Stableridge|Systems
Login
Legal

Privacy Policy

How Stableridge Systems handles personal information across our marketing site, customer portal, operations console, and related services.

Last updated: 24 February 2026

Effective date: 24 February 2026

1. Overview

This Privacy Policy explains how Stableridge Systems collects, uses, discloses and stores personal information when you interact with our marketing site, customer platform and operations interfaces.

We design our practices to be aligned to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy is intended to provide operational transparency and does not constitute legal advice.

2. Who we are and scope

Stableridge Systems is a B2B SaaS and advisory engineering provider. Our operating model includes:

  • a public marketing site used for product, engineering and trust communications;
  • a customer portal used to manage protected content, users, access controls, support and platform operations within a tenant workspace; and
  • an internal operations portal used by authorised staff for platform administration, incident handling and customer support.

This policy applies to personal information we handle in these surfaces and through related support, billing, integration and security workflows.

3. Information we collect

Website (marketing)

  • contact request information (for example, name, email, company and message details);
  • technical and usage data such as IP address, browser metadata and request timing used for service protection, diagnostics and abuse prevention; and
  • basic analytics and cookie-derived session data.

Customer portal

  • account and identity information for authorised users;
  • authentication and session identifiers (including security tokens and session cookies);
  • content and content metadata submitted by customers, including upload, share and access policy metadata;
  • activity and audit event records, including access attempts, policy decisions and security outcomes; and
  • support case records and support messages.

Ops portal (internal administration)

  • staff account and role information;
  • operations audit logs, including privileged actions and approvals;
  • impersonation session metadata used for controlled support workflows (for example actor, target, timestamps and session lifecycle data); and
  • operational security telemetry required to investigate incidents and enforce controls.

Billing and commercial operations

  • plan, subscription and entitlement status information;
  • billing and webhook event records used for reconciliation and auditability;
  • invoice or transaction references and customer billing contacts; and
  • where payment processing is provided by Stripe, payment card handling is performed by the processor. We do not store full payment card numbers in our application systems.

4. How we collect information

We collect personal information:

  • directly from you, such as when you submit forms, create user accounts, request support or interact with our team;
  • automatically through platform operation, including logs, security events, session cookies, webhook processing and service telemetry; and
  • from trusted third parties where needed to deliver services (for example identity, payment, hosting, security monitoring or anti-abuse workflows).

5. How we use information

We use personal information to:

  • deliver, secure and administer our services;
  • authenticate users, enforce roles and manage session security;
  • provide support services, triage incidents and maintain service reliability;
  • process subscription and billing events;
  • detect fraud, misuse or unauthorised activity;
  • improve platform quality, performance and operational resilience; and
  • meet legal, regulatory and contractual obligations.

6. Disclosure of information

We may disclose personal information to:

  • cloud hosting, storage and infrastructure providers;
  • security, logging, monitoring and incident-response tooling providers;
  • billing and payment processors;
  • integration partners where webhook or API delivery is configured by customers; and
  • regulators, law enforcement, courts or advisors where disclosure is required or authorised by law.

We do not sell personal information. We disclose information on a need-to-know basis to operate services and meet obligations.

7. Overseas disclosures

Stableridge is Australia-focused and designs services with sovereign operating intent. Some service providers used for infrastructure, support tooling or payment processing may process information outside Australia in limited circumstances.

Where overseas disclosures occur, we apply contractual and operational safeguards that are reasonably designed to protect information in line with applicable privacy obligations.

8. Cookies and similar technologies

We use cookies and related technologies for:

  • session continuity and secure authentication;
  • security controls such as CSRF protection and abuse mitigation;
  • service diagnostics and operational analytics; and
  • user experience continuity across portal sessions.

You can manage cookies through browser settings. Disabling some cookies may affect platform functionality, particularly authenticated services.

9. Security

We maintain technical and organisational controls designed to reduce unauthorised access, misuse, alteration and loss. These controls include role-based access management, tenant scoping, monitoring, audit logging, session controls, rate limiting and operational safeguards.

No system can be guaranteed to be completely secure. We continuously review and improve controls based on operational risk and service maturity.

Our multi-tenant model uses logical data separation as a core design principle, including scoped access controls and tenant-aware processing boundaries.

10. Data retention and deletion

We retain personal information for as long as reasonably required to deliver services, maintain security and auditability, resolve disputes, and meet legal or contractual requirements.

Retention periods vary by data type. For example, operational logs, audit events, support records and billing events may be retained for service integrity and compliance evidence. We apply deletion, de-identification or archival controls when information is no longer needed.

Customers may request account-level data handling actions through authorised channels, subject to legal and contractual constraints.

11. Access, correction and complaints

You may request access to, or correction of, personal information we hold about you, subject to lawful limitations. Requests can be sent to privacy@stableridgesystems.com.

If you have a privacy concern or complaint, please contact us first so we can investigate and respond. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) via oaic.gov.au.

12. Direct marketing

We may send service and commercial communications relevant to our B2B offering. You may opt out of direct marketing communications at any time by using unsubscribe options in the communication or by contacting us directly.

13. Children

Our services are designed for business and professional use and are not directed to children.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect service, legal or operational changes. The current version will be published on this page with an updated “Last updated” date.

15. Contact us

For privacy enquiries or requests, contact us at privacy@stableridgesystems.com (preferred), or through our contact form.