PRIVACY POLICY

Cyber IP Pty Ltd ABN 72 669 216 004 trading as Brighten Tech

Last updated: 25 May 2026

1.  Our commitment to your privacy

Cyber IP Pty Ltd ABN 72 669 216 004, trading as Brighten Tech ("Brighten Tech", "we", "us" or "our"), is committed to protecting your privacy and to handling personal information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs").

This Privacy Policy explains how we collect, use, store, disclose and protect personal information, and how you can access, correct or complain about the personal information we hold about you. It applies to Brighten Tech and to each of our related bodies corporate, subsidiaries and affiliates that adopts it (together, the "Brighten Group").

In this Privacy Policy, "personal information" has the meaning given in the Privacy Act. "Sensitive information" is a subset of personal information that includes (for example) information about an individual's health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal record.

2.  About Brighten Tech

Brighten Tech is an Australian provider of dark net and external threat intelligence services. We aggregate, process and surface signals relating to data exposure, credential leaks and other cyber threat indicators for our customers, which include enterprise, government and channel-partner organisations.

Please contact us if you would like a current list of the companies that comprise the Brighten Group and are subject to this Privacy Policy.

3.  Information we collect

The personal information we collect depends on the nature of your interaction with us. The categories of personal information we typically collect are set out below.

3.1       Customers and prospective customers. If you enquire about, evaluate, purchase or use our products or services, we may collect your name, business name, position, work and personal contact details (including email, telephone and address), billing and payment information, identification information (where required by law or for fraud prevention), account credentials, correspondence with us, and any other information you choose to provide.

3.2       Personnel of customers, partners and suppliers. Where your employer or organisation deals with us, we may collect your name, role, business contact details, professional credentials and the content of communications between us.

3.3       Website visitors. When you visit www.brightentech.ai we may automatically collect technical information including your IP address, device identifiers, browser type and version, operating system, referring URL, pages viewed, time spent on pages and click activity. We collect this information using cookies, pixels, server logs and similar technologies (see clause 8).

3.4       Subscribers and event attendees. If you subscribe to our mailing list, register for an event or webinar, or download a publication, we may collect your name, contact details, organisation and preferences.

3.5       Job applicants. If you apply for a role with us, we may collect your CV, contact details, work history, qualifications, references and other information necessary to assess your application.

3.6       Personal information surfaced through our services. In the course of providing our threat intelligence services, our platform may surface personal information (including credentials, contact details and other identifying data) that has been exposed on dark net, deep web or open web sources by third parties. This personal information is not collected from the individuals concerned: it originates from third parties wholly outside our knowledge, possession, custody or control. We process such information for the limited purposes of detecting, analysing and reporting cyber threats and data exposures on behalf of our customers, in reliance on the cyber security exception or other applicable bases under the APPs and equivalent laws.

3.7       Sensitive information. We do not generally seek to collect sensitive information about you. If we do, we will obtain your consent unless an exception under the Privacy Act applies. Sensitive information that incidentally appears in personal information surfaced through our services is handled with additional safeguards and only to the extent necessary for the relevant cyber security purpose.

4.  How we collect personal information

Where reasonable and practicable, we collect personal information directly from you, including when you contact us, complete a form on our Website, attend an event, communicate with our staff, or purchase or use our services.

In some circumstances we collect personal information from third parties, including:

(a)        publicly available sources;

(b)        open, deep and dark web sources monitored by our platform (in the limited circumstances described in clause 3.6);

(c)        our customers and channel partners;

(d)        service providers, contractors and suppliers we engage; and

(e)        referees, recruitment agencies and verification services (in the case of job applicants).

5.  Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for purposes reasonably necessary for, or directly related to, our business functions and activities, including:

(a)        providing, operating, securing and improving our products and services;

(b)        responding to your enquiries, requests and complaints;

(c)        managing customer, partner and supplier relationships, including billing, payments and account administration;

(d)        detecting, investigating, analysing and reporting cyber threats and data exposures (including in the form of alerts, dashboards and intelligence reports);

(e)        research, product development, analytics and threat-intelligence tradecraft;

(f)         marketing our services and informing you of products, events, publications and opportunities that may interest you (subject to clause 6);

(g)        recruiting personnel;

(h)        complying with our legal, regulatory and contractual obligations, including mandatory reporting and notification obligations; and

(i)         exercising and protecting our legal rights, including investigating and responding to suspected misuse, fraud or breach of contract.

If we propose to use or disclose your personal information for a purpose that is not set out in this Privacy Policy and is not otherwise permitted by the Privacy Act, we will seek your consent.

6.  Direct marketing

From time to time we may use or disclose your personal information to send you marketing communications about our products, services, events and publications. You can opt out of direct marketing at any time by clicking the "unsubscribe" link in any electronic marketing communication or by contacting us using the details in clause 13. We may continue to send you transactional and relationship communications in connection with our dealings with you.

