Privacy Policy

About this policy

This privacy policy explains how Cybercraft Australia ABN [your ABN] ("Cybercraft", "we", "us", "our") collects, uses, discloses, and protects personal information. We are based in Adelaide, South Australia and provide cybersecurity and AI consultancy services to organisations in Australia and New Zealand.

This policy applies to personal information collected through our website at cybercraft.net and through direct communications with our team.

What personal information we collect

We collect only the personal information that is reasonably necessary for us to respond to your enquiry and provide our services. When you submit our website contact form, we collect:

• Your name
• Your email address
• Your company or organisation name
• Your area of interest (the service category you select)
• Your message or enquiry details

We do not collect sensitive information (such as health information, financial account details, or government identifiers) through our website. If you voluntarily include sensitive information in your message, we will treat it with additional care and delete it once your enquiry has been addressed.

We do not collect personal information about you from third-party sources. All personal information we hold is provided directly by you.

Information collected automatically

Our website uses Cloudflare Web Analytics, a privacy-first analytics service. This service does not use cookies, does not track individual visitors, does not collect personal data, and does not perform cross-site tracking. It provides us with anonymised, aggregate data only — such as page views, referrers, and device types.

Cloudflare's infrastructure may process technical data (such as IP addresses and HTTP request headers) to deliver and secure our website. This processing is transient and is not used to identify individual visitors.

Our website loads typefaces from Google Fonts servers. When fonts are loaded, Google may receive your IP address and HTTP request headers. Google does not use this data to create individual profiles. You can review Google's privacy practices at policies.google.com/privacy.

We do not use marketing cookies, analytics tracking cookies, or any other technologies that monitor your behaviour across websites.

How we use your information

We use the personal information you provide for the following purposes:

• To respond to your enquiry and provide information about our services
• To contact you by email regarding your enquiry
• To direct your enquiry to the appropriate member of our team
• To improve our website and service offerings based on the types of enquiries we receive

We will not use your personal information for direct marketing unless you have provided explicit consent. We will never sell, rent, or trade your personal information to any third party.

How we store and protect your information

Contact form submissions are delivered to our team via email. We do not store your personal information in a centralised database or customer relationship management system.

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our protective measures include:

• Secure email systems with access restricted to authorised personnel
• TLS encryption for data in transit via our website
• Cloudflare's web application firewall and DDoS protection
• Regular review of our data handling practices

Please note that no method of electronic transmission is completely secure. We recommend that you do not send highly sensitive information (such as passwords, financial details, or government identifiers) via our contact form.

Retention

We retain personal information from contact form submissions in our email systems for up to 12 months from the date of your last communication with us. After this period, we permanently delete the information unless you have engaged us for ongoing services, in which case we retain information for the duration of our engagement plus any period required by law.

Disclosure to third parties

We do not share your personal information with third parties for their own purposes. Your information may be processed by the following service providers, solely on our behalf and subject to contractual confidentiality obligations:

Service provider	Purpose	Location
Cloudflare, Inc.	Website hosting, content delivery, security, and analytics	United States (global infrastructure)
Google LLC	Web font delivery	United States (global infrastructure)

We may also disclose personal information where required or authorised by law, including in response to court orders, regulatory requirements, or law enforcement requests.

Cross-border disclosure

As described above, your personal information may be transferred to service providers located outside of Australia and New Zealand, specifically in the United States. We ensure these transfers comply with both Australian and New Zealand privacy law:

• Australian Privacy Act (APP 8): We take reasonable steps to ensure overseas recipients handle your information consistently with the Australian Privacy Principles. Cloudflare holds Global Cross-Border Privacy Rules (CBPR) certification and maintains a Data Processing Addendum that provides contractual safeguards.
• New Zealand Privacy Act (Principle 12): We ensure that overseas recipients are subject to privacy protections comparable to those under the Privacy Act 2020. Cloudflare's CBPR certification and contractual commitments satisfy this requirement.

Your privacy rights

Under Australian law

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you (APP 12)
• Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13)
• Complain about a breach of the Australian Privacy Principles
• Request deletion of your personal information, subject to any legal obligations we may have to retain it

Under New Zealand law

Under the Information Privacy Principles, you have the right to:

• Access the personal information we hold about you (IPP 6)
• Request correction of personal information (IPP 7)
• Be informed about how your personal information is collected, used, and disclosed
• Complain to the Office of the Privacy Commissioner about any interference with your privacy

To exercise any of these rights, please contact us using the details provided at the end of this policy. We will respond to access and correction requests within 20 working days. There is no fee for requesting access to your personal information.

If we refuse an access or correction request, we will provide written reasons and information about how to complain about the refusal.

Data breach notification

In the event of a data breach involving your personal information that is likely to result in serious harm, we will:

• Notify affected individuals as soon as practicable
• Notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988
• Notify the Office of the Privacy Commissioner of New Zealand where the breach affects individuals in New Zealand, in accordance with Part 6 of the Privacy Act 2020
• Provide recommendations about the steps you should take in response to the breach

We will complete our assessment of any suspected breach within 30 days of becoming aware of it, consistent with Australian requirements.

Cookies and tracking

Our website does not set any first-party cookies that identify or track individual visitors. We do not use marketing pixels, retargeting technologies, or social media tracking scripts.

Cloudflare may set limited cookies for security purposes (such as bot detection and DDoS mitigation). These cookies are essential for the secure operation of our website, do not store personal information, and cannot be used to track you across other websites.

Children's privacy

Our services are directed at businesses and organisations, not individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

Automated decision-making

We do not currently use automated decision-making or profiling systems that make decisions with legal or similarly significant effects on individuals. If this changes in the future, we will update this policy to provide transparency about such systems, consistent with upcoming requirements under APP 1 (effective 10 December 2026).

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "last updated" date below and post the revised policy on our website. We encourage you to review this policy periodically.

Complaints

If you believe we have breached your privacy or handled your personal information inappropriately, we encourage you to contact us first so we can attempt to resolve the matter directly.

If you are not satisfied with our response, you may lodge a complaint with the relevant regulatory authority:

• Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au — Phone: 1300 363 992
• New Zealand: Office of the Privacy Commissioner — privacy.org.nz — Phone: 0800 803 909

Contact us

If you have questions about this privacy policy, wish to exercise your privacy rights, or want to make a complaint, please contact us:

• Email: [email protected]
• General enquiries: [email protected]
• Address: Adelaide, South Australia

Last updated: March 2026