1. Introduction and Scope
becloudsmart ("we", "us", or "our") is committed to protecting the privacy of individuals and organisations that interact with our website and services. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy applies to all personal information collected through:
- Our website at becloudsmart.com ("the Website").
- Our contact and enquiry forms.
- Our AI-powered chat widget.
- Direct communications with our team (phone, email, or in person).
- Our delivery of services, including CSP licensing and cloud solutions.
By using the Website or engaging our services, you consent to the collection and use of your personal information as described in this policy. If you do not agree, please discontinue use of the Website.
2. Types of Information We Collect
2.1 Personal Information You Provide
When you interact with us through forms, the chat widget, or direct communication, we may collect:
- Full name
- Email address
- Company or organisation name
- Phone number
- Reason for enquiry or service interest
- Any additional information you choose to include in messages or chat conversations
2.2 Usage and Technical Data
When you visit the Website, we automatically collect certain technical information, including:
- IP address (which may be anonymised)
- Browser type and version
- Operating system
- Pages visited and time spent on each page
- Referring website or source
- Date and time of access
- Device type (desktop, mobile, tablet)
2.3 AI Chat Data
When you use the AI chat widget on our Website, we collect:
- The content of your chat messages
- Your name, email, and company name (if provided during the chat interaction)
- The AI-generated responses delivered to you
- Timestamp and session identifiers
3. How We Collect Information
We collect personal information through the following means:
| Collection Method |
Type of Data |
| Contact and enquiry forms |
Name, email, company, enquiry details |
| AI chat widget |
Name, email, company, chat messages |
| Phone and email |
Name, contact details, conversation content |
| Website analytics |
Usage data, device and browser information |
| Cookies and similar technologies |
Session data, preferences, browsing behaviour |
| Service delivery |
Business and billing information for active clients |
We only collect personal information that is reasonably necessary for our business functions and activities, in accordance with APP 3.
4. Purpose of Collection
We collect and use personal information for the following purposes:
- Service delivery: To provide, manage, and support our cloud solutions, consulting, and CSP licensing services.
- Responding to enquiries: To respond to your questions, requests, and enquiries submitted via forms, chat, phone, or email.
- Lead management: To follow up on expressions of interest in our products and services.
- Account administration: To manage your CSP subscriptions, billing, and service agreements.
- Website improvement: To understand how visitors use our Website and to improve its content, functionality, and user experience.
- Communication: To send you relevant information about our services, product updates, or changes to our terms and policies.
- Compliance and legal obligations: To comply with applicable laws, regulations, and legal processes.
- Security: To protect the Website, our systems, and our users from unauthorised access or misuse.
We will not use your personal information for purposes other than those outlined above without your consent, unless required or authorised by law (APP 6).
5. How Information Is Stored and Secured
We take the security of your personal information seriously and implement reasonable technical and organisational measures to protect it against unauthorised access, loss, misuse, or alteration, in accordance with APP 11.
5.1 Data Storage
- Primary storage: Personal information collected through the Website (including form submissions and chat data) is stored in Microsoft Azure Table Storage, hosted in Australian Azure data centre regions.
- Configuration security: Sensitive configuration data, including API keys and service credentials, is stored in Azure Key Vault with access controls and encryption at rest.
- Australian hosting: We prioritise storing data within Australian Azure regions to ensure data residency within Australia.
5.2 Security Measures
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Access controls and role-based permissions for all systems.
- Regular review of security configurations and access logs.
- Use of Microsoft Azure's enterprise-grade security infrastructure, including threat detection and monitoring.
While we take reasonable steps to protect your information, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee absolute security of your data.
6. AI Chat Data Handling
Our Website includes an AI-powered chat widget that uses artificial intelligence to assist visitors with enquiries. The following outlines how data from the chat widget is handled:
- Data collected: Your name, email address, company name (if provided), and the content of your chat messages are collected when you use the chat widget.
- Processing: Chat messages are sent to third-party AI service providers for processing and response generation. These providers may process message content to generate a response but do not retain your data for their own purposes beyond what is necessary to provide the service.
- Storage: Chat transcripts and any lead information you provide are stored in Azure Table Storage within Australian Azure regions.
- Purpose: Chat data is used to respond to your enquiry, to enable our team to follow up where appropriate, and to improve the quality of our AI assistant.
- Human review: Chat conversations may be reviewed by becloudsmart staff for quality assurance, service improvement, and to respond to your enquiry.
- No sensitive data: We recommend that you do not submit sensitive personal information (such as financial details, health information, or government identifiers) through the chat widget.
7. Third-Party Disclosure
We may disclose your personal information to third parties in the following circumstances:
- Microsoft Corporation: Where you procure Microsoft cloud subscriptions through our CSP Transact service, certain information (such as your organisation name and contact details) may be shared with Microsoft as required under the Cloud Solution Provider programme.