7.  Who we disclose personal information to

We may disclose your personal information to:

(a)        other members of the Brighten Group (whether in Australia or overseas);

(b)        our customers and channel partners (in the form of alerts, reports and other outputs of our services);

(c)        our service providers and contractors (including hosting, cloud infrastructure, analytics, customer support, payment processing, identity verification, marketing automation, professional advisers and IT support);

(d)        law enforcement agencies, regulators, government agencies, courts and tribunals where required or authorised by law, or where reasonably necessary to investigate or report suspected unlawful activity, child exploitation material, terrorism, sanctions breaches or threats to national security;

(e)        professional advisers (including lawyers, accountants, auditors and insurers); and

(f)         prospective acquirers, investors, financiers and their respective advisers, in connection with a proposed or actual sale, merger, financing or restructuring of any part of our business (subject to appropriate confidentiality protections).

8.  Cookies, analytics and tracking

Our Website uses cookies (small data files placed on your device) and similar technologies to operate, secure and analyse usage of the Website, to remember your preferences, and (where applicable) to deliver tailored content.

We use a combination of session and persistent cookies, and first-party and third-party cookies. Third-party cookies may be set by analytics providers (such as Google Analytics), social media platforms and content delivery providers. We do not control those third parties' use of cookies, and their use is governed by their own privacy practices.

You can configure your browser to block or delete cookies. If you do so, parts of the Website may not function properly.

9.  Overseas disclosure

Brighten Tech operates as part of a global organisation and engages service providers in a number of countries. Personal information we hold is likely to be disclosed to recipients outside Australia, including in the United States, the United Kingdom, member states of the European Union, Canada, Singapore and other countries where the Brighten Group, our customers or our service providers operate.

Before disclosing personal information overseas we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information, unless:

(a)        you have consented to the disclosure after we have informed you that APP 8.1 will not apply;

(b)        we reasonably believe the recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the APPs, and there are mechanisms you can access to enforce that protection; or

(c)        another exception in APP 8.2 applies.

10.  Security and storage

We take reasonable steps to protect personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Our security measures include administrative, technical and physical safeguards, role-based access controls, encryption (in transit and, where appropriate, at rest), network and endpoint protection, monitoring and logging, staff training, and contractual confidentiality obligations on service providers.

Despite these measures, no system can be guaranteed completely secure. Transmission of information over the internet is not entirely secure and you do so at your own risk.

We retain personal information for as long as is reasonably necessary for the purposes for which it was collected, or as required or permitted by law. When we no longer need the information, we take reasonable steps to destroy or de-identify it in accordance with APP 11.2.

11.  Notifiable Data Breaches

If we suffer an eligible data breach within the meaning of Part IIIC of the Privacy Act (the Notifiable Data Breaches scheme), we will assess the breach, take reasonable steps to contain it and prevent further harm, and, where required, notify the Office of the Australian Information Commissioner and affected individuals in accordance with the Privacy Act.

12.  Access, correction, anonymity and complaints

12.1     Anonymity and pseudonyms. You may deal with us anonymously or by pseudonym where it is lawful and practicable. In many cases (such as when you become a customer or attend an in-person event), it is not practicable for us to do so.

12.2     Access. You can request access to the personal information we hold about you by contacting our Privacy Officer (see clause 13). We will respond within a reasonable period (and in any event within 30 days of receipt of your request). There is no fee to make a request, but we may charge a reasonable cost-recovery fee for compiling and providing access. In certain circumstances permitted by the Privacy Act, we may decline access, in which case we will give you written reasons.

12.3     Correction. If you believe any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you may request that we correct it. We will take reasonable steps to correct the information or, if we decline to correct it, we will give you written reasons and (on request) add a statement to the information noting your view.

12.4     Complaints. If you have a complaint about how we have handled your personal information, please contact our Privacy Officer in writing. We will acknowledge your complaint promptly (and in any event within 7 days), investigate it and respond in writing, generally within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner by telephone on 1300 363 992 or via www.oaic.gov.au.

13.  Contact us

You can contact our Privacy Officer at:

Privacy OfficerCyber IP Pty Ltd ACN 669 216 004 t/a Brighten Tech Email:  info@brightentech.ai Phone (Australia):  1800 375 932 Phone (outside Australia):  +61 2 8527 0600 Postal address:  [insert postal address]

14.  Changes to this Privacy Policy

We may amend this Privacy Policy from time to time. The current version is available at www.brightentech.ai/privacy-policy2. The "Last updated" date at the top of this Privacy Policy indicates when it was last revised. We encourage you to review this Privacy Policy periodically.