Home/Privacy Policy

Privacy Policy.

Draft · Pending review

This is a draft pending legal review. The content reflects Effective Risk Management's actual data handling practices as published on the Trust & Security page, but is not yet a final or legally-binding document. Specific Australian Privacy Principle (APP) disclosure requirements and international data transfer clauses must be confirmed by counsel.

- Last updated
27 April 2026
- Effective
Pending review
- Version
Draft 0.1
- Entity
Effective Risk Management Pty Ltd
Section 01

Overview and scope

This Privacy Policy explains how Effective Risk Management Pty Ltd ("we", "us", "our") collects, uses, and protects personal information. It applies to our websites, including effectiverm.com, and the MaturityOne platform (collectively, the "Service").

We are committed to protecting the privacy of our customers and website visitors. Our privacy framework is designed to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For customers in other jurisdictions, we apply equivalent high standards of data protection.

This policy does not apply to the data our customers process within their own MaturityOne tenants ("Customer Data"). For Customer Data, our handling is governed by our Terms of Service or the relevant Master Services Agreement (MSA).

Section 02

Information we collect

We collect information in three ways:

Information you provide directly

When you contact us, book a walkthrough, or sign up for our newsletter. This includes your name, email address, job title, and organisation name.

Information we collect from your use

When you visit our website, we collect basic usage data including your IP address, browser type, and page interactions. We do not use third-party tracking pixels (see our Cookie Policy).

Account information

When a customer organisation provisions you as an Authorised User on the MaturityOne platform, we collect your professional contact details and role assignment.

Section 03

How we use information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Communicate with you about your account, technical updates, and security alerts.
  • Respond to your enquiries and provide customer support.
  • Analyse and improve the performance and security of the Service.
  • Comply with our legal and regulatory obligations.

We only use personal information for the purpose for which it was collected, or for related purposes that would be reasonably expected.

Section 04

What we never do

- Privacy Commitments

We never sell your personal information.
We never use your data to train third-party AI models.
We never share data with advertisers or brokers.
We never access your content unless strictly necessary for support.
Section 05

Data residency

MaturityOne is hosted in Australia. By default, all Customer Data and associated personal information is stored and processed on infrastructure located within Australia (GCP `au-southeast1` Sydney / `au-southeast2` Melbourne).

We do not transfer personal information outside Australia except where required to provide the Service (e.g., to our global sub-processors listed below), or where you have explicitly requested a different residency configuration.

Section 06

Sub-processors

We use a limited number of third-party sub-processors to assist in providing the Service. Each sub-processor is vetted for security and privacy compliance and is bound by a Data Processing Agreement (DPA).

- PartnerFunctionRegion
Google Cloud Platform (GCP)Primary Cloud InfrastructureAustralia
MongoDB AtlasDatabase Managed ServiceAustralia
PostmarkTransactional EmailUSA
AtlassianTechnical Support & TicketingGlobal
Section 07

Security

We maintain a comprehensive information security program designed to protect your data. This includes encryption of data at rest and in transit, role-based access control, regular vulnerability scanning, and independent security audits.

For more detailed information on our security controls, please visit our Trust & Security page.

Section 08

Your rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal information we hold about you.
  • Request the correction of inaccurate or incomplete information.
  • Make a complaint if you believe we have breached the Australian Privacy Principles.

To exercise any of these rights, please contact our Privacy Officer at privacy@effectiverm.com. We will respond to your request within 30 days.

Section 09

Contact

For questions about this Privacy Policy or our data handling practices:

Email

privacy@effectiverm.com

Postal

Effective Risk Management Pty Ltd

Melbourne, Australia

Ready to review our security?

Visit the Trust Center