Privacy Policy
Last updated on 30 June 2026.
Get an AI explanation
Not sure what this means for you? Have your preferred AI assistant read this page and summarize it in plain language.
This Privacy Policy explains how InspireCyber("InspireCyber," "we," "us," or "our") collects, uses, discloses, stores, and otherwise handles personal information when you access or use our websites, applications, products, and services (collectively, the "Services").
We are committed to protecting your privacy and to handling personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") and other applicable US state privacy laws, and, where it applies, the EU and UK General Data Protection Regulation ("GDPR"). If any term of this policy conflicts with a mandatory requirement of a law that applies to you, that law prevails to the extent of the inconsistency.
1. Who we are and who is responsible for your information
The Services are operated from Australia. The entity responsible for your personal information is Newframe Group Pty Ltd (ABN 77 625 015 983), Level 14, 5 Martin Place Sydney, NSW, 2000. You can reach our privacy team using the details in the Contact us section.
2. Scope of this policy
This policy applies to personal information we handle as a controller – for example, information about visitors to our websites, prospective customers, account holders, and the individual users of our Services.
Where our customers use the Services to process personal information about their own end users, staff, or contacts ("Customer Data"), we generally act as a processor (or service provider) on the customer's behalf and handle that information under our customer agreement and our Data Processing Addendum, not this policy. If you are an individual whose information is contained in Customer Data, please direct privacy requests to the relevant customer (the controller), who is responsible for that information. We will provide reasonable assistance to that customer in responding to your request.
3. Personal information we collect
"Personal information" (also called "personal data" or "personal information" under US law) means information that identifies, relates to, or could reasonably be linked to an identifiable individual. The categories we collect include:
3.1 Information you provide to us
- Account and profile information – such as your name, email address, password or passkey credentials, job title, organisation, and profile photo.
- Billing and transaction information – such as your billing contact, billing address, plan, and partial payment details. Card payments are processed by our payment providers; we do not store full card numbers.
- Content and communications – information you submit through the Services, support requests, survey responses, and correspondence with us.
- Marketing and event information – your preferences, and details you give us at events, webinars, or when subscribing to communications.
3.2 Information we collect automatically
- Device and connection data – IP address, browser type, operating system, device identifiers, and language settings.
- Usage and log data – pages viewed, features used, access times, referring URLs, and actions taken within the Services, including security and audit logs.
- Approximate location – a general location (such as city or region) inferred from your IP address.
- Cookies and similar technologies – as described in Cookies and similar technologies.
3.3 Information we receive from third parties
- Single sign-on and identity providers – basic account details when you authenticate through a third-party provider.
- Payment and fraud-prevention providers – transaction status and risk signals.
- Our customers and partners – for example, when a customer invites you to join their organisation, or a reseller partner refers you to us.
- Public and commercial sources – business contact information used for marketing, where permitted by law.
3.4 Sensitive information
We do not seek to collect sensitive information (such as health, racial or ethnic origin, or biometric information) or sensitive personal information as defined under US law. If we ever need to, we will do so only with your consent or where otherwise permitted by law, and we will not use or disclose it for purposes other than those for which it was collected without your further consent.
If you do not provide personal information we reasonably require, we may be unable to provide some or all of the Services to you. Where it is lawful and practicable, you may deal with us anonymously or using a pseudonym.
4. How and why we use personal information
We use personal information to:
- provide, operate, secure, and maintain the Services;
- create and administer your account and authenticate you;
- process payments and manage billing and subscriptions;
- respond to your enquiries and provide customer and technical support;
- personalise, improve, and develop the Services, including research and analytics;
- send administrative messages, security alerts, and service updates;
- send marketing communications you have not opted out of, subject to the rules in Marketing communications;
- detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or unlawful activity;
- comply with our legal obligations and enforce our terms and agreements; and
- establish, exercise, or defend legal claims, and manage corporate transactions such as a merger or sale.
Legal bases (EEA/UK). Where the GDPR applies, we rely on one or more of the following legal bases: performance of a contract with you; your consent (which you may withdraw at any time); compliance with a legal obligation; and our legitimate interests in operating, securing, and improving the Services, where those interests are not overridden by your rights.
5. Cookies and similar technologies
We and our service providers use cookies, pixels, local storage, and similar technologies to keep you signed in, remember your preferences, measure and analyse usage, and improve and secure the Services. We use strictly necessary cookies to operate the Services, and – where required by law, and subject to your consent – functional, analytics, and (where applicable) advertising cookies.
You can control cookies through your browser settings and, where we offer one, our cookie preference tool. Some US state laws and certain browsers support an opt-out preference signal (such as Global Privacy Control); where required, we treat a valid signal as a request to opt out of "sales" and "sharing" of personal information for the relevant browser or device. Blocking some cookies may affect how the Services function.
6. How we disclose personal information
We do not sell your personal information for money. We disclose personal information only as described below:
- Service providers and sub-processors – vendors who perform services for us, such as cloud hosting, payment processing, email delivery, analytics, customer support, and security tooling. They may handle personal information only on our instructions and under contractual confidentiality and data-protection obligations.
- Affiliates – entities within our corporate group, for the purposes described in this policy.
- Professional advisers – such as auditors, lawyers, accountants, and insurers, where reasonably necessary.
- Corporate transactions – in connection with a merger, acquisition, financing, reorganisation, or sale of assets, subject to appropriate confidentiality protections.
