Privacy Policy

1. Overview

TEQNIX Pty Ltd ("TEQNIX", "we", "us", "our") is committed to protecting the privacy of individuals who interact with our website, services, and platform. This Privacy Policy explains how we collect, use, hold, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our website (teqnix.io) or services, you consent to the collection, use, and disclosure of your personal information as described in this Policy.

2. What We Collect

We collect the following categories of personal information:

We do not collect sensitive information (as defined by the Privacy Act) unless it is strictly necessary and you have provided explicit consent.

3. How We Collect It

We collect personal information directly from you when you:

• Create an account or submit a service order on our platform
• Complete the FastPentest™ sign-up form (including at each stage of the multi-step process)
• Submit a contact form or enquiry
• Communicate with us by email, phone, or through our platform chat
• Visit our website (through cookies and server logs — see Section 10)

We collect only information you voluntarily provide. You are not required to provide all requested information, but failure to provide certain information may prevent us from delivering our services.

4. Why We Collect It

We collect and use personal information for the following purposes only:

• To create and manage your account
• To scope, schedule, and deliver penetration testing engagements
• To provide you with access to the TEQNIX client platform and testing dashboard
• To process payments and issue invoices
• To communicate with you about your engagement, findings, and remediation
• To send service-related notifications (e.g., testing start, report ready)
• To comply with applicable legal obligations
• To protect the security and integrity of our platform

We do not use your personal information for direct marketing without your explicit consent. We do not use it to train machine learning models or to derive profiles for any purpose other than service delivery.

5. We Do Not Share Your Data

We may disclose personal information only in the following limited circumstances:

• Service delivery subcontractors: Security engineers or technical contractors engaged by TEQNIX to assist in delivering your engagement. These parties are bound by confidentiality agreements and may only use information for the purpose of delivering your service.
• Payment processing: Stripe, Inc. processes payment information on our behalf. TEQNIX does not receive or store card details. Stripe's privacy practices are governed by Stripe's own Privacy Policy.
• Legal compliance: Where required by applicable law, a court order, or a regulatory body with lawful authority. We will notify you of such a requirement where legally permissible.
• Business transfers: In the event of a merger, acquisition, or sale of TEQNIX's business, personal information may be transferred as part of that transaction. We will notify affected individuals in advance and ensure the acquiring party is bound by equivalent privacy obligations.

6. Engagement Data

Data collected or generated during the course of a security testing engagement — including vulnerability findings, screenshots, payloads, test logs, and reports — is classified as engagement data. This data:

• Is collected and held solely for the purpose of delivering the engagement you have contracted for
• Is accessible only to TEQNIX engineers assigned to your engagement and to you through the client platform
• Is not shared with any third party except as described in Section 5
• Is not used to train models, benchmark services against other clients, or for any purpose other than your specific engagement
• Is retained for twelve (12) months following engagement completion and then securely deleted

7. Security

TEQNIX takes reasonable technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, or destruction. These include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of data at rest
• Access controls limiting data access to authorised personnel on a need-to-know basis
• Multi-factor authentication for all internal systems
• Regular internal security reviews and assessments

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

8. Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Account information: Retained while your account is active and for up to 3 years after account closure for legal and accounting purposes
• Engagement data: 12 months from engagement completion, then securely deleted
• Financial records: 7 years as required by Australian tax law
• Marketing opt-in records: Until you withdraw consent

9. Your Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Complaint: Lodge a complaint with us, and if not resolved, with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, contact us at privacy@teqnix.io. We will respond within 30 days.

10. Cookies & Tracking

Our website uses cookies and similar technologies for the following purposes:

• Essential cookies: Required for the website and platform to function (session management, security)
• Analytics: Aggregate, anonymised data about how visitors use our website. We do not use Google Analytics or other third-party analytics services that share data with advertising networks.

We do not use advertising cookies, cross-site tracking cookies, or any cookies that follow you across the web. You can disable cookies in your browser settings, though this may affect the functionality of our platform.

11. Cross-Border Disclosure

TEQNIX operates primarily in Australia. Some of our infrastructure and subprocessors may be located overseas (including the United States and Singapore). Where personal information is transferred internationally, we take reasonable steps to ensure it receives equivalent protection, including through contractual arrangements that impose privacy obligations on the recipient.

By using our services, you consent to the transfer of your personal information as described in this section.

12. Children's Privacy

Our services are intended for business use by adults aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will delete it promptly.

13. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The updated Policy will be posted at teqnix.io/privacy with the revision date. We will notify existing customers of material changes by email.

14. Contact & Complaints

For privacy-related questions, requests, or complaints, please contact our Privacy Officer:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• GPO Box 5218, Sydney NSW 2001