Privacy Policy

Spectrum Stream Security Technologies Pty Ltd (ABN pending), operating as SpectrumStream (“we”, “us”, “our”), is committed to protecting the privacy of individuals who interact with our website and use our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our website or engaging our services, you consent to the practices described in this policy.

Information you provide directly:

• Name and contact details (email address, phone number, business address)
• Business name and ABN
• Information submitted via contact forms or quote requests
• Communications and correspondence with our team

Information collected automatically:

• IP address and browser type
• Pages visited and time spent on our site
• Referring URLs and device information
• Cookies and similar tracking technologies

Information collected as part of service delivery:

• Network and systems data required to perform IT management or security assessments
• Credentials and access details provided under formal agreements (stored securely and never retained beyond engagement scope)
• Logs, configurations, and vulnerability data relevant to contracted services

We use your personal information to:

• Respond to enquiries and provide requested quotes or services
• Deliver and manage Managed IT, cybersecurity, and web hosting services
• Issue invoices and manage billing
• Communicate service updates, maintenance windows, or security alerts
• Improve our website and service offerings
• Comply with legal obligations
• Send marketing communications (only where you have opted in or where permitted by law)

We will not use your personal information for purposes unrelated to those listed above without your consent.

We do not sell your personal information. We may share it with:

• Trusted third-party service providers (such as hosting providers, CRM platforms, and billing systems) who assist us in delivering our services, under confidentiality obligations
• Our strategic security partner, Aussie Pentest Pty Ltd, where penetration testing services are engaged
• Law enforcement or regulatory bodies where required by Australian law
• Successors in the event of a business merger or acquisition, subject to continued privacy protections

All third parties we engage are required to handle personal data in accordance with applicable Australian privacy laws.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Security measures include:

• Encrypted storage and transmission (TLS/SSL)
• Access controls and role-based permissions
• Secure credential management practices
• Regular internal security reviews consistent with our cybersecurity service standards

No method of electronic storage or transmission is 100% secure. If you have concerns about the security of information you have provided, please contact us.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Client engagement data is retained for a minimum of seven (7) years for compliance and record-keeping purposes. Marketing data is retained until you opt out or request deletion.

Our website may use cookies to improve user experience and collect analytics data. You can configure your browser to refuse cookies, though some features of the site may not function correctly as a result. We do not use cookies to collect sensitive personal information.

You have the right to request access to the personal information we hold about you, and to request corrections if it is inaccurate, incomplete, or outdated. To make a request, please contact us using the details below. We will respond within a reasonable timeframe and in accordance with the Australian Privacy Principles.

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us directly. We will investigate and respond within 30 days. If you are unsatisfied with our response, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

We may update this Privacy Policy from time to time. The current version will always be published at our website. Your continued use of our services after any updates constitutes acceptance of the revised policy.