Privacy & Data Handling

Privacy Policy

PostureCheck is built for Australian SMBs that need a clear cybersecurity and privacy baseline without exposing unnecessary operational detail. This policy explains what we collect, why we collect it, and how we protect it.

Data minimisation

Assessment questions are designed to create a report, not to collect passwords, secrets or sensitive system diagrams.

Purpose limited

Your details are used to deliver the assessment, report, templates, support and optional product updates.

APP aligned

Our handling approach is designed around the Privacy Act 1988 and Australian Privacy Principles.

1. Who We Are

PostureCheck is a cybersecurity and privacy readiness assessment tool for Australian businesses. We help organisations understand their posture against recognised Australian references including the Essential Eight, Privacy Act 1988 and the Notifiable Data Breaches Scheme.

2. Information We Collect

We collect information you provide when starting or completing an assessment, including name, work email, company name, phone number, company size, industry and assessment responses.

Assessment responses describe business practices and control maturity. They should not include passwords, credentials, API keys, secrets, sensitive personal information, detailed internal system diagrams or live vulnerability data.

3. Why We Collect It

We collect this information to deliver your assessment preview, generate your executive report, tailor recommendations, provide support and maintain a basic record of report generation where needed.

To deliver assessment results, executive reports and implementation templates.
To tailor benchmarks and recommendations by company profile.
To respond to support, billing or product enquiries.
To send product updates only where you have opted in.

Collection notice: PostureCheck should be used as a structured readiness tool. Do not submit passwords, secrets or sensitive customer records into the assessment.

4. Marketing

We only send marketing or product update emails where you have opted in or where permitted by law. You can unsubscribe at any time. Commercial electronic messages will include sender identification and a functional unsubscribe mechanism.

5. Disclosure

We do not sell your personal information. We may use trusted service providers for hosting, form handling, transactional email, analytics, payments or support. Where information is handled overseas, we take reasonable steps to protect it consistently with the Australian Privacy Principles.

6. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure. During testing, some assessment data may be stored locally in your browser. Production deployment should use secure form handling, access controls, encrypted storage and restricted administrative access.

7. Retention

We keep personal information only for as long as needed for the purposes above, legal requirements, support, payment records or product improvement. When no longer required, information is deleted or de-identified where practical.

8. Access and Correction

You may request access to or correction of personal information we hold about you. Contact us at privacy@posturecheck.io.

9. Complaints

If you have a privacy concern, contact us first at privacy@posturecheck.io. If unresolved, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.

10. Contact

Privacy enquiries: privacy@posturecheck.io