1. Who we are

Oday Pty Ltd is an Australian-owned cybersecurity company providing AI-powered penetration testing and vulnerability assessment services. Our contact details are:

• Email: hello@oday.com.au
• Phone: 0420 277 414
• Website: oday.com.au

2. What information we collect

We collect personal information necessary to provide our services and respond to enquiries. This may include:

• Contact details: name, email address, phone number, business name, state/territory
• Service information: application URLs, environment details, and scope information you provide when booking an engagement
• Communications: emails, contact form submissions, and phone call records
• Website usage: IP addresses, browser type, pages visited (via standard web server logs)

We do not collect sensitive personal information (health, financial, or biometric data) in the course of providing cybersecurity services.

3. How we collect information

We collect information directly from you when you:

• Submit an enquiry or order form on our website
• Contact us by phone or email
• Enter into a service agreement with us
• Download or access resources on our website

4. How we use your information

We use your personal information to:

• Deliver the cybersecurity services you have engaged us to provide
• Respond to enquiries and provide quotes
• Communicate about your engagement, including delivering reports
• Send relevant security guidance and updates (where you have opted in)
• Comply with our legal and regulatory obligations
• Improve our services and website

We will not use your information for purposes unrelated to those above without your consent.

5. Disclosure of your information

We do not sell, rent, or trade your personal information. We may share information in limited circumstances:

• Service delivery: with sub-contractors or tools necessary to deliver your engagement (under confidentiality obligations)
• Legal obligations: if required by law, court order, or a regulatory authority
• Business transfers: in the event of a merger or acquisition (you will be notified)

We do not disclose client identities, engagement details, or security findings to third parties without your written consent.

6. Data security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Security measures include encrypted communications, access controls, and secure file handling for all engagement deliverables.

Reports and credentials are delivered via secure, encrypted channels. We do not transmit sensitive engagement data over unencrypted email.

7. Data retention

We retain personal information for as long as necessary to fulfil the purpose it was collected for, including legal and accounting requirements. Engagement files including reports are retained for 7 years in accordance with standard professional services practice. You may request earlier deletion — see section 9.

8. Overseas disclosure

We primarily store and process data in Australia. Where we use overseas cloud services (e.g. email infrastructure), we take reasonable steps to ensure those providers maintain security standards consistent with the APPs.

9. Your rights

Under the Privacy Act, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or out-of-date information
• Request deletion of your information (subject to legal retention obligations)
• Complain about a breach of your privacy rights

To exercise any of these rights, contact us at hello@oday.com.au. We will respond within 30 days.

10. Cookies and analytics

Our website uses standard web server logs and may in future use analytics tools. We do not currently use third-party advertising cookies. If this changes, this policy will be updated and notice provided.

11. Notifiable Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. In the unlikely event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

12. Complaints

If you believe we have breached your privacy rights, please contact us first at hello@oday.com.au. If you are not satisfied with our response, you may lodge a complaint with the OAIC at oaic.gov.au.

13. Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance.