Home
Services
ZiplineOS
About
Blog
Contact Us →
Back to Home

Privacy Policy

Last updated: March 2026  |  Effective: March 2026

Code Nexas Pty Ltd (ABN pending) (“Code Nexas”, “we”, “us”, or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you visit our websites (including codenexas.com.au and ziplineos.com.au), use our software-as-a-service platforms, or otherwise engage with our services.

This policy is prepared in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we handle information subject to the General Data Protection Regulation (GDPR) or other international data protection laws, we will comply with those requirements in addition to Australian law.

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide, including when you:

  • Create an account or register for our services
  • Subscribe to our communications or newsletters
  • Submit an enquiry, request a demo, or contact our sales team
  • Enter into a service agreement or purchase our products
  • Participate in surveys, promotions, or events
  • Apply for employment or contractor positions

This information may include:

  • Identity data: Full name, job title, company name, ABN
  • Contact data: Email address, phone number, postal address
  • Account data: Username, password (hashed), account preferences
  • Financial data: Billing address, payment card details (processed via PCI-DSS compliant third-party processors — we do not store card numbers)
  • Technical data: IP address, browser type and version, device identifiers, operating system
  • Usage data: Pages visited, features used, session duration, interaction patterns

1.2 Information Collected Automatically

When you access our websites or platforms, we automatically collect certain technical and usage data through cookies, server logs, and similar technologies. This includes:

  • Browser type, version, and language preferences
  • Device type, screen resolution, and operating system
  • IP address and approximate geographic location
  • Referring URLs, pages viewed, and navigation paths
  • Date, time, and duration of your visit

1.3 Information from Third Parties

We may receive personal information from third-party sources, including:

  • Authentication providers: When you sign in using Google, Microsoft, or other identity providers
  • Business partners: Referral partners or resellers who introduce you to our services
  • Publicly available sources: Company registries, LinkedIn, and other professional networks

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

  • Providing, operating, and maintaining our software platforms and services
  • Processing transactions and managing your account
  • Providing customer support and responding to your requests
  • Sending service-related communications, including updates, security alerts, and administrative messages

2.2 Improvement and Development

  • Analysing usage patterns to improve our products and user experience
  • Conducting research and development for new features and services
  • Performing analytics and generating aggregated, de-identified insights

2.3 Marketing and Communications

  • Sending promotional communications (only with your consent, and you may opt out at any time)
  • Personalising content and advertising based on your interests

2.4 Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our terms of service and other agreements
  • Detecting, preventing, and addressing fraud, security issues, or technical problems
  • Protecting the rights, property, and safety of Code Nexas, our users, and the public

3. Legal Bases for Processing

We process your personal information on the following legal bases:

  • Contractual necessity: Processing required to perform our obligations under a service agreement with you
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, provided these interests are not overridden by your rights
  • Consent: Where you have given us explicit consent to process your information for specific purposes (e.g., marketing communications)
  • Legal obligation: Processing required to comply with applicable laws and regulations

4. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We may share your information with the following categories of recipients:

4.1 Service Providers

We engage trusted third-party service providers who assist us in operating our business and delivering services. These providers are contractually bound to protect your information and may only use it for the specific purposes we direct. Key categories include:

  • Cloud infrastructure: Google Cloud Platform (Australian regions)
  • Authentication: AWS Cognito
  • Payment processing: Stripe (PCI-DSS Level 1 compliant)
  • Email delivery: Mailgun
  • Analytics: Google Analytics (with IP anonymisation enabled)

4.2 Professional Advisers

We may share information with our lawyers, auditors, accountants, and insurers where necessary for professional advice, audit, or insurance purposes.

4.3 Legal Requirements

We may disclose your information where required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.

5. Data Storage and Security

5.1 Data Residency

All primary customer data is hosted on Google Cloud Platform infrastructure located in Australia (sydney region: australia-southeast1). We do not transfer primary customer data outside of Australia unless explicitly required for service delivery and disclosed to you in advance.

5.2 Security Measures

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Encryption at rest: All stored data is encrypted using AES-256 encryption
  • Access controls: Role-based access control (RBAC) with principle of least privilege
  • Authentication: Multi-factor authentication for privileged access, JWT token-based session management
  • Infrastructure: Virtual private cloud (VPC) network isolation, automated vulnerability scanning
  • Monitoring: Continuous security monitoring, audit logging, and intrusion detection
  • Personnel: Background checks for employees with data access, regular security awareness training

5.3 Data Breach Response

In the event of a data breach that is likely to result in serious harm to affected individuals, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under the Notifiable Data Breaches (NDB) scheme within 30 days. We maintain a documented incident response plan and conduct regular breach response exercises.

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Active accounts: For the duration of your account or service agreement
  • After termination: For a reasonable period to fulfil legal, tax, accounting, or reporting obligations (typically 7 years for financial records as required by Australian tax law)
  • Marketing data: Until you withdraw consent or opt out
  • Server logs: Retained for up to 90 days for security and troubleshooting purposes

Upon expiry of the relevant retention period, personal information is securely deleted or de-identified.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. The types of cookies we use include:

  • Strictly necessary cookies: Required for the operation of our websites (e.g., session management, security tokens)
  • Analytical cookies: Help us understand how visitors interact with our websites (e.g., Google Analytics)
  • Functional cookies: Remember your preferences and settings

You can control cookie preferences through your browser settings. Disabling certain cookies may limit the functionality of our websites.

8. Your Rights

Under Australian privacy law and, where applicable, the GDPR, you have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Objection: Object to certain processing activities, including direct marketing
  • Data portability: Request your data in a structured, commonly used, machine-readable format
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time
  • Lodge a complaint: File a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, please contact us using the details below. We will respond to your request within 30 days.

9. International Data Transfers

Some of our third-party service providers may process data outside Australia (e.g., AWS Cognito operates in the US). Where personal information is transferred overseas, we ensure appropriate safeguards are in place, including contractual data protection clauses that comply with APP 8 (cross-border disclosure of personal information) and, where applicable, standard contractual clauses approved under the GDPR.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised “Last updated” date. For material changes, we will provide prominent notice (such as email notification or an in-app banner) prior to the changes taking effect.

12. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/privacy-complaints or by calling 1300 363 992.