Security and Privacy

Last update: December 20, 2017

Security

We treat your data as highly sensitive. We also know you need a tool which is reliable, fast and works consistently. As such:

  1. All server instances are with Amazon AWS. These are multi-region HA AWS instances, using Kubernetes for orchestration.
  2. Customer data is stored in managed Postgres, which is also encrypted. All code is 12 Factor.
  3. We won't use any observation tools that record your data and could potentially breach privacy.
  4. For the purposes of testing and development, we create sample or obfuscated data sets to use in Development environments. We will never download any data that has identifiable information.
  5. Server and system access is controlled by at least two different factors (not intentionally being cryptic, but what we're saying is that someone can't just walk into our office and be able to SSH into Production)

Privacy Policy

Introduction

This

While providing the Services, Red Ant collects Personal Information about Individuals. This document describes how Red Ant collects, stores, uses and discloses Personal Information.

Red Ant will make a good faith effort to deal with such Personal Information in accordance with this privacy policy and the principles in the Privacy Act.

Types of information collected

Red Ant may collect the following types of Personal Information about Individuals by way of its own Services or Services that it works with an Organisation to provide:

  • names;
  • addresses;
  • information posted on Interfaces;
  • photographs;
  • health information;
  • email addresses;
  • telephone numbers;
  • dates of birth;
  • credit card information;
  • banking details;
  • computer device information;
  • location information; and
  • IP addresses.

Sensitive information

While working with Organisations, Red Ant may collect sensitive information about Individuals, including information about the health of Individuals. Information collected by Red Ant may include Individuals’ weight, pregnancy status, diet and exercise regime(s), as well as any other sensitive and health information collected by Red Ant.

How information is collected

Red Ant may collect Personal Information about Individuals:

  • from customer surveys;
  • from Red Ant’s website;
  • from Interfaces;
  • from any other digital infrastructure operated and maintained by Red Ant on behalf of an Organisation;
  • from applications developed by Red Ant or operated by Red Ant;
  • from Individuals’ communications with Red Ant; and
  • through automated analysis of Individuals’ use of Red Ant’s and Organisations’ Services.

How information is held and secured

  • Red Ant may hold Personal Information using digital storage methods.
  • Red Ant ensures that Personal Information is protected from unauthorised access by industry standard data security techniques including firewalls, client authentication, SSL and passwords.

Deletion of Personal Information

Red Ant deletes Personal Information when:

  • it is determined by Red Ant or an Organisation that the Personal Information is no longer needed; or
  • Individuals request its deletion and it is reasonable to comply.

What information is used for

Red Ant may collect, use, hold and disclose Personal Information on its own behalf or on behalf of Organisations in order to:

  • facilitate the day-to-day functioning of Interfaces and Organisations;
  • enable Individuals to use Interfaces;
  • perform analysis of the typical use of Red Ant’s services;
  • assist in the performance of the “primary purpose” of Red Ant’s business or the “primary purpose” of an Organisation’s business;
  • communicate with Individuals;
  • run contests or other promotional activities;
  • comply with the law;
  • enforce agreements with third parties; and
  • process payments.

Disclosures of information

Red Ant may disclose Personal Information to:

  • Red Ant’s employees;
  • Organisations using Red Ant’s services;
  • professional advisors;
  • third party service providers;
  • payment systems operators;
  • business partners;
  • regulatory bodies; and
  • analytics companies such as Google Analytics;
  • storage companies such as Amazon Web Services (AWS); and
  • courts of law.

Disclosing information outside Australia

Red Ant may disclose Personal Information to third party contractors such as Google Analytics outside of Australia. Red Ant may also disclose Personal Information to digital infrastructure and cloud storage Red Ants such as AWS. By using the Services, Individuals consent to the disclosure of their Personal Information to overseas recipients.

Red Ant will make a good faith effort to ensure that overseas recipients deal with Personal Information in a way that is consistent with the Australian Privacy Principles and the Privacy Act, but Individuals will not have the same rights in relation to overseas recipients who handle their information as they would with Australian recipients.

Privacy contact

Questions or complaints from Individuals relating to Red Ant’s use of Personal Information should be directed to Red Ant’s privacy officer. Red Ant’s privacy officer is Sarah Still, contactable on [email protected].

When Individuals communicate a complaint to Red Ant, Red Ant will respond within 10 days, and seek to resolve the complaint entirely within 20 days if the nature of the complaint permits it.

Red Ant’s privacy officer will make a reasonable effort to address complaints or questions of Individuals, and where the privacy officer is unable to do so, the privacy officer will attempt to explain why it is unable to do so.

If Individuals are unsatisfied with the outcome of the complaints process, Individuals may complain to the OAIC.

Accessing information

Under Australian privacy law, Individuals have the right to contact Red Ant to modify or obtain any of their Personal Information which is held by Red Ant.

Unknowingly collected information

Red Ant acknowledges that from time to time, Red Ant may come into possession of Personal Information without being aware of it, for example, when Organisations use Red Ant’s Service to store data.

Disclosures during use of the services

During the use of the Services, Red Ant may disclose Personal Information to Organisations and third party contractors such as Google Analytics and AWS. Red Ant will make a good faith effort to ensure that such disclosures are clear to Individuals, but how those Organisations handle Personal Information is beyond the control of Red Ant.

Changes to this policy

Red Ant reserves the right to make changes to this document in the future, either to comply with changes in Australian privacy law, or to reflect changing business practices. It is the responsibility of Individuals to regularly check this document for such changes.

Definitions

Agreement, Agreements

means the agreement arising between the parties in accordance with this document and the other documents referred to by this document.

Interfaces

means an interface provided by an Organisation with the help of Red Ant.

Organisation, Organisations

means an organisation using the Services.

Personal Information

means any information that is categorised as “personal information” under Australian privacy law.

Privacy Act

means the Privacy Act 1988 (Cth).

Service, Services

means the software development, hosting and electronic infrastructure provided by Red Ant to Individuals and Organisations.