- Legal, safety, and compliance – where we believe in good faith that disclosure is necessary to comply with a law, court order, or lawful request; to enforce our agreements; or to protect the rights, property, or safety of any person.
- With your consent or at your direction – including integrations you choose to enable.
- Aggregated or de-identified information – which can no longer reasonably identify you, and which we may use and share for any lawful purpose.
Some US laws define "sale" and "sharing" broadly to include certain disclosures for cross-context behavioural advertising. We do not knowingly sell or share the personal information of anyone we know to be under 16 years of age. Where any disclosure is treated as a "sale" or "sharing" under applicable law, you may exercise the opt-out rights described in Your privacy rights and choices.
7. Automated processing and artificial intelligence
Some features of the Services use automated processing, including machine learning and artificial intelligence, to provide functionality, analytics, and security. We do not use your personal information to make decisions that produce legal or similarly significant effects about you without a lawful basis and, where required, appropriate safeguards such as human review. We do not use Customer Data to train foundation models without the relevant customer's instruction or consent.
8. International data transfers
We operate in Australia and may store and process personal information in Australia and in other countries where we or our service providers operate. These countries may have data protection laws that differ from those in your location.
Where we disclose personal information to an overseas recipient, we take reasonable steps to ensure it is handled consistently with this policy and applicable law. For transfers subject to APP 8, we take such steps as are reasonable in the circumstances. For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.
9. Data retention
We retain personal information only for as long as is reasonably necessary for the purposes described in this policy, including to provide the Services, comply with our legal, accounting, and reporting obligations, resolve disputes, and enforce our agreements. When personal information is no longer required, we will take reasonable steps to destroy or de-identify it. Customer Data is retained and deleted in accordance with our customer agreement.
10. How we protect personal information
We maintain administrative, technical, and physical safeguards designed to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These include encryption in transit and at rest, access controls, network security, logging and monitoring, and staff training. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for activity that occurs under your account.
11. Data breach notification
We maintain procedures to detect, assess, and respond to security incidents. If an eligible data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner ("OAIC") in accordance with the Notifiable Data Breaches scheme, and we will notify individuals and regulators as required under applicable US state breach-notification laws and other applicable laws.
12. Your privacy rights and choices
Subject to applicable law and verification of your identity, you may have the following rights. To exercise any of them, contact us using the details in Contact us. We will not discriminate against you for exercising your privacy rights.
12.1 Everyone
- access and update much of your account information directly within the Services;
- opt out of marketing communications at any time (see Marketing communications); and
- manage cookies as described above.
12.2 Australia
Under the Privacy Act and the APPs, you may request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within a reasonable period and may charge a reasonable cost-recovery fee for access (but not for making a request). If we refuse access or correction, we will give you written reasons and information about how to complain. You may complain to us first; if you are not satisfied with our response, you may complain to the OAIC at www.oaic.gov.au.
12.3 United States (California and other states)
Depending on your state of residence (for example, California, Virginia, Colorado, Connecticut, Utah, Texas, and others), you may have the right to:
- know and access the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties to whom we disclose it;
- correct inaccurate personal information;
- delete personal information we have collected from you, subject to legal exceptions;
- obtain a portable copy of certain personal information you provided;
- opt out of the "sale" or "sharing" of personal information and of targeted/cross-context behavioural advertising; and
- limit the use and disclosure of sensitive personal information, where applicable.
You may make a request yourself or through an authorised agent. We will verify your request and respond within the timeframes required by law. If we deny your request, you may appeal by replying to our decision; where your state provides one, you may also contact your state attorney general. California residents may also request information about disclosures for third-party direct marketing under California's "Shine the Light" law.
12.4 EEA, UK, and Switzerland
Where the GDPR applies, you may have the right to access, rectify, or erase your personal data; to restrict or object to processing; to data portability; and to withdraw consent. You may also lodge a complaint with your local supervisory authority.
13. Marketing communications
We send commercial electronic messages in accordance with the Australian Spam Act 2003 (Cth), the US CAN-SPAM Act, and other applicable laws. Every marketing email includes an unsubscribe mechanism, and you can opt out at any time by using it or by contacting us. We will action opt-out requests promptly. We may still send you non-marketing service and transactional messages necessary to operate the Services.
14. Children's privacy
The Services are intended for business use and are not directed to children. We do not knowingly collect personal information from children under 16, and we do not knowingly collect personal information from children under 13 in a manner that would require parental consent under the US Children's Online Privacy Protection Act (" COPPA"). If you believe a child has provided us with personal information, please contact us and we will take reasonable steps to delete it.
15. Third-party websites and services
The Services may link to, or integrate with, third-party websites and services that we do not control. This policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review their privacy notices.
16. Changes to this policy
We may update this policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as by posting a notice within the Services or emailing you. The "Last updated" date at the top of this page shows when it was last revised. Your continued use of the Services after an update takes effect indicates your acceptance of the revised policy, to the extent permitted by law.
17. Contact us
If you have a question, request, or complaint about this policy or how we handle personal information, please contact our privacy team. We will acknowledge your complaint, investigate it, and respond within a reasonable time.
InspireCyber
Attn: Privacy Officer
Newframe Group Pty Ltd (ABN 77 625 015 983), Level 14, 5 Martin Place Sydney, NSW, 2000
Email: support@inspirecyber.com
If you are in Australia and are not satisfied with our response, you may contact the OAIC at www.oaic.gov.au.