CyberAtlasAustralia

Legal

Privacy Policy

Effective date: 28 March 2026

CyberAtlas (“we”, “us”, “our”) operates the website cyberatlas.com.au (the “Platform”). We are committed to protecting your personal information and handling it in a responsible manner consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains what personal information we collect, why we collect it, how we use and disclose it, and how you can access or correct it. By using the Platform you consent to the practices described in this policy.

1. Who We Are

CyberAtlas is an online directory that lists Australian cybersecurity service providers (“Vendors”). We are not a cybersecurity service provider ourselves and we do not provide security advice, assessments, or services of any kind. We are a publisher and technology platform only.

For privacy enquiries, contact our Privacy Officer at: privacy@cyberatlas.com.au

2. What Personal Information We Collect

We collect personal information in the following circumstances:

2.1 Account Registration (Vendors)

When a cybersecurity vendor creates an account or claims a listing, we collect:

  • Full name and job title
  • Business email address
  • Company name, ABN (optional), and business address
  • Phone number
  • Billing information (processed by Stripe — we do not store payment card details)

2.2 Lead Enquiry Forms (Buyers)

When a buyer submits a “Find a Provider” enquiry, we collect:

  • Name, email address, and phone number
  • Company name, job title, and company size
  • Project description, budget range, and timeline
  • Location (city) and industry

This information is shared with relevant Vendors who have opted in to the lead routing programme. By submitting an enquiry, you consent to this sharing.

2.3 Contact Forms

If you contact us via our contact form or by email, we collect your name, email address, and the content of your message.

2.4 Usage Data

We automatically collect certain technical information when you visit the Platform, including IP address, browser type, operating system, referring URL, pages viewed, and timestamps. This data is collected via server logs and analytics tools.

2.5 Cookies

We use cookies and similar technologies to maintain session state, remember preferences, and analyse traffic. You can disable cookies via your browser settings, but some functionality may be impaired.

3. How We Use Your Personal Information

We use personal information only for the purposes for which it was collected, or directly related purposes, including:

  • Creating and managing your account
  • Processing subscription payments via Stripe
  • Routing buyer enquiries to relevant Vendors
  • Communicating with you about your account or listing
  • Sending transactional emails (account confirmations, billing receipts)
  • Improving the Platform through analytics
  • Complying with legal obligations
  • Preventing fraud and enforcing our Terms of Use

We will not use your personal information for direct marketing without your consent. Where we send marketing communications, we will include an unsubscribe mechanism in accordance with the Spam Act 2003 (Cth).

4. Disclosure of Personal Information

We may disclose your personal information to:

  • Vendors — buyer enquiry details are shared with matched Vendors as described above
  • Stripe Inc. — for payment processing. Stripe's privacy policy is available at stripe.com/au/privacy
  • Supabase Inc. — our database and authentication provider. Data may be hosted on servers located in Australia or internationally
  • Vercel Inc. — our hosting provider
  • Law enforcement or government agencies — where required by law or valid legal process

We do not sell, rent, or trade personal information to third parties for marketing purposes.

5. Cross-Border Disclosure

Some of our third-party service providers (including Supabase, Vercel, and Stripe) may store or process personal information outside Australia. Before disclosing personal information to overseas recipients, we take reasonable steps to ensure that those recipients handle the information consistently with the APPs, as required by APP 8.

6. Data Security

We implement commercially reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include:

  • TLS encryption for data in transit
  • Row-level security and access controls on our database
  • Authentication via industry-standard protocols
  • Restricted access to personal data by personnel

No internet transmission or electronic storage is completely secure. We cannot guarantee absolute security and you provide personal information at your own risk.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements. When personal information is no longer required, we take reasonable steps to destroy or de-identify it.

8. Your Rights — Access and Correction

Under the Privacy Act 1988 (Cth), you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate, outdated, or incomplete information
  • Request deletion of your account and associated personal data

To exercise these rights, contact us at privacy@cyberatlas.com.au. We will respond within 30 days. We may need to verify your identity before processing a request.

We may decline access in limited circumstances permitted by the APPs, such as where providing access would prejudice an investigation of unlawful activity.

9. Complaints

If you believe we have breached the APPs or this Privacy Policy, please contact our Privacy Officer at privacy@cyberatlas.com.au. We will acknowledge your complaint within 5 business days and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date at the top of this page and, where appropriate, by email notification to registered users. Continued use of the Platform after a change constitutes acceptance of the updated policy.

CyberAtlas · cyberatlas.com.au · privacy@cyberatlas.com.au

This policy was last updated on 28 March 2026.