- AI service providers: Chat message content is transmitted to third-party AI providers for the purpose of generating responses. These providers are contractually required to process data only as instructed and not to retain or use it for unrelated purposes.
- Hosting and infrastructure: Microsoft Azure provides the hosting infrastructure for our Website and data storage services.
- Google Fonts: Our Website uses Google Fonts, which may result in your browser making requests to Google servers. Google may collect limited technical data (such as IP address) in connection with this service.
- Professional advisers: We may share information with our legal, accounting, or other professional advisers where reasonably necessary.
- Legal obligations: We may disclose personal information where required or authorised by Australian law, a court order, or a regulatory authority.
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
8. Cross-Border Data Transfers
We store data in Australian Azure regions wherever practicable. However, in some circumstances personal information may be transferred outside Australia:
- AI service providers: Chat messages may be processed by AI service providers whose infrastructure is located outside Australia (including in the United States). We take reasonable steps to ensure these providers handle your information in accordance with the APPs and maintain appropriate security standards (APP 8).
- Microsoft services: Certain Microsoft services used in the delivery of our solutions may involve data processing in jurisdictions outside Australia, in accordance with Microsoft's data processing agreements and privacy commitments.
- Google Fonts: Requests to load web fonts are served from Google's global infrastructure and may involve cross-border data transmission of technical data.
Where personal information is transferred overseas, we take reasonable steps to ensure the recipient does not breach the APPs in relation to that information, in accordance with APP 8.
9. Data Retention
We retain personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention practices are:
- Enquiry and lead data: Retained for up to twenty-four (24) months from the date of collection, unless a service relationship is established.
- Chat transcripts: Retained for up to twelve (12) months for quality assurance and service improvement purposes.
- Client data: Retained for the duration of the service relationship and for a period of seven (7) years after the relationship ends, to comply with Australian tax and business record-keeping requirements.
- Website analytics data: Retained in aggregated or anonymised form and does not typically constitute personal information.
When personal information is no longer required, we will take reasonable steps to destroy it or ensure it is de-identified, in accordance with APP 11.2.
10. Your Rights Under the Privacy Act
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights:
- Access (APP 12): You may request access to the personal information we hold about you. We will respond to your request within a reasonable period (generally within 30 days).
- Correction (APP 13): You may request that we correct any personal information we hold about you that is inaccurate, incomplete, out of date, irrelevant, or misleading.
- Complaints: If you believe we have breached the APPs or mishandled your personal information, you have the right to make a complaint. Please see Section 14 of this policy for details on how to lodge a complaint.
- Anonymity and pseudonymity (APP 2): Where practicable, you may interact with us without identifying yourself or by using a pseudonym. However, in many cases we will need to verify your identity to provide our services.
- Opting out: You may opt out of receiving marketing communications from us at any time by contacting us or following the unsubscribe instructions in any marketing email.
We will not charge you a fee for making a request to access or correct your personal information. However, we may charge a reasonable fee for providing access if your request requires significant effort to process.
11. Cookies and Similar Technologies
Our Website uses cookies and similar technologies to enhance your browsing experience. Cookies are small text files stored on your device that allow us to recognise your browser and remember certain information.
11.1 Types of Cookies We Use
- Essential cookies: Required for the basic functionality of the Website, including session management and security features.
- Analytics cookies: Used to collect information about how visitors use the Website, such as which pages are visited most often. This data is used in aggregate to improve the Website.
- Functional cookies: Allow the Website to remember choices you have made (such as preferences or language settings) and provide enhanced, personalised features.
11.2 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of the Website.
11.3 Google Fonts
Our Website loads fonts from Google Fonts, which may result in your browser sending requests to Google's servers. This may involve the transmission of your IP address and browser information to Google. For more information, refer to Google's Privacy Policy.
12. Children's Privacy
Our Website and services are directed at businesses and business professionals. We do not knowingly collect personal information from children under the age of 18. If we become aware that we have collected personal information from a child, we will take reasonable steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided personal information to us, please contact us so we can take appropriate action.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically to stay informed about how we protect your information. For clients with active service agreements, material changes will be communicated via email.
14. Contact and Complaints
If you have any questions about this Privacy Policy, wish to exercise your rights under the Privacy Act, or would like to make a complaint about how we have handled your personal information, please contact us:
We will acknowledge your complaint within five (5) business days and aim to resolve it within thirty (30) days. We will keep you informed of our progress throughout the process.
Office of the Australian Information Commissioner (OAIC)
If you are not satisfied with our response to your complaint, or you believe we have breached the Australian Privacy Principles, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):