Legal
Privacy Policy
1. About this policy
Stringit Theory Pty Ltd (ABN 40 684 535 028), trading as Stringit Ventures (“Stringit”, “we”, “us”), is committed to protecting your privacy. This Privacy Policy explains how we collect, hold, use, disclose, and protect personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
2. Our two roles
Stringit acts in two distinct roles:
- Data controller for personal information we collect about prospects, customers (as organisations and their personnel), site visitors, applicants, personnel, and suppliers.
- Data processor for personal information our customers entrust to the Stringit platform to be processed on their behalf. In that role, our customers are the data controllers and the relevant Data Processing Agreement governs our handling.
This Privacy Policy primarily addresses our role as data controller. Our handling of customer-entrusted personal information is governed by each customer's Data Processing Agreement and is summarised in section 10.
3. What we collect (controller role)
| Category | Examples |
|---|---|
| Identity and contact | Name, role, organisation, business email, business phone. |
| Engagement information | Meeting records, correspondence, notes, contracts, billing. |
| Website usage | IP address, device and browser metadata, pages viewed, referrer. |
| Marketing | Subscription preferences, event registrations. |
| Personnel and applicants | Information necessary to recruit, employ, pay, and support staff and contractors. |
We collect this information directly from you, from publicly available sources (e.g. LinkedIn, company websites), from our website and marketing tools, and from people who introduce us.
4. Why we collect it
- To assess fit and run discovery, sales, and onboarding processes.
- To deliver services we have contracted with you or your organisation.
- To manage our relationships, including billing and support.
- To comply with our legal obligations.
- To run our website and improve our content.
- To recruit and manage personnel.
- For direct marketing where you have consented or where permitted by law. You can opt out at any time using the unsubscribe link in any marketing email or by contacting
privacy@stringit.ai.
5. Who we share it with
We share personal information only as needed:
- With our sub-processors (cloud providers, identity providers, communications tools) under contract.
- With our professional advisers (legal, accounting) under confidentiality obligations.
- With your organisation where you are a personnel member or representative.
- Where required by law, by court order, or to lift an imminent threat to safety.
We do not sell personal information.
A current list of sub-processors that may process customer personal data is available on request from privacy@stringit.ai.
6. International transfers
Stringit operates from Australia. Some of our sub-processors are located outside Australia, including in the United States and the European Union. We take reasonable steps to ensure overseas recipients handle personal information in line with the APPs, including through contractual safeguards and our vendor assessment process.
For Stringit-platform customers, the region of processing is determined by the engagement and is documented in the engagement contract.
7. How we protect it
We apply technical and organisational measures appropriate to the sensitivity of the information, including:
- Encryption of personal information at rest (AES-256 or equivalent) and in transit (TLS 1.2 minimum).
- Multi-factor authentication on all systems that hold personal information.
- Role-based access control on a least-privilege basis.
- Tenant isolation for customer-entrusted information processed by the Stringit platform.
- Audit logging of access to systems holding personal information.
- A documented Incident Response Plan and Notifiable Data Breach process under the Privacy Act 1988.
8. Your rights
You may:
- Request access to the personal information we hold about you.
- Request correction of personal information that is inaccurate, out of date, incomplete, or misleading.
- Withdraw consent for marketing at any time.
- Make a complaint about our handling of your personal information.
To exercise any of these rights, contact privacy@stringit.ai. We will respond within a reasonable period, within 30 days for access and correction requests where practicable. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
9. Retention
We retain personal information for as long as it is needed for the purpose for which it was collected, then delete or de-identify it, except where law or contract requires us to retain it longer (for example, seven years for financial records).
10. Customer-entrusted personal information
Where Stringit processes personal information on behalf of a customer through the Stringit platform, that customer is the data controller. We:
- Process such information only on the customer's documented instructions.
- Apply our security controls (section 7) to that information.
- Do not use that information to train, fine-tune, or improve any AI model, our own or a third party's.
- Support the customer's response to data subject requests.
- Notify the customer of any incident affecting their data without undue delay.
Specific terms are set out in each customer's Data Processing Agreement.
11. Cookies and analytics
Our website uses cookies and analytics to understand traffic patterns and improve our content. You can control cookies through your browser settings.
12. Changes to this policy
We may update this policy from time to time. The “Last updated” date above indicates when the current version took effect. Material changes will be highlighted on our website.
13. Contact us
Privacy Officer (acting): Chief Technology Officer, Stringit Theory Pty Ltd.
Email: privacy@stringit.ai
Address: 85 William Street, Darlinghurst NSW 2010, Australia.