Privacy Policy

Your privacy is important to us!

Last Updated: 11 Aug 2025

Introduction and Scope

At Arkahna Pty Ltd (“Arkahna”, “we”, “us”, or “our”), we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with us, our products, and our services.

We comply with:

  • Australian Privacy Principles in the Privacy Act 1988 (Cth)
  • General Data Protection Regulation (GDPR) and United Kingdom GDPR (UKGDPR)
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
  • Brazilian Lei Geral de Proteção de Dados (LGPD)
  • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

This policy applies to all personal data processed by Arkahna, regardless of where you are located.

Definitions

  • “Personal Information” – any information that identifies you as an individual, such as your name, contact details, payment information, or IP address.
  • “Processing” – includes collecting, using, storing, and transferring personal information.
  • “Products” – Arkahna’s software, platforms, and related hosted solutions.
  • “Services” – consulting, implementation, and other engagements delivered alongside or in connection with our Products.

Information We Collect

We collect personal information:

  • Directly from you – when you interact with us in person, online, or via our platforms.
  • Automatically – through cookies, analytics tools, and similar technologies on our websites.
  • From third parties – such as analytics providers and technology partners.

Our products and services are not designed for children under 16. If we discover we have collected data from someone below the relevant legal age, we will delete it promptly.

How We Use Your Information

We use personal data to:

  • Deliver, operate, and support our products.
  • Provide customer service and technical support.
  • Improve product functionality, performance, and security.
  • Communicate with you about updates, features, and offers.
  • Comply with legal and regulatory obligations.
  • Protect our systems and customers from fraud or security threats.

Legal Basis for Processing Personal Data

We process personal data only where lawful under applicable regulations:

  • Consent – where you have given us explicit permission.
  • Contract – to perform a contract with you or take steps before entering into one.
  • Legal obligation – where processing is necessary to comply with a law or regulation.
  • Legitimate interests – to improve our services, prevent fraud, or maintain network security, provided this does not override your rights.
  • Vital interests – to protect your vital interests or those of another person.

Your Rights

We recognise and respect the following rights for all individuals we interact with, regardless of location. These rights may be subject to limitations or exceptions under applicable law:

  • Access – request details of the personal data we hold about you and how we process it.
  • Rectification – correct inaccurate or incomplete personal data.
  • Erasure (“Right to be Forgotten”) – request deletion of your personal data when it is no longer needed, you withdraw consent, or there is no other lawful basis to keep it.
  • Withdraw consent – stop processing where consent was the legal basis.
  • Restrict processing – ask us to limit the processing of your personal data in certain situations.
  • Data portability – receive your personal data in a structured, commonly used, machine-readable format and request that we transfer it to another provider (where technically feasible).
  • Object – to certain processing, including where based on legitimate interests, and to direct marketing (including profiling related to marketing).
  • Right to know – understand what categories and specific pieces of personal data we collect, where it comes from, why we use it, and who we share it with.
  • Opt-out of sale/sharing – we do not sell or share personal data as defined under the CCPA, but we still honour your right to opt out.
  • Non-discrimination – you will not be treated differently for exercising any of these rights.
  • No solely automated decision-making – you will not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
  • Lodge a complaint – with a relevant regulator (e.g., OAIC in Australia, an EU/UK supervisory authority, or the Office of the Privacy Commissioner of Canada).

How to exercise your rights: Contact our Privacy Officer (see section 13). We may need to verify your identity before responding.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to provide our products and services, comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods vary depending on the type of data:

  • Product account & subscription data – kept for the duration of your subscription and a reasonable period thereafter to meet legal, contractual, or operational requirements.
  • Marketing data – kept until you withdraw consent or opt out.
  • Transactional data – kept for the period required by applicable law.
  • Operational/system data – retained as necessary for audit, security, and compliance purposes.

When the relevant retention period expires, we securely delete or irreversibly anonymise personal data using methods appropriate to the type of data and storage medium.

Sharing Your Personal Data

We may share personal data with:

  • Cloud hosting and infrastructure providers – such as Microsoft, to operate our products.
  • Service providers – that support product delivery, analytics, and customer support.
  • Technology partners – for integration, configuration, and technical support.
  • Legal/regulatory authorities – where required by law or to protect rights, safety, or property.

We do not sell or share personal data as defined under the CCPA.

International Transfers

Arkahna’s products are designed to operate on secure, hyperscale cloud infrastructure provided by trusted technology partners such as Microsoft. Wherever possible, we configure and operate our products so that customer data is processed in-region, in line with the settings and options available on our hosting platforms.

Some processing activities, such as support requests, service monitoring, system maintenance, or redundancy backups, may involve limited transfers of personal data to other jurisdictions. In these cases, we rely on our technology partners’ own compliance frameworks and safeguards, which may include recognised security certifications, participation in international data transfer frameworks, and contractual data protection commitments.

For any services we deliver alongside our products, we follow the same approach: prioritising in-region processing wherever feasible and ensuring that any necessary international transfers are handled through trusted providers with strong privacy and security standards.

You can read more about Microsoft’s data protection commitments here: Data Protection with Microsoft Privacy Principles | Microsoft Trust Center

Security Measures

We implement a layered security approach, including:

  • Role-based access and multi-factor authentication.
  • Encryption in transit and at rest.
  • Secure cloud infrastructure and continuous monitoring.
  • Data minimisation and periodic review.
  • Security incident response planning.

Security Incidents & Breaches

If a breach involving your personal data occurs, we will:

  • Notify you without undue delay where required by law.
  • Provide details of the breach and recommended steps you can take.
  • Cooperate with regulators as necessary.

Children’s Privacy

Our services are not directed to individuals under the age of 16 (or lower as permitted by applicable law). If we become aware that we have collected personal data from a child without parental consent, we will delete it promptly.

Contacting Us

To exercise your rights or ask questions about this policy, contact:

Privacy Officer
Email: privacy@arkahna.io
Mail: 45 St Georges Terrace, Perth, Western Australia, 6000

We may need to verify your identity before fulfilling your request.

Changes to This Policy

We may update this policy periodically. The latest version will always be available on our website.

Third-Party Websites

Our websites may contain links to third-party websites. We are not responsible for their privacy practices.