Privacy Policy
Culture Pressure Map™ | Mind Culture Life Australia PTY LTD
Effective date: 23 May 2026 Last updated: 23 May 2026
1. About this Policy
Mind Culture Life Australia PTY LTD (ACN 679 068 501) ("MCL", "we", "us", "our") operates the Culture Pressure Map™ platform ("the Service").
We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) ("Privacy Act"), the Australian Privacy Principles (APPs), and the Notifiable Data Breaches Scheme.
This Policy explains what personal information we collect, why we collect it, how we use it, and your rights.
2. What is personal information?
"Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable. This includes "sensitive information" such as health information or information about a person's workplace experience.
3. Information we collect
3.1 Account information (from Customer Admins)
- Name, email address, job title, organisation name
- Password (stored hashed and salted; we never see your raw password)
- Billing contact and payment details (processed via Stripe; we do not store full card numbers)
- IP address and device/browser information
- Pages accessed within the Service
3.2 Survey responses (from respondents)
- De-identified survey responses (the answers themselves)
- The department, team, or group a respondent selects
- The timestamp of response
- We do not collect the respondent's name, email, IP address, or any direct identifier as part of the response itself, unless the customer opts in to identified mode (not enabled by default).
3.3 Sensitive information
Some survey questions relate to experiences of workplace bullying, harassment (including sexual harassment), discrimination, or psychological wellbeing. This may constitute sensitive information under the Privacy Act. We collect it only with the respondent's consent (by taking the survey) and only in de-identified form.
3.4 Technical information
- Log data, error reports, usage analytics
- Cookies and similar technologies (see our Cookie Policy)
3.5 Information we do NOT collect
- We do not buy personal information from third parties.
- We do not track respondents across other websites.
- We do not collect children's data (the Service is not intended for users under 18).
4. How we collect information
- Directly from you when you sign up, complete forms, contact support, or use the Service.
- From your organisation when you are invited to take an assessment.
- Automatically via cookies, analytics, and log files.
- From third parties such as our payment processor (Stripe) for billing confirmations.
5. Why we collect and how we use information
We use information to:
- Provide, operate, and improve the Service
- Authenticate users and maintain account security
- Process payments and manage subscriptions
- Generate aggregated cultural diagnostic reports for customers
- Respond to support requests
- Send service-related communications (not marketing unless you opt in)
- Conduct de-identified research and benchmarking
- Comply with legal obligations
- Detect and prevent fraud or misuse
6. Legal basis for handling (APP 3 and APP 6)
We collect personal information where:
- You provide it to use the Service (APP 3);
- Collection is necessary for our functions or activities;
- You have consented, expressly or impliedly;
- We are authorised or required by law.
We only use personal information for the primary purpose of collection, or for a related secondary purpose you would reasonably expect.
7. Who we share information with
We share limited information with the following categories of third parties, only as required to provide the Service:
| Third party | Purpose | Location |
|---|---|---|
| Supabase | Database hosting, authentication | Sydney, Australia |
| Vercel | Application hosting | Sydney, Australia (edge-cached globally) |
| Stripe | Payment processing | USA (PCI-DSS compliant) |
| SendGrid / Resend | Email delivery | USA |
| Google Analytics (optional) | Website analytics | USA (IP anonymisation enabled) |
We do not sell personal information. We do not share survey responses with other customers.
All third-party providers are bound by written agreements to protect personal information consistent with the Privacy Act.
8. Overseas disclosures (APP 8)
Some of our service providers (e.g. Stripe, SendGrid) may process information in the United States or other jurisdictions. Before disclosing personal information overseas, we take reasonable steps to ensure it is handled in accordance with APPs. By using the Service you acknowledge that APP 8.1 may not apply to overseas recipients where you have consented to the disclosure after being informed it will not be protected under the Privacy Act.
9. Data security (APP 11)
We take reasonable technical and organisational measures to protect personal information, including:
- TLS/HTTPS encryption in transit
- Encryption at rest (AES-256) for database storage
- Row-level security ensuring data is isolated by customer
- Two-factor authentication for administrative accounts
- Regular security audits and penetration testing
- Staff training on privacy and security
- Incident response plan
Despite our efforts, no system is completely secure. If a data breach occurs that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches Scheme.
10. Data retention
- Active customers: we retain Customer Data for as long as your account is active.
- After cancellation: we retain data for 30 days to allow account recovery, then delete or anonymise it unless we are required to keep it by law.
- Audit logs: retained for 12 months.
- Financial records: retained for 7 years as required by Australian tax law.
- Backups: rolling 30-day backups; deletions propagate within 30 days.
11. Your rights (APP 12 and APP 13)
You have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Withdraw consent for marketing communications at any time
- Request deletion of your personal information (subject to legal retention obligations)
- Export your data in a structured, machine-readable format
- Object to processing in limited circumstances
- Complain to us or to the OAIC
To exercise these rights, contact our Privacy Officer at info@mindculturelife.com.au. We will respond within 30 days.
12. Anonymity and pseudonymity (APP 2)
Where lawful and practicable, you may deal with us anonymously or by pseudonym (for example, when asking a general question). Taking an assessment or managing a customer account requires identification.
13. Direct marketing (APP 7)
We may send you information about our products, services, and research. You can opt out at any time by clicking "unsubscribe" in any email or contacting us.
14. Cookies
See our Cookie Policy for details about the cookies we use.
15. Children
The Service is not intended for individuals under 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, contact us and we will delete it.
16. Changes to this Policy
We may update this Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date above will reflect the most recent version.
17. Complaints and contact
If you have a privacy concern or complaint, please first contact:
Privacy Officer Mind Culture Life Australia PTY LTD Level 35, Tower One — International Towers 100 Barangaroo Avenue, Sydney NSW 2000 Email: info@mindculturelife.com.au Phone: +61 2 8114 4454
If you are not satisfied with our response, you may contact the:
Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au Phone: 1300 363 992