Skip to content
PRIVACY POLICY

Your data, our responsibility.

Last updated: 5 June 2026 (rev. 6 — disclosed self-hosted error monitoring)

Edos Solutions Pty Ltd ("Edos", "we", "us", "our") provides server infrastructure and IT services to Australian businesses. We respect your privacy and we run our stack — including the systems that handle your enquiry — on Australian-hosted infrastructure that we operate ourselves. This policy explains what we collect, why, where it lives, and what rights you have. It is written in plain English.

1. The short version

  • If you submit the contact form, we collect what you give us (name, company, email, what you're interested in, your message) and use it to reply. If you tick the marketing-consent box, we may also email you Edos security insights and product updates (unsubscribe anytime).
  • If you use one of our free security tools, we record the domain you check, plus your IP address and browser, so we can run the scan and understand which tools are used. We may follow up about a scanned domain (see section 3).
  • We use website analytics — Google Analytics 4, Microsoft Clarity, and Plausible — to understand how the site is used. GA4 and Clarity set cookies; Plausible does not. The contact form is protected by Cloudflare Turnstile. These are described in section 3.
  • Enquiry and lead data is stored on servers we operate in Australia. Analytics, anti-bot, and prospect-enrichment processing involves the third-party providers named in sections 3 and 6, some based overseas.
  • You can ask us at any time what we hold about you, correct it, or have it deleted. Email info@edos.com.au.

2. Who is responsible for your data

The data controller is Edos Solutions Pty Ltd (ABN 39 113 606 410), an Australian company based in Sydney, NSW. Contact:

3. What we collect

When you submit the contact form on this site, we collect:

  • Name
  • Company (optional)
  • Email address
  • Service interest (which of our offerings prompted the enquiry)
  • The message you write
  • Whether you have opted in to marketing email (the consent checkbox below the message field — defaults to unchecked; only ticked if you actively tick it)

Where this is stored

Each submission is recorded as a row in our leads database — a private MariaDB database running on the same Sydney server as this website. The row contains the fields above plus your IP address, browser user-agent, and the submission timestamp (used for abuse prevention and audit). The same submission is also emailed to our internal mailbox so that a senior engineer can reply directly. Both copies live entirely on Australian-hosted infrastructure that Edos operates.

Our web server also records standard request metadata for security and abuse prevention: source IP address, browser user-agent string, and timestamp. This is retained in rotated nginx access logs for no longer than 30 days and is not combined with any of your contact-form information.

Free security tools

This site offers free, browser-based security tools (email authentication checks, DNS and MX lookups, blacklist checks, domain and website security scans). When you run any of these tools, we record:

  • The domain or address you check, and which tool you used.
  • Your IP address and browser user-agent, to run the scan, apply rate limits, and prevent abuse.

This is stored in a separate leads table in the same Australian MariaDB database described above. Because the domains checked are typically business domains, we may use this information — together with the prospect enrichment described in section 4 — to identify and contact relevant Australian businesses about their security posture. If you do not want a scanned domain used this way, email info@edos.com.au and we will delete the record.

Website analytics and third-party services

To understand how this website is used and to protect it from abuse, we use the following third-party services. Some are based overseas, which is a cross-border disclosure under APP 8 of the Privacy Act 1988:

  • Google Analytics 4 (Google LLC, USA) — measures page views and site usage. Sets first-party analytics cookies (e.g. _ga) and processes your IP address and usage events.
  • Microsoft Clarity (Microsoft Corporation, USA) — produces aggregate usage analytics and session insights (such as heatmaps and interaction playback). Sets cookies (e.g. _clck, _clsk).
  • Plausible Analytics (EU-hosted) — privacy-focused, cookieless aggregate analytics. Does not set cookies or track you across sites.
  • Cloudflare Turnstile (Cloudflare, Inc., USA) — a privacy-friendly anti-bot check on the contact form. It receives your IP address to verify you are not a bot and may set a short-lived challenge cookie.

We do not run third-party advertising trackers (no advertising pixels, no remarketing tags) and we do not sell your personal information.

We also run self-hosted error monitoring (GlitchTip) on our own Australian infrastructure to capture technical error reports when something on the site breaks. It records the error and basic technical context (such as the page URL and browser type); it is configured not to attach your IP address, cookies, or form contents, and the data is not shared with any third party.

Cookies

The analytics and anti-bot services above (Google Analytics 4, Microsoft Clarity, and Cloudflare Turnstile) set first-party cookies as described. Plausible does not. You may also encounter short-lived first-party cookies set for technical reasons (such as the CSRF token and session continuity on form submission). You can block or delete cookies in your browser settings; the site's core content will still work, though some interactions may be affected.

4. Why we collect it

We collect information from the contact form so we can respond to your enquiry. That is the primary, non-negotiable purpose.

Marketing email is opt-in, not opt-out. By default we will not add you to any marketing list. If — and only if — you tick the consent checkbox at the bottom of the contact form, we may also email you occasional Edos security insights, product updates, and announcements. This is consistent with the express-consent requirement of the Australian Spam Act 2003.

