Security Policy and Practices

At EmailCollect, we take the security of your personal information seriously. We have implemented measures to reasonably protect your personal information from misuse, loss, unauthorised access, modification, or disclosure. These measures include:

Data Transmission Security

We utilize encryption protocols to secure data during transmission, ensuring that any information exchanged between your device and our servers is protected.

Data Storage Security

We employ industry-standard security practices to safeguard your data at rest. This includes the use of encryption and access controls to prevent unauthorised access.

Third-Party Providers

For the management of sensitive data, such as payment processing, we partner with trusted third-party providers who have robust security measures in place. These providers, such as Paddle.com or Stripe.com, adhere to strict security standards and industry best practices to ensure the protection of your information.

Transparency and Compliance

While we do not publish an annual Transparency Report, we are committed to maintaining transparency and complying with applicable laws and regulations. Our Privacy Policy outlines how we handle requests from law enforcement authorities and provides the necessary procedures for responding to such requests.

Security Practices

At EmailCollect, we prioritise the security of our systems, infrastructure, and the data entrusted to us by our users. This document outlines our standard security practices to provide transparency and assurance regarding the measures we have in place to protect your information.

1. Data Protection

We implement industry-standard security measures to protect your data from unauthorised access, alteration, or disclosure.

We regularly assess and update our security controls to address emerging threats and vulnerabilities.

Our systems and infrastructure are designed to ensure the confidentiality, integrity, and availability of your data.

2. Encryption

We utilize strong encryption techniques to protect data transmission and storage. This includes encryption in transit using SSL/TLS protocols and encryption at rest using robust encryption algorithms.

User authentication and access to sensitive information are protected through secure login mechanisms and strict access controls.

3. System Monitoring and Logging

We employ continuous monitoring and logging mechanisms to detect and respond to security incidents promptly.

Logs are regularly reviewed and analysed to identify any unauthorised activities or potential security breaches.

4. Access Controls

We have implemented strict access controls to ensure that only authorised personnel have access to your personal information. Our employees undergo regular security training to ensure the protection of your data.

5. Third-Party Providers

When engaging third-party service providers, we carefully evaluate their security practices to ensure they meet industry standards and comply with applicable regulations.

We enter into agreements with these providers to maintain the confidentiality and security of the data they handle on our behalf.

6. Incident Response

In the event of a security incident or data breach, we have established procedures in place to promptly respond, investigate, and mitigate the impact.

We will notify affected users in accordance with applicable laws and regulations, providing necessary guidance and support.

7. Updates and Maintenance

We regularly update and patch our systems, applications, and infrastructure to address known vulnerabilities and improve security.

We monitor security advisories and promptly apply patches or upgrades to mitigate potential risks.

8. Compliance

We strive to comply with relevant data protection laws and regulations, including but not limited to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act), which govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information, and the General Data Protection Regulation (GDPR) and any other applicable industry-specific requirements.

9. Data Retention and Disposal

When your personal information is no longer needed for the purpose for which it was obtained, we will take all reasonable steps to permanently de-identify it. However, please note that certain personal information may be stored in client files as required by regulatory obligations, such as those imposed by the Australian Securities & Investments Commission (ASIC), which states we must make and keep a record of what we did to identify our customer and the identifying information they presented (to be retained for a minimum period of seven (7) years), and the Australian Tax Office (ATO), which states we must retain our sales records for a period of five (5) years.

While we implement security measures to protect your personal information, it’s important to note that no method of transmission or storage over the internet can guarantee absolute security. However, we are committed to maintaining industry best practices and regularly reviewing and improving our security practices to safeguard your information to the best of our abilities.

We prioritise regular reviews and updates of our Security Practices to address emerging threats, evolving technology, and ensure compliance with applicable laws and regulations. Therefore, please be aware that this page may be updated without prior notice to reflect our ongoing commitment to data security.

For more details about how we collect, use, and handle your personal information, please refer to our Privacy Policy.