Privacy Policy

Version 2026-06-20 · Effective 20 June 2026

This Privacy Policy explains how Faultex collects, uses, discloses and protects personal information, in accordance with the Australian Privacy Principles.

1. About this Privacy Policy

This Privacy Policy explains how [Faultex Pty Ltd] (ACN/ABN [ABN/ACN], "Faultex", "we", "us" or "our") handles personal information when you visit our website and use the Faultex supply-chain risk intelligence service (the "Service").

We are based in Australia and we are committed to handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). "Personal information" has the meaning given in the Privacy Act: information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Much of the data you enter into Faultex is business information about your organisation and your suppliers (for example, supplier company names, commodities and trade lanes) rather than personal information about individuals. Where that business information also identifies or relates to an individual (for example, a sole-trader supplier or a named contact), we treat it as personal information and handle it under this Policy.

By creating an account or using the Service, you acknowledge this Policy. If you do not agree with it, please do not use the Service.

2. The kinds of personal information we collect

We collect the following categories of information:

We do not intentionally collect sensitive information (as defined in the Privacy Act, such as health or biometric data). Please do not enter sensitive information into the Service.

3. How we collect personal information

We collect personal information:

Where it is reasonable and practicable, we collect personal information about you directly from you. If we receive personal information we did not request and could not lawfully have collected, we will deal with it in accordance with APP 4.

4. Why we collect, hold, use and disclose your information

We collect, hold and use personal information to:

We will only use or disclose your personal information for the primary purpose for which it was collected, for a directly related secondary purpose you would reasonably expect, or where you have consented or we are otherwise permitted or required by law (APP 6).

We do not sell your personal information, and we do not use your account profile, supplier list, regions or lanes to train third-party AI models. We may use de-identified and aggregated signal trends internally to maintain and improve our risk-scoring; we do not publish your individual profile.

5. AI processing of your inputs

Some features of the Service use artificial intelligence and large language models (LLMs) to generate content — for example mitigation plans, briefing and report text, forecasts, and Agent-drafted emails and documents.

To provide these features, the inputs needed to perform the task (which may include your organisation details and the supplier, commodity, region or lane information relevant to the request) are sent to our AI/LLM sub-processor for processing and returned to you. We use providers under contractual terms that restrict use of your data to providing the service to us and that do not permit your data to be used to train their general models. We do not use your data to train our own or third parties' foundation models.

AI-generated outputs may be inaccurate, incomplete or out of date and should be reviewed by you before you rely on or send them.

6. Third-party data sources in our outputs

Our outputs are built in part from third-party and public data sources, including company-ownership data (GLEIF), country-risk indicators (World Bank), trade data, and approximately 28 public sanctions, export-control, debarment and forced-labour lists used by the Watchlists feature.

This third-party data is provided to us "as is". It may be incomplete, out of date or contain errors, and we do not control it. Watchlist matches are indicative, name-based results intended to prioritise your own due diligence — they are not a determination that any company or individual is sanctioned, debarred, or linked to any conduct. Risk scores, severity bands, ownership resolutions, country-risk labels and forecasts are derived analytical outputs, not statements of fact, and forecasts are probabilistic estimates that may prove wrong. You should verify any result against the original official source before relying on it.

7. Who we share personal information with

We do not sell your personal information. We disclose it only to:

We do not disclose your personal information to third parties for their own marketing.

8. International transfers / overseas disclosure

Some of our sub-processors store or process data outside Australia (for example in the United States or other countries where our authentication, AI, automation, delivery and payment providers operate). The likely countries will depend on the providers listed in section 7 and should be confirmed once those providers are finalised.

Before disclosing personal information overseas, we take reasonable steps to ensure recipients handle it consistently with the APPs, including through contractual protections (APP 8). By using the Service and entering data into it, you acknowledge that your information may be processed overseas by these providers.

9. Data security

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure (APP 11). These steps include encryption in transit, access controls and authentication, an administrative access allowlist, and use of reputable infrastructure providers.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a data breach likely to result in serious harm, we will assess and respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.

10. Retention and deletion

We hold personal information only for as long as it is needed for the purposes described in this Policy, or as required by law (for example, tax and financial records).

You can delete your account at any time from the Profile page, which removes your account and associated profile data (the deletion is double-confirmed to prevent accidents). When you delete your account, or when information is no longer needed and we are not required to retain it, we will take reasonable steps to destroy or de-identify it. Some information may persist for a limited period in backups or where retention is legally required, and de-identified aggregate data may be retained.

11. Cookies, local storage and analytics

The Service uses cookies and browser local storage to keep you signed in, remember preferences (such as theme and onboarding progress), and operate core functionality. We also use analytics (including our authentication provider's analytics) to understand how the Service is used so we can improve it.

Most browsers let you block or delete cookies and local storage, but some features of the Service may not work properly if you do.

12. Your rights — access and correction

Under the APPs you may request access to the personal information we hold about you (APP 12) and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading (APP 13). Much of this you can view and update yourself in your profile, or remove by deleting your account.

To make an access or correction request, contact us using the details in section 15. We will respond within a reasonable period. We do not generally charge for access requests, though a reasonable cost-based charge may apply in limited cases; we will not charge you to make a request. We may need to verify your identity before acting.

13. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, please contact us first using the details in section 15 so we can investigate and respond, usually within 30 days.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, by phone on 1300 363 992, or by writing to GPO Box 5288, Sydney NSW 2001.

14. Children

The Service is a business tool intended for use by organisations and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, please contact us and we will take reasonable steps to delete it.

15. How to contact us

For any privacy question, request or complaint, contact:

[Faultex Pty Ltd] Privacy / Legal: [legal contact email]

We may ask you to verify your identity before we action a request.

16. Changes to this Policy

We may update this Policy from time to time to reflect changes to the Service, our providers, or the law. We will post the updated version with a new effective date, and where changes are material we will take reasonable steps to notify you (for example by email or an in-app notice). Your continued use of the Service after an update takes effect means you accept the updated Policy.