Legal

Privacy Policy

We are committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including the Privacy and Other Legislation Amendment Act 2024.

Effective date 13 March 2026
Governing law Privacy Act 1988 (Cth)
Jurisdiction Australia

01

Who We Are

Compliance Console ("we", "us", "our") is an Australian business providing AI-assisted compliance gap assessment services to organisations and individuals. We operate at www.complianceconsole.com.au and can be contacted at info@complianceconsole.com.au.

This Privacy Policy explains how we collect, hold, use, and disclose personal information, and how you can access or correct that information or make a complaint. It applies to all personal information we collect through our website, services, and communications.

This policy complies with the Privacy Act 1988 (Cth), the 13 Australian Privacy Principles (APPs), and the Privacy and Other Legislation Amendment Act 2024, which introduced a statutory tort for serious invasions of privacy effective June 2025.

02

Information We Collect

We collect personal information that is reasonably necessary to provide our services. This may include:

Identity & Contact Information

  • Full name
  • Work email address
  • Company or organisation name
  • Job title or role (if provided)

Service Information

  • Compliance framework or regulatory context relevant to your assessment
  • Additional notes or context you choose to provide
  • Documents you upload for analysis (see Section 6)

Technical Information

  • IP address and browser type (collected automatically via our website)
  • Pages visited and time spent on our website
  • Cookie and session data (where applicable)

We collect only what is reasonably necessary. We do not collect sensitive information (as defined under the Privacy Act, such as health, financial, or biometric data) unless you choose to include it in an uploaded document, in which case our document handling obligations in Section 6 apply.

03

How We Collect It

We collect personal information directly from you when you:

  • Submit a quote request through our website
  • Upload a document for assessment
  • Communicate with us via email or other channels
  • Purchase or use our services

We may also collect technical information automatically through your use of our website, including via cookies and similar technologies. You may disable cookies through your browser settings, though this may affect the functionality of our site.

We will not collect personal information about you from third parties without your knowledge unless it is unreasonable or impractical to collect it directly from you, and collection is otherwise permitted under the Privacy Act.

04

Why We Collect It

We collect personal information for the following primary purposes:

  • To assess your compliance document and provide a quote
  • To deliver your compliance gap assessment and report
  • To communicate with you about your assessment and our services
  • To process payments and maintain billing records
  • To improve our services and website
  • To meet our legal and regulatory obligations

We will not use your personal information for any purpose that is unrelated to the above without obtaining your separate consent, unless required or authorised by law.

05

Use & Disclosure

We use your personal information only for the primary purpose for which it was collected, or for a directly related secondary purpose that you would reasonably expect.

We may disclose your information to:

  • Third-party service providers who assist us in delivering our services (such as email delivery, payment processing, and document storage), who are bound by confidentiality obligations
  • Professional advisers including lawyers and accountants, where necessary
  • Regulatory or law enforcement bodies where required by law

We will never:

  • Sell your personal information to any third party
  • Use your information for direct marketing by third parties without your consent
  • Disclose your information in ways inconsistent with this policy

06

Uploaded Documents

When you upload a document to our platform, you represent and warrant that you are the owner, authorised purchaser, or licensed holder of that document, and that you have the legal right to share it with a third party for analysis purposes.

How we handle your documents:

  • Documents are used solely for the purpose of conducting your compliance gap assessment
  • Documents are stored securely and access is restricted to personnel directly involved in your assessment
  • Documents are not shared with third parties except as required to deliver your assessment (e.g. secure cloud storage providers)
  • Documents are retained only for as long as necessary to complete your assessment and meet our legal obligations, after which they are securely deleted
Important: If your document contains personal information about third parties (such as employee data or customer records), you are responsible for ensuring you have the appropriate authority and legal basis to share that information with us. We recommend anonymising or redacting any personal information that is not relevant to your compliance assessment before uploading.

