Privacy Policy

1. Information We Collect

We may collect the following categories of personal information:

• Identity and contact information: your name, email address, phone number, and company name.
• Assessment data: your answers, scores, and results from our online self-assessment quizzes and tools.
• Technical information: your IP address, browser type, operating system, device identifiers, and referring URLs.
• Usage data: pages visited, time spent on site, click patterns, and other analytics data.
• Cookies and tracking data: information collected through cookies, pixels, and similar technologies as described in Section 7 below.

2. How We Collect Information

We collect personal information through the following means:

• Contact and enquiry forms: when you submit a form on our website requesting information or a consultation.
• Assessment quizzes: when you complete a cybersecurity self-assessment, AI readiness assessment, or similar tool on our website.
• Cookies and analytics: automatically through cookies, Cloudflare analytics, and other tracking technologies when you visit our website.
• Email communications: when you correspond with us via email or subscribe to communications.
• Third-party sources: we may receive limited information from business intelligence platforms in the course of B2B outreach.

3. Why We Collect Information

We collect and use your personal information for the following purposes:

• To respond to your enquiries and provide the information or services you have requested.
• To deliver assessment results and personalised recommendations based on your quiz responses.
• To improve our website, services, and user experience through analytics and aggregated data.
• To send you marketing communications where you have provided consent or where we have a legitimate interest (you may opt out at any time).
• To comply with our legal and regulatory obligations.
• To protect the security of our website and systems.

4. How We Store and Protect Your Information

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

• Cloud infrastructure: data is stored on Microsoft Azure cloud infrastructure with encryption at rest and in transit.
• Access controls: strict role-based access controls limit who can access personal information within our organisation.
• Encryption: all data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
• Regular review: we periodically review our security practices and update them as necessary to address evolving threats.

5. Third Parties We Share Data With

We may share your personal information with the following categories of third-party service providers, solely for the purposes described in this policy:

• SendGrid (Twilio): for email delivery when you submit a contact form or receive assessment results.
• Cloudflare: for content delivery, website performance, security protection, and web analytics.
• Apollo: for business development and outreach analytics.

We do not sell your personal information to third parties. We require all third-party service providers to handle personal information in accordance with applicable privacy laws and our contractual obligations.

6. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. As a general guide:

• Contact form submissions: retained for up to 24 months after your last interaction, unless you request earlier deletion.
• Assessment data: retained for up to 12 months to allow you to revisit your results, unless you request earlier deletion.
• Analytics data: aggregated and anonymised analytics data may be retained indefinitely. Identifiable analytics data is retained for no more than 12 months.
• Client engagement records: retained for up to 7 years in accordance with Australian tax and corporate record-keeping obligations.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your experience and analyse site usage. The types of cookies we use include:

• Essential cookies: necessary for the website to function correctly, including security and session management.
• Analytics cookies: Cloudflare Web Analytics is used to collect anonymised usage statistics. This service is privacy-focused and does not use client-side state (such as cookies or localStorage) for analytics purposes.
• Marketing and tracking: Apollo tracking may be used to understand engagement with our business outreach efforts.

You can manage your cookie preferences using the cookie consent banner displayed on your first visit, or by adjusting your browser settings. Rejecting non-essential cookies will disable analytics and marketing tracking.

8. Your Rights Under the Australian Privacy Act

If you are located in Australia, the Australian Privacy Principles (APPs) give you the following rights:

• Access: you have the right to request access to the personal information we hold about you.
• Correction: you have the right to request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
• Complaints: if you believe we have breached the APPs, you may lodge a complaint with us. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

To exercise any of these rights, please contact us using the details in Section 12 below. We will respond to your request within 30 days.

9. Your Rights Under CCPA / CPRA (California, USA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with the following rights:

• Right to know: you may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: you may request that we delete personal information we have collected from you, subject to certain legal exceptions.
• Right to correct: you may request that we correct inaccurate personal information.
• Right to opt out of sale or sharing: we do not sell your personal information. If this practice changes, we will provide a clear opt-out mechanism.
• Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your rights, please contact us using the details in Section 12. We will verify your identity before processing your request and respond within 45 days.

10. International Data Transfers

Stealth Cyber operates across Australia, the United States, and Brazil. Your personal information may be transferred to, stored in, or processed in any of these countries. When we transfer personal information internationally, we take reasonable steps to ensure it is protected in accordance with the Australian Privacy Act and any other applicable privacy legislation.

Our third-party service providers may also store or process data in jurisdictions outside of Australia. We require these providers to maintain appropriate safeguards and comply with applicable data protection laws.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this privacy policy, wish to exercise your rights, or would like to make a complaint, please contact us: