Privacy Policy
How we collect, use, and protect your information.
Last updated · April 2026
Information We Collect
We collect information you provide directly to us, such as when you request a demo, use our services, or contact us for support.
Personal Information
- Name and contact information
- Organisation name and job title
- Account credentials
- Communication preferences
Usage Information
- Service usage data and analytics
- Control-plane configuration and policy records
- Log files and access records
SECUVA's on-premises agent processes clinical data (including DICOM images and patient records) entirely inside your own infrastructure. That data is never transmitted to SECUVA's systems. Only anonymised, de-identified outputs - which by design contain no patient-identifiable information - are routed to downstream services with your explicit authorisation.
How We Use Your Information
We use the information we collect to provide, maintain, and improve our services.
- Provide and operate the SECUVA Platform and its modules
- Process transactions and send related information
- Send technical notices, updates, and support messages
- Respond to comments, questions, and customer service requests
- Monitor and analyse usage patterns to improve our services
- Detect, prevent, and address technical issues and security vulnerabilities
Data Security & Residency
Australian Data Residency
All SECUVA control-plane infrastructure is hosted within Australian borders, across primary and disaster recovery sites both within Australia. We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
Infrastructure Certification
SECUVA operates on AWS infrastructure that holds SOC 2 Type II certification and has been assessed under the IRAP framework. SECUVA's own SOC 2 audit is currently in progress; we will update this policy when that certification is achieved. We do not claim SOC 2 Type II certification for SECUVA itself at this time.
Security Measures
- Mutual TLS (mTLS) with certificate pinning for all agent-to-control-plane communication
- End-to-end encryption for data in transit (TLS 1.3) and at rest using military-grade encryption
- Secrets managed via hardened secrets store - no credentials stored in configuration files
- Supply chain integrity enforced via offline cryptographic signing and software bill of materials
- Multi-factor authentication and role-based access controls
- Regular security audits and penetration testing
- Zero-trust network architecture - outbound-only agent, no inbound control-plane access
Information Sharing
We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy.
We may share information:
- With service providers who assist us in operating our platform, under strict data processing agreements
- When required by Australian law or to protect our rights
- In connection with a business transaction (merger, sale, etc.), with appropriate privacy protections
- With your explicit consent
Your Rights
You have certain rights regarding your personal information under the Australian Privacy Act 1988 and the Australian Privacy Principles.
- Access your personal information
- Correct or update your personal information
- Request deletion of your personal information
- Object to processing of your personal information
- Request data portability
- Withdraw consent where applicable
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
To exercise these rights, contact us at privacy@secuva.com.au.
Contact Us
If you have any questions about this Privacy Policy, please contact us:
Email: privacy@secuva.com.au
Address: SECUVA Pty Ltd, Sydney, New South Wales, Australia
This Privacy Policy is reviewed at least annually in accordance with OAIC guidance. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date above.