1. Information We Collect

Running a financial reporting platform means we handle sensitive information daily. We're transparent about what we collect and why each piece matters.

Personal Identification Information

When you sign up or interact with our services, we collect:

• Full name and business contact details
• Email address and phone number
• Company name and Australian Business Number (ABN)
• Billing address and payment information
• Professional credentials relevant to investment reporting

Financial and Investment Data

Since we're focused on financial reporting for investors, we process:

• Portfolio performance metrics and investment holdings
• Transaction histories and asset allocations
• Risk assessment profiles and return calculations
• Market data preferences and reporting configurations
• Custom benchmark comparisons and analysis parameters

Technical Usage Information

Our platform automatically collects technical data to improve your experience:

• IP address, browser type, and device information
• Pages visited, features used, and time spent on platform
• Report generation patterns and download history
• Search queries and filter preferences
• Error logs and system performance data

2. How We Use Your Information

Every piece of data we collect serves a specific purpose. Here's what we do with it:

Service Delivery

Your financial data powers the core reporting features. We process portfolio information to generate comprehensive reports, calculate performance metrics, and provide investment insights tailored to your needs. Without this data, we simply can't deliver the analysis you're paying for.

Platform Improvement

We analyze usage patterns to understand which features work well and which need refinement. If we notice users struggling with a particular report format, that tells us something needs changing. This ongoing feedback loop helps us build a better product.

Communication and Support

Your contact information lets us send important updates about your account, respond to support requests, and share relevant educational content about financial reporting best practices. We also use it for billing notifications and subscription management.

Legal and Compliance Requirements

Operating in Australia means we follow specific regulatory frameworks. We maintain records as required by the Australian Privacy Principles (APPs) under the Privacy Act 1988, Australian Securities and Investments Commission (ASIC) guidelines, and relevant financial reporting standards. Sometimes we need to retain information for audit purposes or regulatory inquiries.

3. Your Privacy Rights Under Australian Law

The Privacy Act 1988 gives you specific rights regarding your personal information. Here's what you can do and how to do it:

How to Exercise These Rights

Send your request to our privacy team at info@quarilumex.com or call us at +61 2 6101 7406. Include your full name, account email, and specific request details. We'll verify your identity before processing any data access or deletion requests.

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

4. Data Security Measures

Financial data demands serious security. Here's how we protect your information:

Technical Safeguards

• End-to-end encryption for data transmission using TLS 1.3 protocol
• AES-256 encryption for data at rest in our databases
• Multi-factor authentication required for all account access
• Regular security audits and penetration testing by independent firms
• Automated threat detection and intrusion prevention systems
• Secure API connections with OAuth 2.0 authentication

Organizational Security

Our team follows strict protocols. Access to personal data is limited to employees who need it for their specific roles. Everyone signs confidentiality agreements and completes regular privacy training. We maintain detailed access logs and conduct quarterly reviews of who can see what.

Physical Security

Our servers are hosted in Australian data centres with 24/7 physical security, biometric access controls, and redundant power systems. We maintain backup systems in geographically separate locations to protect against data loss.

5. Data Retention and Deletion

We don't keep your information forever. Different data types have different retention periods based on business needs and legal requirements:

Requesting Early Deletion

You can request deletion of your account and associated data at any time. We'll honor your request within 30 days, except for information we're legally required to retain. When deletion isn't possible due to legal obligations, we'll isolate your data and restrict its use to compliance purposes only.

6. Sharing and Third-Party Disclosure

We're selective about who gets access to your data. Here's when and why we share information:

Service Providers and Partners

Some third parties help us run the platform. Payment processors handle subscription billing, cloud providers host our infrastructure, and analytics tools help us understand platform usage. Each partner signs strict data processing agreements and can only use your information for the specific services they provide.

Business Transfers

If quarilumex is acquired or merges with another company, your information may transfer to the new entity. We'll notify you beforehand and give you options if privacy policies change significantly.

Legal Requirements

We'll disclose information when required by Australian law, court orders, or regulatory authorities. This includes responding to subpoenas from ASIC, complying with Australian Taxation Office audits, or cooperating with law enforcement investigations.

Your Authorized Recipients

You can authorize us to share reports and data with specific financial advisors, accountants, or other professionals. We'll only share what you explicitly approve, and you can revoke access at any time through your account settings.

7. Cookies and Tracking Technologies

Like most websites, we use cookies and similar technologies. Here's what they do and how to control them:

Essential Cookies

These are necessary for the platform to function. They remember your login status, maintain your session, and ensure security features work properly. You can't opt out of essential cookies without losing access to core functionality.

Analytics Cookies

We track how you use the platform to identify problems and improve features. These cookies tell us which reports are most popular, where users get stuck, and how long tasks take. The data is aggregated and doesn't identify you personally.

Preference Cookies

These remember your settings like dashboard layout, default date ranges, and report templates. They make your experience more convenient by saving your choices between sessions.

Managing Cookie Preferences

You can control non-essential cookies through your browser settings or our cookie preference centre. Blocking certain cookies might affect platform functionality. We respect your Do Not Track browser settings where technically feasible.

8. International Data Transfers

Your data primarily stays within Australia, but some situations require international transfers:

Our cloud infrastructure provider maintains backup systems in Singapore and Japan for redundancy purposes. All international transfers follow Australian Privacy Principles and include contractual protections ensuring recipient countries maintain adequate data protection standards.

When we transfer data outside Australia, we use Standard Contractual Clauses approved by the OAIC or ensure the recipient country has substantially similar privacy protections. You can request details about specific international transfers by contacting our privacy team.

9. Children's Privacy

quarilumex is designed for professional investors and financial advisors. We don't knowingly collect information from anyone under 18 years of age. Our services require users to be at least 18 or the age of majority in their jurisdiction.

If we discover we've inadvertently collected data from a minor, we'll delete it immediately. Parents or guardians who believe we've collected their child's information should contact us right away.

10. Changes to This Privacy Policy

We update this policy occasionally to reflect new practices or legal requirements. When we make significant changes, we'll notify you by email and display a prominent notice on the platform for at least 30 days.

Minor updates like clarifying existing practices or fixing typos happen without special notice, but we'll always update the "Effective Date" at the top of this page. We encourage you to review this policy periodically, especially before providing new personal information.

Continuing to use quarilumex after policy changes means you accept the updated terms. If you disagree with changes, you can close your account and request data deletion subject to legal retention requirements.