Legal

Privacy policy

Last updated: 23 April 2026

Who we are

Cyber Node is the trading name of Core Nova Pty Ltd (ABN 71 665 581 162), an Australian company registered in Western Australia. Our registered office is Level 2, 152 St Georges Terrace, Perth WA 6000. For privacy questions, email sales@cybernode.au.

We are the data controller for personal information collected through this website. We are bound by the Australian Privacy Act 1988 and the Australian Privacy Principles. Where we process personal data of residents of the European Economic Area, the United Kingdom, or Switzerland, we apply the standards of the EU General Data Protection Regulation (GDPR) and the UK GDPR to that processing. Where we process personal information about California residents, we apply the California Consumer Privacy Act (CCPA) as amended by the CPRA.

What we collect and why

We collect personal information only where it is necessary for a specific purpose. The categories, purposes, and legal bases are listed below.

Enquiries and engagement

When you contact us through the website form, by email, or by phone, we collect your name, company, work email, phone (if provided), and the content of your enquiry. We use this information to respond, to provide services if an engagement follows, to manage client relationships, and to meet our legal obligations.

Legal basis: legitimate interest in responding to business enquiries (GDPR Article 6(1)(f)); contract or pre-contractual steps where an engagement follows (Article 6(1)(b)); legal obligation for records retention (Article 6(1)(c)).

Analytics and marketing (consent-gated)

If you accept the consent banner on your first visit, we collect limited technical information through third-party services to understand how visitors use the website and to support marketing activities. This includes approximate location, device type, browser, referring URL, and the pages visited. Specific services and what they collect are listed under "Cookies and consent" below.

Legal basis: your consent (GDPR Article 6(1)(a); ePrivacy Directive Article 5(3)). You may withdraw consent at any time via the Cookie settings link in the footer.

Who we share it with

We do not sell personal information. We share it only with the following categories of recipient, and only where necessary:

  • Our cloud infrastructure providers. The website and contact form run on Amazon Web Services in Australian AWS regions. Email delivery uses AWS Simple Email Service.
  • Third-party analytics and marketing services that you have consented to load. Currently: Google Analytics 4 (Google LLC, United States), LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company, Ireland, and LinkedIn Corporation, United States), and Ahrefs Web Analytics (Ahrefs Pte Ltd, Singapore).
  • Professional advisers where necessary to seek legal, accounting, or audit advice.
  • Law enforcement or regulators where required by law or legal process.

International data transfers

Some of the third-party services listed above involve transfer of personal data outside Australia, the EEA, and the UK, including to the United States and Singapore. Where such transfers occur, we rely on the following safeguards:

  • United States: Google LLC and LinkedIn Corporation are certified under the EU-US Data Privacy Framework, the UK Extension to the DPF, and the Swiss-US DPF. For transfers outside that framework, we rely on Standard Contractual Clauses.
  • Singapore: Ahrefs operates under Singapore's Personal Data Protection Act 2012 and uses Standard Contractual Clauses in its processor terms.

How long we keep it

  • Contact form enquiries that do not lead to an engagement: up to 3 years from last contact, then deleted.
  • Client engagement records (contracts, statements of work, invoices, related correspondence): 7 years from the end of the engagement, to meet Australian tax and corporate record-keeping requirements.
  • Analytics data: Google Analytics 4 is configured with a 14-month retention window. LinkedIn Insight data retention follows LinkedIn's own schedule. Ahrefs Web Analytics is cookieless and aggregated; no individual-level data is retained.
  • Server and CDN access logs: up to 12 months, then deleted.

How we protect it

Cyber Node is a cybersecurity firm. We treat the protection of personal information as a core operational concern. Data is stored in Australian-hosted infrastructure where practical, and encrypted in transit and at rest. Access to personal information is limited to personnel who need it to perform their duties, and is logged.

In the event of a data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner as required under the Notifiable Data Breaches scheme (Privacy Act 1988). Where the breach affects EEA or UK residents, we will also notify the relevant supervisory authority within 72 hours as required by GDPR Article 33.

Cookies and consent

This website uses a default-deny consent model. On your first visit you will see a banner with two equal-weight buttons: Accept and Decline. Until you click Accept, no analytics scripts load, no cookies are set, and no tracking requests are made beyond what is strictly necessary to render the page. Your choice is remembered in your browser's local storage for twelve months.

If you accept, the following third-party services load:

  • Google Analytics 4 (measurement ID G-XWTPCCQ823). Session-level and aggregate usage analytics. Uses cookies.
  • LinkedIn Insight Tag (partner ID 8071804). Retargeting and conversion measurement for LinkedIn advertising. Uses cookies.
  • Ahrefs Web Analytics. Cookieless site analytics and AI crawler tracking. Does not use cookies and does not identify individual visitors.

You can change your mind at any time via the Cookie settings link in the footer, which clears your saved preference and shows the banner again on the next page load. You can also disable cookies in your browser settings without affecting the functionality of the site.

Your rights

You have the following rights in relation to the personal information we hold about you. Some rights are available to all visitors under the Australian Privacy Act. Others apply specifically to residents of the EEA, UK, or Switzerland under GDPR, or to California residents under the CCPA.

  • Access: request a copy of the personal information we hold about you (Privacy Act APP 12; GDPR Article 15; CCPA right to know).
  • Rectification: ask us to correct information that is inaccurate or incomplete (APP 13; GDPR Article 16).
  • Erasure: ask us to delete your personal information where we no longer have a lawful basis to keep it (GDPR Article 17; CCPA right to delete).
  • Restriction: ask us to limit how we use your information while a query is being resolved (GDPR Article 18).
  • Portability: receive your information in a machine-readable format or have it transmitted to another controller (GDPR Article 20).
  • Objection: object to processing based on legitimate interests, including any direct marketing (GDPR Article 21).
  • Withdraw consent: where processing is based on consent (such as website analytics), withdraw that consent at any time. The Cookie settings link in the footer does this for website tracking.
  • No sale of personal information: Cyber Node does not sell personal information. The CCPA "Do Not Sell or Share My Personal Information" right is therefore satisfied by default.
  • Automated decision-making: Cyber Node does not make solely automated decisions that produce legal or similarly significant effects about you (GDPR Article 22).
  • Non-discrimination: we will not discriminate against you for exercising any of these rights (CCPA).

How to exercise your rights

Email sales@cybernode.au with "Privacy request" in the subject line. Describe the right you want to exercise and include enough detail for us to identify you. We will respond within 30 days. Exercising these rights is free of charge; we may charge a reasonable fee only where requests are manifestly unfounded or excessive, as permitted by GDPR Article 12(5).

Complaints

If you are not satisfied with how we have handled your personal information, please contact us first. If our response does not resolve the matter, you can lodge a complaint with the relevant supervisory authority:

  • Australia: Office of the Australian Information Commissioner (OAIC), oaic.gov.au.
  • European Economic Area: your local Data Protection Authority. The European Data Protection Board maintains a list of national authorities.
  • United Kingdom: Information Commissioner's Office (ICO), ico.org.uk.
  • California: California Attorney General, oag.ca.gov/privacy.

Changes to this policy

We may update this policy from time to time. Material changes will be highlighted at the top of the page for 30 days after the update. The latest version will always be available at this URL, and the "Last updated" date at the top reflects the most recent revision.