Privacy

This page summarizes ThreatDefence’s approach and commitment to protecting customer and user privacy. For the full Privacy Policy, please refer to: ThreatDefence Privacy Policy

Our Commitment

ThreatDefence is committed to safeguarding the confidentiality, integrity, and availability of customer data. We handle all data in line with global privacy regulations and industry best practices, ensuring that people, processes, and technology — including our platform and SOC operations — are always in scope.

Key Principles

• Minimal Data Collection: We collect only what is required to deliver our services (e.g., log data, telemetry, user account details).

• Purpose Limitation: Data is used strictly for security operations, monitoring, and compliance obligations.

• Transparency: Customers are informed of what data is collected, how it is processed, and for what purpose.

• Security by Design: Data is encrypted in transit and at rest, with strict access controls and ongoing audits.

• Customer Rights: We support customer rights to access, correct, and remove personal data where required by law.

Data Handling

• Retention: Security and operational data is retained only for periods defined in contracts or regulatory obligations.

• Sharing: ThreatDefence does not sell customer data. Limited sharing may occur with trusted service providers under strict contractual obligations.

• Global and Local Compliance: Our operations comply with global standards such as ISO 27001, SOC 2, PCI DSS, GDPR and HIPAA.

Australian Privacy Compliance

For customers hosted in Australia, ThreatDefence is compliant with:

• Privacy Act 1988 (Cth) – Including the Australian Privacy Principles (APPs).

• ASD ISM (Information Security Manual) – Ensuring privacy controls align with national security frameworks.

• Data Sovereignty Commitments – All Australian customer data is processed and stored onshore in Tier-4 certified datacentres.