Privacy Policy

Stormcloud Pty Ltd (ABN pending) ("Stormcloud", "we", "us", or "our") is committed to protecting the privacy of individuals who interact with our cloud security operations platform. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Act 1988 (Cth) and the EU General Data Protection Regulation (GDPR).

1. Who We Are

Stormcloud Pty Ltd is headquartered in Adelaide, SA 5000, Australia. We operate a cloud security operations platform that helps organisations detect, investigate, and respond to security threats.

2. Information We Collect

We collect the following categories of personal information:

• Account Information: name, email address, organisation name, and role when you register for or are invited to use the platform.
• Usage Data: interaction logs, feature usage patterns, session duration, and browser/device information to improve our services and support experience.
• Security Telemetry: log data, alert metadata, and security event information ingested by tenants through configured connectors. This data is processed on behalf of the tenant organisation and is owned by the tenant.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Stormcloud platform.
• Authenticate users and enforce role-based access controls.
• Generate security analyses, triage recommendations, and AI-powered insights.
• Communicate service updates, security advisories, and support responses.
• Comply with legal obligations and respond to lawful requests.

4. Data Processing and Storage

All platform data is processed and stored within Amazon Web Services (AWS) in the ap-southeast-2 (Sydney) region. Database services are provided by Neon PostgreSQL. We employ encryption at rest and in transit for all data.

5. Data Retention

The default data retention period is 12 months from the date of collection. Tenant administrators may configure custom retention periods for their organisation's data through the platform settings. Upon account termination, data is deleted within 30 days unless a longer retention period is required by law.

6. Your Rights

Under the Australian Privacy Act and the GDPR, you have the right to:

• Access: request a copy of the personal information we hold about you.
• Correction: request correction of inaccurate or incomplete personal information.
• Deletion: request deletion of your personal information, subject to legal retention obligations.
• Data Export: request a machine-readable export of your personal information.
• Objection: object to the processing of your personal information in certain circumstances.
• Restriction: request restriction of processing of your personal information.

To exercise any of these rights, please contact us using the details below. We will respond to your request within 30 days.

7. Data Sharing and Disclosure

We do not sell personal information. We may share information with third-party service providers who assist in operating the platform (such as AWS and Neon), subject to appropriate data processing agreements. We may also disclose information where required by law, regulation, or valid legal process.

8. International Data Transfers

Where personal information is transferred outside of Australia or the European Economic Area, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy assessments as required by applicable law.

9. Security

We implement industry-standard security measures including encryption, access controls, audit logging, and regular security assessments to protect your personal information against unauthorised access, loss, or misuse.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

• Email: privacy@stormcloud.com.au
• Address: Stormcloud Pty Ltd, Adelaide SA 5000, Australia