Legal Notices

Privacy Policy

Purpose

BrightShield is committed to protecting your privacy and handling personal information in a transparent, secure, and responsible way.

This Privacy Policy explains how we collect, use, store, and disclose personal information when you:

  • Visit our website
  • Engage with our services, including Security Audit, Security Foundations, and Security Watch
  • Communicate with us

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and, where applicable, international privacy laws such as GDPR and CPRA.

What information we collect

We collect personal information that is reasonably necessary to deliver our services and operate our business.

Information you provide directly

This may include:

  • Name, email address, phone number
  • Business name, role, and contact details
  • Billing and payment information
  • Support requests and communications
  • Information you submit through forms, bookings, or enquiries

Information collected through our security services

When you use Security Audit, Security Foundations, or Security Watch, we may collect or generate technical and operational data, including:

  • System and account configuration data
  • Security findings, alerts, and audit results
  • Logs and metadata related to access, devices, or services
  • Identifiers associated with user accounts or devices within connected platforms (such as Microsoft 365 or Google Workspace)

Some of this information may relate to identifiable individuals. Where it does, we treat it as personal information and protect it accordingly.

Automatically collected information

When you visit our website, we may collect:

  • IP address
  • Browser type and device information
  • Pages visited and usage patterns

This information is generally used in aggregated form for analytics and service improvement.

How we use personal information

We use personal information for the following purposes:

Service delivery and security operations

  • Providing and administering our services
  • Conducting security audits and monitoring
  • Generating reports and recommendations
  • Detecting, assessing, and notifying about security risks
  • Supporting customers and responding to enquiries

Business operations and compliance

  • Managing accounts, billing, and contracts
  • Meeting legal and regulatory obligations
  • Maintaining records and audit trails
  • Improving our services and internal processes

Communications and marketing

  • Sending service-related communications
  • Providing updates, insights, or resources relevant to your services
  • Marketing communications, where consent is provided or permitted by law

You can opt out of marketing communications at any time.

Advertising and analytics

We may use personal information to support advertising and analytics activities, including measuring the effectiveness of campaigns and showing relevant ads to people who have previously visited our website.

This may include the use of cookies or similar technologies provided by advertising platforms such as Google, LinkedIn, or Meta. These tools may collect information about your interactions with our website to help us understand usage patterns and deliver more relevant content.

We do not use advertising tools to build detailed personal profiles, and we do not sell personal information.

Disclosure of personal information

We may disclose personal information to trusted third parties where necessary to operate our services, including:

  • Cloud hosting and infrastructure providers
  • Authentication and identity services
  • Security monitoring, alerting, and analytics providers
  • Payment processors and billing platforms
  • Professional advisers such as legal, accounting, or compliance providers

These parties act as service providers or sub-processors and are required to handle personal information securely and only for authorised purposes.

We do not sell personal information.

Overseas data transfers

Some of our service providers may store or process data outside Australia.

Where personal information is transferred overseas, we take reasonable steps to ensure appropriate safeguards are in place, such as contractual protections and security controls, to maintain privacy and data protection standards.

Data security

We take reasonable and appropriate measures to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

These measures include:

  • Access controls and least-privilege permissions
  • Encryption of data where appropriate
  • Secure system design and monitoring
  • Staff confidentiality obligations

No system is completely risk-free, but we continuously review and improve our security practices.

Data retention and disposal

We retain personal information only for as long as necessary to:

  • Deliver our services
  • Meet legal, contractual, and compliance obligations
  • Resolve disputes or enforce agreements

When information is no longer required, we take reasonable steps to securely delete or de-identify it.

Data breaches

If we become aware of a data breach involving personal information that is likely to result in serious harm, we will:

  • Investigate and contain the incident
  • Notify affected individuals where required
  • Comply with applicable breach notification laws and regulatory requirements

Access, correction, and your rights

You may request access to personal information we hold about you and request corrections if it is inaccurate, out of date, or incomplete.

Depending on your location, you may also have additional rights, including:

  • Requesting deletion of personal information
  • Restricting or objecting to certain processing
  • Requesting data portability

Where required by law, you may also have the right to opt out of certain forms of targeted advertising or analytics. You can manage cookie preferences through our Cookie Policy or contact us for assistance.

Requests can be made using the contact details below. We may need to verify your identity before responding.

Cookies and tracking technologies

We use cookies and similar technologies to operate our website, understand how it is used, improve our services, and support analytics and advertising activities.

Details about the types of cookies we use, their purpose, and how you can manage your preferences are set out in our Cookie Policy, available at https://www.brightshield.io/legal/cookie-policy.

Our Cookie Policy forms part of this Privacy Policy.

Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the updated date noted at the bottom.

Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle personal information, please contact our Privacy Officer at privacy@brightshield.io. You may also contact us to lodge a complaint about how we have handled your Personal Information. We will respond within a reasonable timeframe.

Last Updated:
December 21, 2025
Let's Begin

Ready to understand your security risks?

Get a clear, practical view of your risks and a plan to fix them with a BrightShield Security Audit.

Get Started