, protect and disclose personal information when you use our website, contact us, engage our services, enrol in training, or use one of our solutions. We aim to handle personal information in line with the Privacy Act 1988 (Cth), the Australian Privacy Principles and, where applicable, the Notifiable Data Breaches scheme.
Information we collect
The information we collect depends on how you interact with us. It may include:
- Contact details such as your name, role, organisation, email address, phone number and business address.
- Enquiry, sales and support information, including messages, meeting notes, proposal requests, ticket history and billing details.
- Training Academy information, including enrolment details, attendance, assessment progress, course communications, certification status and learning support records.
- Recon ASM information, including authorised domains, IP ranges, asset metadata, exposed services, scan results, risk findings, screenshots, headers, DNS records and related attack surface observations.
- MainFrame information, including user accounts, client/project details, uploaded evidence, assessment notes, report drafts, final reports, remediation tracking data and related workflow metadata.
- Consulting and testing information, including information about your systems, applications, cloud environments, security controls, vulnerabilities, logs, evidence files and remediation status.
- Website and technical information, such as IP address, device and browser information, pages viewed, referring pages, approximate location, cookies and analytics events.
- Payment and transaction records. Where card payments are used, card details are handled by our payment provider rather than stored directly by OziCyber.
How our solutions store and use data
Each OziCyber solution has a different data profile. We use this information to provide the service, secure the environment, support users, maintain records and improve reliability.
OziCyber Training Academy
We store learner, enrolment, attendance, progress, assessment and certification information so we can deliver the bootcamp, manage student support, confirm completion and improve course quality.
OziCyber Recon ASM
Recon ASM stores authorised attack surface data supplied by clients or discovered during agreed scanning activities, including domains, IP addresses, exposed services, evidence and risk ratings.
OziCyber MainFrame
MainFrame stores client reporting and delivery data, including project records, assessment evidence, findings, report content, remediation tracking and user activity required to manage cyber security engagements.
How we use information
We use personal information and client data to respond to enquiries, prepare proposals, deliver cyber security services, operate Training Academy, Recon ASM and MainFrame, manage user accounts and support requests, process invoices and subscriptions, send service updates, monitor platform performance, prevent misuse, investigate security events, and meet legal, regulatory, contractual, insurance, audit and record-keeping obligations.
Storage, security and retention
We use technical, administrative and physical safeguards designed to protect information from misuse, interference, loss, unauthorised access, modification or disclosure. These may include access controls, multi-factor authentication, encryption in transit, encryption at rest where appropriate, logging, monitoring, least-privilege access, secure development practices, vulnerability management and supplier due diligence.
We retain information for as long as reasonably required for the purpose it was collected, to provide services and support, to meet legal and accounting obligations, to preserve security and audit records, and to resolve disputes. Where information is no longer required, we will take reasonable steps to delete, de-identify or securely archive it.
Access, correction and complaints
You may request access to personal information we hold about you, or ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading. We may need to verify your identity before responding. In some circumstances we may refuse a request where permitted by law, but we will explain why.
If you have a privacy question, complaint, access request or correction request, contact us at info@ozicyber.com.au. If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.
Notifiable Data Breaches and changes
If we become aware of a data breach involving personal information, we will assess the incident and, where required under the Notifiable Data Breaches scheme, notify affected individuals and the Office of the Australian Information Commissioner.
We may update this Privacy Policy as our services, solutions, legal obligations or business practices change. The updated version will be posted on this page with a new last updated date.
