Privacy Policy

What this policy covers

This policy explains how we collect, use, store, and disclose personal information when you purchase a book through markvos.com.au, track an order, or otherwise interact with this website.

Although small businesses with annual turnover under $3 million are generally exempt from the Privacy Act, we choose to comply with the Australian Privacy Principles because handling your data responsibly is the right thing to do — and because we are a cybersecurity firm.

What we collect

We collect only the personal information necessary to fulfil your book order and communicate with you about it:

• Name — to address your order and correspondence
• Email address — to send order confirmations, shipping updates, and tax invoices
• Shipping address — to deliver your book

Payment information

Payment is processed entirely by Stripe. We do not collect, see, or store your credit card number, CVV, or other payment card details. Stripe handles this under their own privacy policy and PCI DSS compliance.

Website analytics

This site uses Google Analytics 4 (measurement ID: G-YL04Y8PQ16) to understand how visitors use the site. Google Analytics uses cookies to collect information such as:

• Page views and scroll depth — which pages you visit and how far you scroll
• Outbound clicks — when you click a link to an external site
• Session and engagement data — how long you spend on the site and how you navigate between pages
• Technical information — your browser type, screen resolution, and general geographic region (not your precise location)

This data is used solely to improve the website and is not used for advertising or profiling. Google may process this data on servers outside Australia. See Google's privacy policy.

This site also uses Cloudflare Web Analytics, a privacy-first analytics service that does not use cookies, does not track individual users, and does not collect personal information. It provides only aggregate data about page views and traffic patterns. See Cloudflare's privacy policy.

Cookies

This site uses cookies set by Google Analytics to distinguish between visitors and track browsing sessions. These are first-party cookies (set on the markvos.com.au domain) and are used only for analytics — not for advertising. No advertising cookies, tracking pixels, or social media trackers are used on this site. You can block or delete cookies through your browser settings at any time.

Information we don't collect

We do not collect sensitive information (such as health, political, or biometric data). We do not use advertising cookies, advertising pixels, or social media trackers.

How we use your information

We use your personal information for:

• Order fulfilment — processing, packing, and shipping your book
• Order communications — confirmation emails, shipping notifications, and delivery updates
• Tax invoicing — issuing a tax invoice as required under Australian tax law
• Customer support — responding to queries about your order

We do not use your information for marketing, profiling, or any purpose unrelated to your order unless you explicitly opt in.

Who we share your information with

We share your personal information only with the following service providers, and only to the extent necessary to fulfil your order:

• Stripe (payment processing) — processes your payment securely. Stripe's servers are located in the United States and other jurisdictions. See Stripe's privacy policy.
• Xero (accounting and invoicing) — used to generate and send your tax invoice. Data is stored in Australia. See Xero's privacy notice.
• Microsoft 365 (email) — order-related emails are sent via Microsoft's email platform. Data may be stored in Australia or other Microsoft data centre regions. See Microsoft's privacy statement.
• Cloudflare (CDN and analytics) — this website uses Cloudflare for content delivery and Cloudflare Web Analytics for privacy-friendly, cookie-less traffic measurement. Cloudflare may process IP addresses for CDN functionality. Analytics data is aggregated and does not identify individuals. See Cloudflare's privacy policy.
• Netlify (website hosting) — this website is hosted on Netlify's platform. Netlify may process server logs containing IP addresses. See Netlify's privacy policy.
• Australia Post or courier services — your name and shipping address are provided to the postal or courier service delivering your book.

We do not sell, rent, or trade your personal information to anyone. We do not share your information with advertisers or data brokers.

How we store and protect your information

Order records are stored in an encrypted database on Australian-hosted infrastructure. Data is encrypted at rest using AES-256-GCM and in transit using TLS 1.2 or higher.

Access to personal information is restricted to authorised personnel of Cyber Impact Pty Ltd. We apply security controls consistent with our professional obligations as a cybersecurity advisory firm.

Overseas disclosure

Some of the service providers listed above store or process data outside Australia — specifically Stripe (United States), Cloudflare (United States), Microsoft (various locations), and Netlify (United States). In each case, these providers maintain security and privacy standards that meet or exceed Australian requirements, and we have assessed their practices as appropriate for the data involved.

How long we keep your information

We retain order records for the period required by Australian tax law (currently seven years from the date of the transaction). After this period, records are securely deleted.

If you request deletion of your personal information before this period, we will remove all data not required for legal or regulatory compliance and let you know what, if anything, must be retained and why.

Your rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Request correction of any information that is inaccurate, out of date, or incomplete
• Request deletion of your personal information, subject to any legal obligations we may have to retain it

To exercise any of these rights, contact us using the details below. We will respond within 30 days.

How to make a complaint

If you believe we have not handled your personal information in accordance with this policy or the Australian Privacy Principles, please contact us first using the details below. We take all complaints seriously and will respond within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Online: oaic.gov.au/privacy/privacy-complaints
• Email: enquiries@oaic.gov.au
• Phone: 1300 363 992

Contact us