Privacy Policy

How we collect, use, and protect your personal information.

Last updated: March 2026

CyberNinja Consulting Pty Ltd ("CyberNinja", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs).

By using our website at cyberninja.au or engaging our services, you agree to the terms of this Policy.

1. What Personal Information We Collect

We may collect the following types of personal information:

  • Contact details — name, email address, phone number, company name, and job title when you submit a contact form, book a consultation, or request a report.
  • Assessment responses — answers you provide in our free Cybersecurity Gap Assessment tool. These responses are processed entirely in your browser and are only transmitted to us if you voluntarily submit the optional email report request.
  • Communications — any information you include in emails, messages, or other correspondence with us.
  • Usage data — technical information such as IP address, browser type, pages visited, and referring URLs, collected automatically through cookies and analytics tools (see Section 5).

We do not collect sensitive information (such as health or financial records) unless specifically required to provide a service and with your explicit consent.

2. How We Collect Personal Information

We collect personal information:

  • Directly from you when you fill in forms on our website, contact us by email or phone, or engage our consulting services.
  • Automatically through cookies and similar tracking technologies when you browse our website.
  • From third parties such as referral partners, with your knowledge and consent.

3. How We Use Your Personal Information

We use personal information to:

  • Respond to your enquiries, provide quotes, and deliver the consulting services you have requested.
  • Send you the cybersecurity gap assessment report you have requested by email.
  • Send marketing communications, newsletters, and security insights where you have consented or where permitted by law. You may opt out at any time by clicking the unsubscribe link in any email.
  • Improve our website, services, and user experience based on aggregated usage analytics.
  • Meet our legal and regulatory obligations.

We will not use your personal information for any purpose that is incompatible with the reason it was collected without your consent.

4. Disclosure of Personal Information

We may share personal information with:

  • Service providers — third-party vendors who assist us in operating our website and delivering services, including:
    • Vercel Inc. (website hosting, servers located in the United States)
    • Resend Inc. (transactional email delivery)
    • Google Analytics (website analytics, if enabled)
  • Professional advisers — lawyers, accountants, and insurers under confidentiality obligations.
  • Law enforcement or regulators — where required or authorised by law.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

Where personal information is disclosed to overseas recipients (such as Vercel in the United States), we take reasonable steps to ensure those recipients handle it in a manner consistent with applicable privacy laws.

5. Cookies and Tracking Technologies

Our website uses cookies — small text files stored in your browser — to:

  • Essential cookies — enable core site functionality and security. These cannot be disabled.
  • Analytics cookies — help us understand how visitors use our site so we can improve it (e.g., pages visited, time spent). These are only set with your consent.

When you first visit our site, we will present a cookie notice giving you the option to accept or decline non-essential cookies. You can also change your cookie preferences at any time via your browser settings. Note that disabling certain cookies may affect site functionality.

6. Data Security

As a cybersecurity consultancy, we apply rigorous information security practices to protect personal information, including:

  • Encryption of data in transit using TLS/HTTPS.
  • Access controls limiting who within our organisation can access personal data.
  • Regular review of our security controls and third-party providers.

No method of electronic transmission or storage is 100% secure. If you become aware of any security issue, please contact us immediately at info@cyberninja.au.

7. Data Retention

We retain personal information for as long as necessary to fulfil the purpose for which it was collected and to comply with legal obligations. In general:

  • Contact enquiry data is retained for up to 3 years.
  • Client engagement records are retained for 7 years in accordance with Australian tax and corporate law requirements.
  • Marketing subscription data is retained until you unsubscribe or request deletion.

When personal information is no longer required, it is securely deleted or de-identified.

8. Your Rights

You have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — request erasure of your personal information, subject to our legal obligations to retain certain records.
  • Opt out — withdraw consent to marketing communications at any time.
  • Complain — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you are in Australia, or the Office of the Privacy Commissioner (OPC) if you are in New Zealand.

To exercise any of these rights, contact us at info@cyberninja.au. We will respond within 30 days.

9. Links to Third-Party Websites

Our website may contain links to third-party sites (such as our Trust Center). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the revised policy on this page with an updated effective date. We encourage you to review this page periodically. Continued use of our website after any changes constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related enquiries, access requests, or complaints, please contact our Privacy Officer:

  • Email: info@cyberninja.au
  • Post: CyberNinja Consulting Pty Ltd, 1 Sussex St, Barangaroo, Sydney NSW 2000, Australia