Privacy Policy

1. Introduction

INNONET PTY LTD ACN 625 992 529 ATF ABN 31598198475 trading as "CYBERWHITE" ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity assessment platform and related services.

2. Information We Collect

2.1 Information You Provide

• Account registration information (name, email, company details)
• Profile information and organizational data
• Assessment responses and security questionnaire data
• Microsoft 365 tenant data (when you connect your M365 environment)
• Payment and billing information
• Communications with our support team

2.2 Information We Collect Automatically

• Usage data and platform analytics
• Device information (IP address, browser type, operating system)
• Log files and system performance data
• Cookies and similar tracking technologies

2.3 Microsoft 365 Integration Data

• Security scores and compliance status
• Security policies and configurations
• User and license information
• Security alerts and recommendations

3. How We Use Your Information

We use the collected information to:

• Provide and maintain our cybersecurity assessment services
• Process security assessments and generate compliance reports
• Analyze your security posture using our CARS algorithm
• Provide cross-framework compliance mapping and recommendations
• Process payments and manage subscriptions
• Send service-related communications and updates
• Improve our platform and develop new features
• Ensure platform security and prevent fraud
• Comply with legal obligations

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

4.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, including cloud hosting, payment processing, and analytics services.

4.2 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

4.4 MSP Client Data

For MSP accounts, client data is only accessible to the authorized MSP account holders and their designated users.

5. Data Security

We implement comprehensive security measures to protect your information:

• Encryption in transit and at rest using industry-standard protocols
• Multi-factor authentication and access controls
• Regular security audits and vulnerability assessments
• Secure cloud infrastructure with redundancy and backup systems
• Employee training on data protection and security practices
• Incident response procedures for security breaches

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account data: Retained while your account is active and for 3 years after closure
• Assessment data: Retained for 7 years for compliance and audit purposes
• Payment records: Retained for 7 years as required by financial regulations
• System logs: Retained for 12 months for security and troubleshooting

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request transfer of your data in a structured format
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session and preferences
• Analyze platform usage and performance
• Provide personalized content and recommendations
• Ensure platform security and prevent fraud

You can control cookie settings through your browser preferences, though this may affect platform functionality.

9. International Data Transfers

Your information may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adequacy decisions.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

11. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our platform. The "Last updated" date indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: