Privacy Policy

Last updated: May 8, 2026

CyberChex ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Australian Privacy Act 1988 (as amended by the Privacy Act 2025 reforms).

Quick Summary:
  • We collect only the information necessary to provide M365 security assessments
  • We never access your emails, files, or personal data during assessments
  • Your information is stored securely in Australia
  • We never sell your data to third parties
  • You can request access, correction, or deletion of your data at any time

1. Information We Collect

1.1 Information You Provide to Us

When you use our services, we collect information you provide directly, including:

Information Type Examples Purpose
Contact Information Name, email address, phone number, business name To communicate about services, deliver reports, provide support
Business Information Company name, ABN, number of M365 users, license type To scope and deliver appropriate assessment
M365 Tenant Information Tenant ID, configuration settings, security controls status To conduct security assessment
Payment Information Billing address, payment method details To process payments for services

1.2 Information We Collect Automatically

When you visit our website, we automatically collect:

1.3 Information We Do NOT Collect

During M365 security assessments, we specifically do NOT:

We only access configuration settings and security controls in read-only mode to assess your M365 security posture.

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 To Provide Services

2.2 To Communicate With You

2.3 To Improve Our Services

2.4 Marketing (With Your Consent)

You can opt-out of marketing communications at any time by clicking "unsubscribe" in any email or contacting us directly.

3. How We Share Your Information

3.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties.

3.2 Service Providers

We share information with trusted service providers who help us deliver our services:

Service Provider Purpose Data Shared
Supabase (Database Hosting) Store client records and assessment data Business name, contact info, assessment results
EmailJS (Email Service) Send reports and communications Email address, name, report content
Vercel (Website Hosting) Host our website and services Usage data, IP addresses
Payment Processor Process payments securely Billing information, payment details

All service providers:

3.3 Legal Requirements

We may disclose your information if required by law, such as:

4. Data Security

We implement industry-standard security measures to protect your personal information:

4.1 Technical Safeguards

4.2 Organizational Safeguards

4.3 M365 Assessment Security

During security assessments:

5. Data Retention

We retain your personal information for as long as necessary to provide services and comply with legal obligations:

Data Type Retention Period Reason
Contact Information Duration of business relationship + 7 years Tax and legal compliance (ATO requirements)
Assessment Reports 7 years Professional indemnity insurance, legal compliance
M365 Configuration Data 90 days (unless you request longer) Service delivery, support
Payment Records 7 years Tax compliance (ATO requirements)
Marketing Opt-ins Until you opt-out Marketing consent management

After retention periods expire, we securely delete or anonymize your data.

6. Your Privacy Rights

Under Australian privacy law, you have the following rights:

6.1 Right to Access

You can request a copy of the personal information we hold about you. We will provide this within 30 days of your request.

6.2 Right to Correction

If your personal information is inaccurate, incomplete, or out-of-date, you can request that we correct it.

6.3 Right to Deletion

You can request that we delete your personal information, subject to our legal obligations (e.g., tax records must be retained for 7 years).

6.4 Right to Opt-Out

You can opt-out of marketing communications at any time by clicking "unsubscribe" in emails or contacting us directly.

6.5 Right to Complain

If you believe we've mishandled your personal information, you can:

  1. Contact us directly at privacy@cyberchex.com.au
  2. If unresolved, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

How to Exercise Your Rights

To access, correct, or delete your data, contact us at:

We will respond within 30 days.

7. Cookies and Tracking

7.1 Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Enable core website functionality (e.g., forms, navigation) Session
Analytics Cookies Understand how visitors use our site (Google Analytics) 2 years
Preference Cookies Remember your settings and preferences 1 year

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

8. Third-Party Links

Our website may contain links to third-party websites (e.g., Microsoft documentation, ACSC resources). We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies.

9. Children's Privacy

Our services are intended for businesses and individuals 18 years and older. We do not knowingly collect personal information from children under 18.

10. International Data Transfers

Your data is primarily stored in Australia. Some service providers (e.g., Vercel, Supabase) may store data on servers outside Australia. When data is transferred internationally:

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

CyberChex Privacy Officer

Email: privacy@cyberchex.com.au
Mail: [Your Business Address]
Phone: [Your Phone Number]

We aim to respond to all privacy inquiries within 5 business days.

13. Definitions

Personal Information: Information that identifies you or could reasonably identify you (e.g., name, email, business name).

Sensitive Information: Information about health, race, religion, political opinions, etc. We do not collect sensitive information unless absolutely necessary and with your explicit consent.

De-identified Data: Data that has been modified to remove or obscure identifying information, making it no longer personal information.


This Privacy Policy complies with the Australian Privacy Act 1988 (as amended by the Privacy Act 2025 reforms).
For more information about your privacy rights, visit www.oaic.gov.au

← Back to Home