Privacy Policy

Privacy isn’t a tick-box for us—it’s baked into every line of code we ship and every system we manage. We work with finance data, customer records, and the odd board-level secret, so treating that data casually just isn’t on the cards.

1. What We Collect (and Why)

We keep it minimal: basic contact details, project-related artefacts, and usage analytics that help us improve the site. No creepy tracking, no data brokering, no surprise newsletters.

2. How We Protect It

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Principle of least privilege across our cloud tenancy.
• Regular penetration tests and Essential Eight-aligned hardening.

3. Compliance Anchors

We align to the Australian Privacy Principles (APP 1-13), ISO 27001 controls, and GDPR equivalents for EU clients. Audit trails are immutable and reviewable on request.

4. Third-Party Services

We host on AWS and Azure only in regions that meet the required data-sovereignty rules. Each vendor contract includes breach-notification SLAs and right-to-audit clauses.

5. Your Rights

• Access: Ask what we hold; we’ll show you.
• Correction: Spot an error? We’ll fix it fast.
• Erasure: Finished with us? We’ll delete what we’re not legally required to retain.

6. Contact

Shoot privacy questions to privacy@voodooit.com.au. We answer within two business days—usually faster.

Last updated: August 2025