Privacy Policy

Effective Date: 12 December 2026

Next Scheduled Review: 15 November 2026

Introduction

At ConvergeRisk Pty Ltd (ABN 90 676 967 061) ("ConvergeRisk", "we", "our", or "us"), we are committed to protecting your privacy and ensuring that personal information is handled securely, responsibly, and transparently.

This Privacy Statement explains how we collect, use, disclose, store, and protect personal information when you interact with our website, platform, and services, and outlines your rights in relation to that information.

1. Who We Are

ConvergeRisk is headquartered in Australia and operates globally. For the purposes of applicable privacy and data protection laws, ConvergeRisk acts as the data controller (or equivalent designation under local law).

2. Global Scope and Applicable Privacy Frameworks

This Privacy Statement reflects recognised international privacy principles and is intended to align, where applicable, with global data‑protection regimes, including but not limited to:

  • European and Eastern jurisdictions: General Data Protection Regulation (GDPR)
  • United States: California Consumer Privacy Act (CCPA / CPRA) and applicable federal or sector‑based privacy laws
  • South America: Brazil's Lei Geral de Proteção de Dados (LGPD)
  • Africa: South Africa's Protection of Personal Information Act (POPIA)
  • Asia‑Pacific: Australian Privacy Act 1988, Singapore PDPA, and related regional frameworks

Privacy obligations vary by jurisdiction. This Statement is intended to support transparency and good‑faith alignment and does not represent that a single legal regime applies universally.

3. Personal Information We Collect

We may collect the following categories of personal information:

  • identity and contact details (e.g. name, email address);
  • professional and business information (e.g. organisation, role, industry);
  • technical data (e.g. IP address, browser type, device identifiers); and
  • usage data (e.g. pages viewed, session duration, referral information).

We do not intentionally collect sensitive personal information unless lawfully permitted and expressly provided.

4. How We Use Personal Information

We use personal information to:

  • operate, maintain, and improve our website, platform, and services;
  • provide access to platform features and downloadable materials;
  • respond to enquiries and support requests;
  • distribute communications where permitted by law;
  • protect the security, integrity, and availability of our systems;
  • log and monitor account activity for security, fraud prevention, and compliance with our Terms of Use; and
  • comply with legal, regulatory, and contractual obligations.

5. Legal Bases for Processing

Depending on jurisdiction, personal information is processed on one or more lawful bases, including:

  • consent;
  • performance of a contract or pre‑contractual measures;
  • compliance with legal obligations; and
  • legitimate interests, including platform security, fraud prevention, and service improvement, where such interests are not overridden by individual rights.

6. Data Storage and International Transfers

Personal information is processed and stored in Australia using Amazon Web Services (AWS) infrastructure.

Certain limited supporting and operational AWS services (such as monitoring, maintenance, and service‑management functions) may be delivered or supported from the United States. These supporting services do not change the primary location in which customer data is stored.

We also use Stripe to support payment processing and related services. Stripe's data‑processing locations are governed by Stripe's documentation and global infrastructure, which may change from time to time.

Where personal information is accessed or processed across borders, ConvergeRisk takes reasonable steps to ensure appropriate safeguards are in place in accordance with applicable privacy and data‑protection laws.

7. Disclosure of Personal Information

We do not sell personal information.

We may disclose personal information to:

  • trusted service providers supporting hosting, analytics, communications, payments, and security;
  • professional advisers and auditors; and
  • regulatory, governmental, or law‑enforcement authorities where required by law.

All third parties are required to protect personal information through contractual and legal obligations.

8. Individual Rights

Subject to applicable law, individuals may have the right to:

  • access personal information;
  • request correction or deletion;
  • restrict or object to processing; and
  • withdraw consent where processing is consent‑based.

Requests and enquiries may be directed to:

Email: privacy@convergerisk.com.au

Post: GPO Box 730, Brisbane, Queensland, Australia, 4001

Identity verification may be required.

9. Data Retention and Security

Personal information is retained only for as long as necessary to fulfil legitimate business purposes or legal obligations.

We implement reasonable technical and organisational measures designed to protect personal information from unauthorised access, misuse, loss, or disclosure. No system can be guaranteed to be completely secure.

10. Updates to This Statement

This Privacy Statement may be updated from time to time. Any changes will be published with a revised effective date.