% cat legal/privacy-policy.txt

Privacy Policy

The IT Dept Pty Ltd · ABN 12 665 405 505 · last updated 10 June 2026

Short version: I collect the minimum needed to run your services and meet the law, I don't sell it, there's no advertising here, and you can ask me what I hold about you at any time. The longer version follows, because the Privacy Act 1988 (Cth) and its Australian Privacy Principles require it — and because you deserve to know exactly what an ISP keeps.

1. What I collect

• Identity and contact details — name, email, phone, service address, and business details (ABN) if you're a company.
• Billing information — payment records. Card details are handled by my payment processor (Stripe) and never stored on my systems.
• Service and technical data — the IP addresses and subnets allocated to you, ASN, service identifiers (e.g. nbn AVC IDs), authentication logs, and network telemetry needed to operate and troubleshoot the network (interface counters, flow records, routing data).
• Communications — emails and messages you send me, including complaints and support requests.

This website uses Google Analytics to understand how the site is used — it collects usage data such as pages visited, approximate location, and device information, and sets cookies to do it. That's the only analytics here: no advertising identifiers, no profiling, and nothing from it is linked to your customer account or your use of the services themselves.

2. Why I collect it

To supply, operate, secure, and bill the services; to verify identity where required (including for domain registration eligibility and nbn connections); to handle complaints and payment assistance; and to meet legal obligations that apply to carriage service providers.

3. Mandatory data retention — the honest disclosure

As a carriage service provider, I am required by Part 5-1A of the Telecommunications (Interception and Access) Act 1979 (Cth) to retain certain telecommunications data — subscriber details and service metadata such as IP address allocations and session records — for two years, and to disclose it to authorised agencies when validly required by law. I do not retain the content of your communications, and retention is limited to what the law actually requires. I will never disclose your information to anyone else except as described in this policy or with your consent.

4. Who I share it with

• Wholesale suppliers — Leaptel and nbn co receive service qualification and connection details needed to activate and support your nbn service.
• Domain registries and registrars — registrant details are provided to Synergy Wholesale and the relevant registry (e.g. auDA for .au) as required by registry policy.
• Stripe — payment processing. Stripe may process data overseas (including the United States) under its own privacy policy.
• Google — website analytics via Google Analytics, as described above. Google may process this data overseas under its own privacy policy.
• The TIO, ACMA, or law enforcement — where required or authorised by law.

I do not sell, rent, or trade personal information. There are no advertisers. There is no "data ecosystem".

5. Storage and security

Data is stored on infrastructure I operate in Australia, protected by access controls, encryption in transit, and the professional paranoia of someone who has spent twenty years securing networks. No system is perfect; if a data breach occurs that is likely to result in serious harm, I will notify you and the OAIC as required by the Notifiable Data Breaches scheme.

6. Access, correction, and complaints

You can request access to or correction of your personal information at any time: nick@theitdept.au or 0448 379 418. I'll respond within 30 days, and there's no charge for asking. If you believe I've mishandled your information, complain to me first and I'll deal with it personally. If you're not satisfied, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au, 1300 363 992).

7. Changes

If this policy changes materially, I'll notify active customers by email and update the date above. The current version always lives at this address.