Privly AI

Privacy Policy

Your privacy is fundamental to our mission. Learn how we protect and handle your information.

Last updated: January 2025

Introduction

Privly AI Pty Ltd (ABN 12 345 678 901) ("Privly AI", "we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity platform and services.

This policy applies to all users of our services and is designed to comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth), the General Data Protection Regulation (GDPR), and other applicable privacy laws.

Information We Collect

Personal Information

We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, business address
  • Business Information: Company name, job title, industry, business size
  • Account Information: Username, password (encrypted), security preferences
  • Payment Information: Billing address, payment method details (processed securely by Stripe)
  • Technical Information: IP address, browser type, device information, usage data

Security Monitoring Data

As part of our cybersecurity services, we collect and analyse:

  • Domain registration and DNS information
  • Public social media profiles and business listings
  • Publicly available threat intelligence data
  • Security event logs and incident reports
  • Executive and employee information for protection purposes

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyse platform usage. This includes essential cookies for functionality and analytics cookies to improve our services.

How We Use Your Information

We use your information for the following purposes:

Service Provision

  • Providing cybersecurity monitoring and threat detection services
  • Delivering security alerts and notifications
  • Generating compliance reports and security assessments
  • Maintaining and improving platform functionality

Communication

  • Responding to inquiries and providing customer support
  • Sending service updates and security notifications
  • Providing platform training and onboarding
  • Marketing communications (with your consent)

Legal and Compliance

  • Complying with legal obligations and regulatory requirements
  • Protecting our rights and preventing fraud
  • Responding to law enforcement requests when legally required

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in delivering our services:

  • Cloud Infrastructure: AWS (Australia region) for secure data processing
  • Payment Processing: Stripe for secure payment transactions
  • Email Services: Resend for transactional emails and notifications
  • Analytics: Privacy-focused analytics tools for service improvement

Legal Requirements

We may disclose your information when required by law, court order, or other legal process, or when necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

Data Security and Protection

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • End-to-end encryption for data transmission and storage
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • Secure data centers with 24/7 monitoring
  • Access controls and role-based permissions

Organisational Measures

  • Employee security training and confidentiality agreements
  • Data minimization and retention policies
  • Incident response procedures
  • Regular compliance reviews and assessments

Data Sovereignty

All customer data is processed and stored within Australia, ensuring compliance with local data sovereignty requirements and providing additional protection under Australian privacy laws.

Your Privacy Rights

Under Australian privacy law and GDPR (where applicable), you have the following rights:

Access and Portability

  • Request access to your personal information
  • Receive a copy of your data in a portable format
  • Obtain information about how your data is processed

Correction and Updates

  • Correct inaccurate or incomplete information
  • Update your contact and business details
  • Modify your communication preferences

Deletion and Restriction

  • Request deletion of your personal information (subject to legal requirements)
  • Restrict processing of your data in certain circumstances
  • Object to processing based on legitimate interests

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days as required by law.

Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

  • Account Information: Retained while your account is active and for 7 years after closure for compliance purposes
  • Security Data: Retained for 3 years to enable threat analysis and compliance reporting
  • Communication Records: Retained for 7 years for business and legal purposes
  • Marketing Data: Retained until you withdraw consent or for 2 years of inactivity

International Data Transfers

We prioritize keeping your data within Australia. However, some of our service providers may process data internationally. When this occurs:

  • We ensure adequate protection through contractual safeguards
  • We use providers in countries with adequate data protection laws
  • We implement additional technical and organizational measures
  • We provide notice when international transfers occur

Children's Privacy

Our services are designed for businesses and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete that information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Post the updated policy on our website
  • Update the "Last updated" date
  • Notify you of material changes via email or platform notification
  • Provide a reasonable notice period before changes take effect

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Officer

privacy@privly.ai
1300 PRIVLY (1300 774 859)
Privly AI Pty Ltd
Level 15, 1 Macquarie Place
Sydney NSW 2000
Australia

Response Time: We aim to respond to all privacy inquiries within 5 business days. For urgent privacy concerns, please call our privacy hotline.

Privacy Complaints

If you believe we have not handled your personal information in accordance with this policy or privacy laws, you may lodge a complaint with us. We will:

  • Acknowledge your complaint within 2 business days
  • Investigate the matter thoroughly and impartially
  • Provide a written response within 30 days
  • Take corrective action if necessary

If you are not satisfied with our response, you may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or call 1300 363 992.