Privacy Policy
Last updated: April 2026
1. Introduction
Cyber Insights Solutions Pty Ltd ('Scrutex', 'we', 'us', or 'our') is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you when you use our platform, visit our website, or communicate with us. Scrutex is an Australian company registered in Victoria, Australia (ABN to be confirmed). This service is not directed to children under 16 years of age, and we do not knowingly collect personal data from children under 16.
2. Data we collect
We collect the following categories of personal data: (a) Information you provide directly, such as account registration details (name, email, company), contact form and demo request submissions, and questionnaire responses; (b) Information collected automatically when you use our platform, including usage and session data, IP addresses, browser type, device information, and pages visited; (c) Information from third-party sources where you have authorised this. We also use Cloudflare Web Analytics to collect anonymised usage data about website visitors.
3. How we use your data
We use your data to provide and improve our platform, process transactions, communicate with you about your account and our services, send you marketing communications where you have separately consented, comply with legal obligations, and for security and fraud prevention purposes. We do not sell or share your personal data to third parties for their own marketing purposes.
4. Legal basis for processing
We process your personal data on the following legal bases: (a) Performance of a contract — to provide our platform services and manage your subscription; (b) Legitimate interests — to improve our products, ensure platform security, and prevent fraud (we carry out a balancing test to ensure our interests do not override your rights); (c) Consent — for marketing communications (which you may withdraw at any time); (d) Compliance with a legal obligation — to meet our legal and regulatory requirements.
5. Data sharing and third parties
We may share your personal data with the following categories of third parties, solely for the purposes described in this policy: (a) Cloud hosting and infrastructure providers for platform operation; (b) Cloudflare for CDN, security, and web analytics services; (c) Payment processors for billing and subscription management; (d) Email service providers for transactional and marketing communications; (e) Professional advisers (legal, accounting) where required. All third-party service providers are contractually required to protect your data and process it only on our instructions.
6. Data retention
We retain personal data for as long as necessary to provide our services and comply with our legal obligations: (a) Account data — retained for the duration of your subscription plus 12 months following termination; (b) Contact form and demo request data — retained for 24 months from the date of submission; (c) Marketing data — retained until you unsubscribe or request deletion; (d) Usage and analytics data — retained in anonymised form for up to 24 months; (e) Billing records — retained for 7 years as required by Australian tax law. Certain data may be retained for longer periods where required by law.
7. Your rights — Australia
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have the right to access and correct your personal information held by us. To exercise these rights, contact us at [email protected]. If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
8. Your rights — European Economic Area and United Kingdom (GDPR)
If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation: (a) Right of access (Art. 15) — obtain confirmation of whether we process your personal data and request a copy; (b) Right to rectification (Art. 16) — request correction of inaccurate data; (c) Right to erasure (Art. 17) — request deletion of your personal data where there is no compelling reason for continued processing; (d) Right to restrict processing (Art. 18) — request restriction in certain circumstances; (e) Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format; (f) Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing purposes; (g) Rights relating to automated decision-making (Art. 22) — not be subject to decisions based solely on automated processing; (h) Right to withdraw consent at any time without affecting the lawfulness of prior processing. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If unsatisfied, you have the right to lodge a complaint with your local supervisory authority. Our EU Representative is: to be appointed. Our UK Representative is: to be appointed.
9. Your rights — California (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act: (a) Right to Know — the categories and specific pieces of personal information collected about you; (b) Right to Delete — request deletion of your personal information; (c) Right to Correct — request correction of inaccurate personal information; (d) Right to Opt-Out — of the sale or sharing of personal information (we do not sell or share personal information as defined under the CCPA/CPRA); (e) Right to Non-Discrimination — for exercising your CCPA rights. To exercise these rights, contact [email protected]. We will verify your identity and respond within 45 days.
10. Your rights — India (DPDP Act)
If you are located in India, we process your personal data in compliance with the Digital Personal Data Protection Act 2023. As a data fiduciary, we: (a) process your data only for lawful purposes with your consent or other valid legal basis; (b) provide you with a clear consent notice before collection; (c) honour your right to withdraw consent at any time; (d) allow you to access, correct, and request erasure of your personal data; (e) respond to grievances through our Privacy Officer. You may also contact the Data Protection Board of India if unsatisfied with our response.
11. Your rights — Canada (PIPEDA)
If you are located in Canada, you have the right to access your personal information, request correction, and withdraw consent for the collection, use, or disclosure of your personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA). To exercise your rights, contact [email protected].
12. International data transfers
Where we transfer your personal data outside Australia, we ensure appropriate safeguards are in place. For transfers to countries outside the EEA or UK, we rely on: (a) European Commission adequacy decisions where available; (b) Standard Contractual Clauses (SCCs) approved by the European Commission; (c) Supplementary measures where required following a transfer impact assessment. Data may be transferred to and processed in Australia, the United States, and other jurisdictions where our service providers operate. For details of specific transfer mechanisms in place, contact [email protected].
13. Data breach notification
In the event of a data breach that is likely to result in serious harm, we will: (a) notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988; (b) notify relevant EU/UK supervisory authorities within 72 hours and affected data subjects without undue delay as required by GDPR Articles 33-34; (c) notify the Data Protection Board of India as required under the DPDP Act. We maintain an incident response plan to detect, investigate, and respond to data breaches promptly.
14. Cookies and tracking technologies
We use cookies and similar tracking technologies to operate our platform and analyse usage patterns. Essential cookies are required for the site to function. Analytics cookies (including Cloudflare Web Analytics) help us understand how visitors use our site. We do not deploy non-essential cookies without your consent where required by applicable law. You can manage your cookie preferences through your browser settings. For visitors in the EU/UK, we obtain consent before deploying non-essential cookies in accordance with the ePrivacy Directive and UK PECR.
15. Contact
For any privacy-related queries or to exercise your rights, contact our Privacy Officer at [email protected]. You may also write to us at: Privacy Officer, Cyber Insights Solutions Pty Ltd, Melbourne, Victoria, Australia.