Legal

Privacy Policy

Digital & Cyber Strategies Pty Ltd (ABN 82 664 484 093) ("we", "us", "our") is committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Last updated: 9 May 2026.

Plain-English summary. We collect only what we need to respond to your enquiries, deliver our advisory work, and run a small professional services business. We do not sell personal information. We do not currently use advertising, analytics or tracking cookies. Our contact form is processed within Australia (AWS Sydney, ap-southeast-2) by an isolated, least-privilege function and the resulting email is sent to a single business inbox.

1. Information we collect

Personal information is information about an identified individual or about an individual who is reasonably identifiable. We collect personal information that is reasonably necessary for our functions and activities, which may include:

name, organisation, role and professional contact details (email, phone) provided when you contact us or engage our services;
information you choose to include in messages or briefings you send us;
contractual information necessary to enter into and perform an engagement (billing details, statement-of-work participants);
records of communications between us; and
information we reasonably need to comply with our legal, professional or regulatory obligations.

We do not knowingly solicit information from minors. We do not collect government identifiers (such as Tax File Numbers or driver licence numbers) unless required to comply with a specific legal obligation.

2. How we collect personal information

We collect personal information directly from you when you contact us, complete our website contact form, exchange emails or correspondence with us, or engage us under a written agreement. We may also receive information from third parties (such as a colleague who refers you) — where this happens, we will protect that information consistent with this policy.

3. Why we collect, hold and use personal information

We use personal information only for purposes you would reasonably expect, including:

responding to your enquiry and arranging exploratory discussions;
providing the advisory services you have engaged us to provide;
operating, maintaining and improving our website and basic security monitoring;
meeting our legal, professional and contractual obligations; and
communicating with you about matters directly relevant to an active engagement.

We do not use your personal information for direct marketing without a clear, separate opt-in.

4. Cookies, analytics and the website

This website does not currently set advertising, analytics or third-party tracking cookies. A small number of strictly necessary cookies or local-storage values may be set to remember preferences such as a cookie-banner acknowledgement; these do not identify you and are not shared with third parties.

If we introduce analytics in the future, we will update this policy and provide an opt-in or opt-out mechanism.

5. Contact form processing

When you submit the contact form on this site, your message is transmitted over TLS to a service running entirely within Amazon Web Services in Australia (Sydney region, ap-southeast-2). The flow is:

HTTPS request from your browser to Amazon CloudFront (with AWS WAF rate-limiting and abuse protection);
forwarded to a single AWS Lambda function with least-privilege IAM permissions, used only to send a single email to a controlled business inbox;
function input is validated, length-bounded, and stripped of HTML; logs are restricted to operational metadata and never include the message body;
no copy of your submission is persisted in databases or object stores beyond the operational email inbox; AWS service logs are retained for the minimum useful period (typically 14–30 days) and then automatically deleted.

The form uses a hidden honeypot field and a server-side time check to discourage automated abuse. We retain a basic anti-abuse signal (such as the originating IP for a short period) only for the purpose of rate-limiting and incident response.

6. Disclosure of personal information

We do not sell personal information. We disclose personal information only:

to service providers reasonably necessary to operate our business (for example, our cloud hosting provider for website infrastructure or our professional accountancy provider) under confidentiality obligations and on a need-to-know basis;
to a client or counter-party where you are participating in an engagement and disclosure is necessary to perform the work;
where we are required or authorised by law (for example, in response to a lawful request from a regulator or court); and
where you have given us consent.

Where information is processed on our behalf by service providers outside Australia, we take reasonable steps to ensure those providers handle the information consistently with the APPs.

7. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Measures include encryption in transit (HTTPS / TLS), least-privilege access controls, identity and access reviews, secure password and key management, and monitoring of our cloud environment. Despite these measures, no system can be guaranteed impenetrable; transmission of information over the internet is at your own risk.

8. Retention

We retain personal information only for as long as it is reasonably necessary for the purposes for which it was collected and to comply with our legal obligations (for example, taxation and corporations-law record-keeping). When information is no longer required, we take reasonable steps to destroy or de-identify it.

9. Accessing and correcting your personal information

You have a right under APP 12 and APP 13 to ask for access to the personal information we hold about you and to request correction of any information that is inaccurate, out-of-date, incomplete, irrelevant or misleading. Please contact us at contact@digitalcyberstrategies.com. We may need to verify your identity before responding. We will respond within a reasonable period and, where we charge a fee, will explain that fee in advance.

10. Complaints

If you believe we have breached the Australian Privacy Principles or this policy, please contact us at contact@digitalcyberstrategies.com with the words "Privacy complaint" in the subject line. We will acknowledge your complaint promptly and respond in a reasonable time.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

11. Third-party sites

This site links to third-party sites (such as LinkedIn, shaun-price.com and metagentity.ai). We are not responsible for the content or privacy practices of those sites; please consult their privacy policies before providing personal information to them.

12. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always published at this page, with a "last updated" date at the top.

13. Contact

Privacy queries: contact@digitalcyberstrategies.com
Postal: Digital & Cyber Strategies Pty Ltd, Sydney, NSW, Australia
ABN: 82 664 484 093

This page replaces the prior Privacy Policy that was originally generated in March 2018. The substantive intent of that policy is preserved. The text has been refreshed for clarity, alignment with the current Australian Privacy Principles, and to reflect the present technical processing of the contact form. We recommend you have a privacy-law practitioner review this policy before relaunch.