GDPR and data protection standards
We design our platform and operations to meet GDPR requirements, protect personal data, and support customer compliance.
Processing activities and purposes
We process personal data to deliver services, provide support, secure our systems, measure performance, and comply with legal obligations.
Legal bases
- Contract performance for registered users
- Legitimate interests for service quality and security
- Consent where required (e.g., marketing)
- Legal obligations (e.g., accounting)
Subprocessors
We use reputable providers for hosting, analytics, and support. A current list is available upon request and subject to change control.
Data Processing Addendum (DPA)
Our DPA incorporates SCCs, security measures, and roles/responsibilities.
Security measures
- Encryption in transit and at rest
- SSO/SAML and granular RBAC
- Change management with approvals and logs
- Regular backups and disaster recovery testing
Data subject requests
Submit access, correction, or deletion requests via [email protected] or by mail: Level 17, 40 Mount Street, North Sydney NSW 2060, Australia. We verify identity and respond within statutory timelines.