PRIVACY & CONFIDENTIALITY POLICY
What data do we collect?
We only collect private and confidential data that is required to provide the agreed services and during our free consultations and support. We secure all data that is collected from our potential and existing clients in confidence. This includes non-disclosure to any data to third parties without explicit permission. This may exclude our established partners with confidentiality arrangements in instances where disclosure is required to support the services.
We encourage you to contact us and provide your company details so that we can tailor our responses to your needs and provide accurate quotations and services. Only the name and email address fields are mandatory for these enquiries. You can refrain from submitting any other details you may not wish to disclose.
We use Google Ads, Analytics, Tag Manager, Hubspot and other tools for the website for marketing and to analyse traffic and trends. Our manner of using this does not identify individuals and their user navigation behaviours. We do not export data outside of these application or share it with any third parties, including our established partners.
Where does your data go?
We may use the data collected in following systems, depending on the stage and requirements of the support we are providing you:
Checkbox.ai: the platform used for our free tools, automated SOC 2 assessments and workflows. Checkbox.ai have completed a SOC 2 Type II report issued by a Big4 firm.
A-SCEND: A proprietary platform developed by our CPA firm partner, A-LIGN, used to streamline and secure data sharing for our audits. A-LIGN issues annual SOC 2 Type II reports covering Security, Availability and Confidentiality.
G-Suite Enterprise: Google Business products used for our client communications. We secure these systems with multi-factor authentication and Google Business grade security practices. Google issues SOC 1, SOC 2 and SOC 3 reports at least annually.
Hubspot: Our customer relationship (CRM) system used for marketing emails, account tracking, and hosting of our website content management system (CMS). Hubspot issues SOC 2 Type II reports annually.
Trello: Used for some clients, when preferred, for tracking your requirements and assurance reporting steps. Atlassian issues SOC 2 Type II reports for Trello.
Intuit Quickbooks: A cloud-based application used for company accounting and invoicing. Intuit issues SOC 2 Type II reports for Quickbooks Online.
In each of the above, we minimise the data stored in each location based on what is required to effectively support our services to you.
Our free tools, assessments and applications are built in Checkbox.ai. They collect data from your responses to questions to provide automated outputs that help you navigate information security and our services.
We use the data for providing you with our services. We may also use that data at an anonymised and statistical level to provide guidance and benchmarking to our clients, partners and associates. We avoid the use of any statistics that would compromise confidentiality, including any 0% or 100% stats or with specifics that may be used to identify attributes of an individual customer or user. The raw data is stored in Checkbox.ai, hosted in the Amazon Web Services (AWS) environment. We do not export any data from this environment, except in the output reports sent to you, or after it has been anonymised for statistical analysis.
If you have any concerns over security, privacy or confidentiality, we support the use of an alias contact and company name to prevent your data from being identifiable. This requires the use of a non-business email address and contacting us separately to advise of the alias so we can send the report to the correct person and in a secure manner.
What are your rights?
We support all rights under the EU GDPR, the Australian Privacy Act and any other reasonable requests related to your private data. For any requests related to your data please email firstname.lastname@example.org, or call +61 (0) 490 086 000.