B2B outreach on the basis of inferred consent. In addition to the express-consent marketing above, Edos occasionally sends commercial electronic messages directly to publicly listed business email addresses where the recipient's professional role is directly relevant to the services we provide. Typical recipients include practice managers, owners, partners, operations directors, and IT decision-makers at Australian SMBs in industries with email-security exposure (such as law firms, accounting practices, medical clinics, and real-estate agencies). This is conducted on the basis of "inferred consent" under section 16 of the Australian Spam Act 2003.

Every such message clearly identifies Edos Solutions Pty Ltd, includes our ABN and Sydney physical address, and contains a functional unsubscribe mechanism — either a one-click unsubscribe link or a "reply STOP" instruction. We honour all opt-out requests within five business days and add the recipient's email to a permanent suppression list, meaning we will not contact you again from any future campaign. If you wish to stop receiving these emails, use the unsubscribe link in any message, or email info@edos.com.au with "Unsubscribe" in the subject line.

You can withdraw your marketing consent at any time by replying with the word "unsubscribe" to any marketing email we send, or by emailing info@edos.com.au. We will action the change within five business days, and you will continue to receive replies to any direct enquiries you raise.

Use of Apollo.io for prospect enrichment (cross-border disclosure — APP 8). To identify and verify publicly listed business contact details for the B2B outreach described above, Edos uses Apollo.io (Apollo.io, Inc., a company incorporated in the United States). The starting point for this enrichment may be a business domain you entered into one of our free security tools (see section 3) or a domain from a contact enquiry. Apollo.io may then process publicly available professional information — such as business name, job title, company, and business email address — as part of this enrichment process. Apollo.io is an overseas recipient under the Australian Privacy Act 1988 (APP 8). Edos takes reasonable steps to ensure Apollo.io handles personal information in a manner consistent with the Australian Privacy Principles, including by accepting Apollo.io's Data Processing Agreement. By submitting an enquiry through our contact form, or by having your business contact details publicly listed in connection with a professional role, you acknowledge that your information may be handled by overseas recipients for this purpose.

We do not re-target you with advertising — we don't run any. We do not share your email address with third-party advertisers, marketers, or list brokers.

5. Where it is stored

Your information is stored on Australian-hosted infrastructure that Edos operates. Specifically:

  • The web server that received your form submission is in Australia.
  • The mail server that delivers your enquiry to us is the same Australian server.
  • Once received, your enquiry sits in our internal email system, also Australian-hosted.

Exception — B2B prospect enrichment: publicly listed business contact details used for B2B outreach (see section 4) may be processed by Apollo.io on infrastructure located in the United States. Enquiry data submitted via our contact form is not sent to Apollo.io.

6. Who we share it with

We do not sell or rent your personal information. The content of your enquiry message is read only by senior Edos engineers. However, the following third-party processors are involved in operating the site and our outreach, as described in sections 3 and 4:

  • Google LLC (Google Analytics 4) and Microsoft Corporation (Clarity) — website analytics (USA).
  • Plausible Analytics — cookieless website analytics (EU).
  • Cloudflare, Inc. — anti-bot protection on the contact form (USA).
  • Apollo.io, Inc. — B2B prospect enrichment for outreach (USA).
  • Listmonk (self-hosted by Edos at lists.edos.com.au) — manages our marketing email list and unsubscribes; only receives details of contacts who have opted in or are contacted under inferred consent.

We will otherwise only disclose your personal information where we are legally required to (for example, in response to a valid court order or law-enforcement request), and we will tell you about it where we are legally permitted to do so.

7. How long we keep it

  • Enquiries that don't become a project: kept for 24 months, then deleted.
  • Enquiries that lead to a contract: retained as part of normal business records under Australian law (typically 7 years for tax purposes).
  • Free-tool scan records (domain, IP, user-agent): kept for up to 24 months for analytics and outreach, then deleted, or sooner on request.
  • Website analytics data: retained according to each provider's settings (Google Analytics and Microsoft Clarity default to their standard retention periods; Plausible stores only aggregate data).
  • Server access logs: rotated and deleted within 30 days.

8. How we protect it

The same way we protect our paying customers' systems: hardened Linux servers, minimal attack surface, TLS everywhere, principle-of-least-privilege access, full mail filtering, and 24/7 monitoring on critical paths. Access to enquiry data is restricted to the engineers who need it to respond to you.

9. Your rights under the Privacy Act 1988

Under Australian privacy law, you have the right to:

  • Access — ask us what personal information we hold about you.
  • Correct — ask us to fix anything that's inaccurate or out of date.
  • Delete — ask us to remove your information from our systems (where we are not legally required to retain it).
  • Object — withdraw your consent for any processing that relies on consent.
  • Complain — to us first, and to the Office of the Australian Information Commissioner (OAIC) if you're not satisfied.

How to exercise these rights

Email info@edos.com.au with "Privacy request" in the subject line. We aim to respond within 5 business days and to action verified requests within 30 days.

10. Complaints

If you believe we've mishandled your personal information, please tell us first at info@edos.com.au. We take privacy concerns seriously and will investigate any complaint promptly.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner:

11. Changes to this policy

We may update this policy from time to time as our systems and the law evolve. The "Last updated" date at the top will reflect any change. We will not retrospectively reduce your rights without your consent.

12. Contact

For any question about this policy or your information:

Back to home