07

Overseas Disclosure

Some of our third-party service providers (such as cloud storage and email delivery platforms) may be located overseas, including in the United States and the European Union. Where we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle your information in a manner consistent with the Australian Privacy Principles.

By providing us with your personal information, you acknowledge that it may be transferred to and processed in countries outside Australia. Where we rely on your consent for such transfers, you may withdraw that consent at any time by contacting us, though this may affect our ability to provide the service.

08

Storage & Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against misuse, loss, unauthorised access, modification, or disclosure.

These measures include:

  • Encrypted transmission of data via HTTPS
  • Access controls limiting who can view personal information
  • Secure storage with reputable cloud providers
  • Regular review of our security practices

While we take all reasonable steps to protect your information, no method of transmission or storage is completely secure. If you suspect your information has been compromised, please contact us immediately.

09

Data Retention

We retain personal information only for as long as is necessary for the purposes for which it was collected, or as required by law. Specifically:

  • Assessment-related data (including uploaded documents) is retained for the duration of the engagement and for a reasonable period thereafter to allow for follow-up, then securely deleted
  • Billing and transaction records are retained for a minimum of seven years in accordance with Australian tax law
  • Email correspondence is retained for a period of three years unless you request earlier deletion

When personal information is no longer required, we take reasonable steps to destroy or permanently de-identify it.

10

Your Rights

Under the Privacy Act, you have the right to:

Access your information

You may request access to the personal information we hold about you. We will respond within a reasonable timeframe and will not charge a fee for making a request, though we may charge a reasonable fee for providing access in certain circumstances.

Correct your information

If you believe personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will take reasonable steps to correct information within 30 days of your request.

Anonymity

Where practicable, you may interact with us anonymously or using a pseudonym. However, given the nature of our services, we generally require your name and contact details to deliver an assessment.

Withdraw consent

Where we rely on your consent to process your personal information, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us using the details in Section 16.

11

Direct Marketing

We may use your contact details to send you information about our services, industry updates, or relevant news where you have consented to receiving such communications, or where we reasonably believe you would expect to receive them based on your existing relationship with us.

You may opt out of direct marketing communications at any time by:

We will action all opt-out requests promptly and within a reasonable timeframe. We will not use your information for direct marketing by third parties without your express consent.

12

Automated Decision-Making

Our services use automated processes, including artificial intelligence, to analyse compliance documents and generate assessment questionnaires and reports. These automated processes assist in estimating the scope and complexity of your assessment and producing structured outputs.

In accordance with the Privacy and Other Legislation Amendment Act 2024, we disclose that:

  • Automated analysis is used to process your uploaded documents and generate assessment content
  • Pricing estimates generated through our website are produced automatically based on document characteristics
  • Final pricing and assessment scope are reviewed and confirmed by a human member of our team before any payment is taken

You have the right to request human review of any automated decision that significantly affects you. Please contact us to make such a request.

13

Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. In the event of an eligible data breach — one that is likely to result in serious harm to affected individuals — we will:

  • Conduct a prompt assessment of the breach within 30 days of becoming aware of it
  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC)
  • Take immediate steps to contain and remediate the breach

If you believe your personal information held by us has been compromised, please contact us immediately at info@complianceconsole.com.au.

14

Complaints

If you believe we have handled your personal information in a way that breaches the Australian Privacy Principles, you have the right to make a complaint. Please contact us in the first instance using the details in Section 16 — we will acknowledge your complaint within five business days and endeavour to resolve it within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

Please note that from June 2025, individuals may also bring a direct action in court for serious invasions of privacy under the statutory tort introduced by the Privacy and Other Legislation Amendment Act 2024.

15

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email.

We encourage you to review this policy periodically. Your continued use of our services following any update constitutes your acceptance of the revised policy.

16

Contact Us

For all privacy-related enquiries, access requests, correction requests, or complaints, please contact us:

Compliance Console

Privacy enquiries: info@complianceconsole.com.au

Website: www.complianceconsole.com.au

We will acknowledge all privacy enquiries within five business days.