Business: CyberSurf (sole trader) · Sunshine Coast, QLD, Australia
Contact: support@cybersurf.au
This policy explains what personal information we collect, why we collect it, how we protect it, and what your rights are. It applies to our website, our Basic Breach Check product, and any contact you have with us.
We handle your information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. What Personal Information We Collect (APP 3)
We only collect information that is reasonably necessary for us to do our job.
Basic Breach Check orders
| Information | Why we need it |
|---|---|
| Full name | To identify your order and address your report to you |
| Phone number | To contact you about your results or any follow-up support |
| Up to 2 email addresses | To run the breach check against known breach databases |
We do not collect passwords, financial account details, or government identifiers (e.g. Tax File Number, Medicare number).
Website contact form
| Information | Why we need it |
|---|---|
| Name | To address our response to you |
| Email address | To reply to your enquiry |
| Message content | To understand and respond to your request |
Payment information
We use Stripe to handle all card transactions. We do not see, handle, or store your card number, CVV, or expiry date. Stripe's own privacy policy governs payment data.
2. The Breach Check Process — Zero Retention of Breach Data (APP 11)
We do not store, log, or retain any email/password pair combinations, credential data, or raw breach database records at any point. The breach data is checked and discarded immediately after your report is generated.
When we run your Basic Breach Check:
- Your email address(es) are submitted to a breach intelligence database to check whether they appear in known breach records.
- We retrieve the results and prepare your personal report.
- Breach credential data is discarded immediately after your report is generated.
- Your name, phone number, and email address(es) are retained as part of your order record only (see Section 5).
3. Why We Use Your Personal Information (APP 6)
We use your information only for the purpose it was collected:
- To deliver your Basic Breach Check report
- To respond to your contact form enquiry
- To send your invoice or receipt
- To contact you if we have follow-up security information relevant to you
- To comply with our legal obligations (e.g. ATO record-keeping)
We do not sell your information, share it with marketers, or use it to build advertising profiles.
Direct marketing — We may occasionally contact you about CyberSurf services related to what you have already purchased. You can opt out at any time by emailing support@cybersurf.au or clicking unsubscribe in any email. We will action all requests within 5 business days. (APP 7)
4. How We Store Your Information (APP 11)
| Data type | Where stored | How long |
|---|---|---|
| Order records (name, phone, emails) | Secure cloud platform | 7 years (ATO obligation), then deleted |
| Contact form submissions | Secure email inbox | 2 years, then deleted |
| Breach credential data | Not stored | Zero retention |
| Payment records | Stripe only | Per Stripe's privacy policy |
We use HTTPS encryption, strong passwords, and multi-factor authentication on all systems that hold personal information.
5. Who We Share Your Information With (APP 6 & APP 8)
| Recipient | Purpose | Location |
|---|---|---|
| Stripe | Processing your payment | United States |
| Breach intelligence database provider | Running the breach check (email addresses only) | United States |
| Email / hosting provider | Delivering your report and correspondence | Australia / United States |
| Legal or regulatory authorities | If required by Australian law | Australia |
We do not sell your personal information.
Some providers are located in the United States. Before disclosing personal information overseas, we take reasonable steps to ensure those providers are subject to privacy protections substantially similar to the APPs. (APP 8)
6. Cookies and Website Analytics
Our website may use basic cookies to support functionality. We do not currently use third-party advertising cookies or behavioural tracking tools. If this changes, we will update this policy and notify active customers.
7. Your Rights — Access, Correction, and Deletion (APP 12 & APP 13)
You have the right to access, correct, or request deletion of your personal information (subject to legal retention obligations). To make a request, email support@cybersurf.au with your full name and a description of your request. We will respond within 30 days at no charge.
8. Notifiable Data Breaches (Privacy Act 1988 (Cth), Part IIIC)
If we become aware of a data breach likely to cause you serious harm, we are required by law to notify the Office of the Australian Information Commissioner (OAIC) and notify you directly with details of what happened and what steps you should take.
9. Anonymity (APP 2)
You may browse our website anonymously. However, to deliver the Basic Breach Check product, we require your name, phone number, and email address(es). Full anonymity is not practicable for this service.
10. Complaints (APP 1)
If you have a concern about how we handled your personal information, contact us first:
Email: support@cybersurf.au
We aim to respond within 10 business days.
If you are not satisfied with our response, you can lodge a complaint with the OAIC:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
11. Changes to This Policy (APP 1)
We may update this policy from time to time. We will update the "Last reviewed" date when we do. If the changes are significant, we will notify active customers by email. The current version is always available at cybersurf.au/privacy.
CyberSurf — Darryl Wessling Trading As Cyber Surf · ABN 64 800 489 675 · Sunshine Coast, QLD, Australia
Compliant with Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs 1–13)