Privacy Policy

How Trificta collects, uses, and protects your personal information.

Last updated: April 2026  ·  ABN: 34 644 855 158  ·  Applies to: trificta.com.au and all Trificta services

1. About This Policy

Trificta Pty Ltd ("Trificta", "we", "us", or "our") is committed to protecting the privacy of individuals who interact with us. This Privacy Policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth), the thirteen Australian Privacy Principles (APPs) contained in Schedule 1 of that Act, and the Notifiable Data Breaches scheme under Part IIIC of the Act.

Where we provide services to clients in the European Union, we also take reasonable steps to meet the requirements of the EU General Data Protection Regulation (GDPR) in respect of the personal data we handle on their behalf.

By using our website or engaging our services, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our website or services.

2. What Personal Information We Collect

We may collect the following types of personal information:

Contact and identity information

  • Name (first and last)
  • Email address
  • Phone number
  • Company name and job title
  • Postal or business address

Technical and usage information

  • IP address and browser type
  • Pages visited and time spent on our website
  • Referring website or search terms
  • Device type and operating system

Business and service information

  • Information provided in enquiries, contact forms, or support requests
  • Details relevant to the delivery of our ICT services
  • Communication records (email, phone notes)

Sensitive information

We do not deliberately collect "sensitive information" as defined in section 6 of the Privacy Act (which includes health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and similar categories). In the rare event a client engagement requires us to handle such information, we will only do so with the individual's express consent and with additional safeguards appropriate to the category under APP 3.3.

3. How We Collect Personal Information

We collect personal information in a number of ways, including:

  • When you complete the contact form on our website
  • When you email or call us directly
  • When you engage us to provide services
  • When you apply for a position at Trificta
  • Through cookies and website analytics tools (see section 8)
  • From publicly available sources (e.g. LinkedIn, company websites)

We will only collect personal information by lawful and fair means. Where practicable, we collect personal information directly from the individual concerned.

4. Why We Collect and Use Personal Information

We collect and use personal information for the following purposes:

  • To respond to enquiries and provide requested information
  • To deliver and manage our ICT services to clients
  • To communicate about projects, service updates, and support
  • To process job applications and manage recruitment
  • To comply with legal obligations
  • To improve our website and service offerings
  • To send relevant business communications (with your consent where required)

We will not use or disclose your personal information for purposes other than those described above without your consent, unless required or authorised by law.

5. Disclosure of Personal Information

We may disclose your personal information to:

  • Our employees and contractors who need it to perform their duties
  • Technology partners and subcontractors involved in delivering our services
  • Professional advisers (legal, financial, accounting)
  • Government or regulatory authorities where required by law

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Data residency and overseas disclosure (APP 8)

The third-party platforms we rely on to host this website and run our business, and the regions where personal information you provide to us may be processed or stored, are:

  • Australia — Microsoft Azure (Australia East & Australia Southeast) for our website infrastructure, client workloads, and our internal business systems.
  • United States — cloud-based productivity and collaboration platforms, where a Trificta client's tenant is hosted in US regions.

Static content for this website is delivered via Azure's global content delivery network; edge servers worldwide cache pre-rendered files which contain no personal information.

Onsitr SaaS platform

Onsitr is Trificta's contractor management platform for Australian schools. Production customer instances are hosted in the Amazon Web Services (AWS) Sydney (Asia Pacific) region by default. All personal information captured by Onsitr (contractor onboarding records, on-site check-in events, permits-to-work, incident reports, and the associated audit logs) remains within Australia under this default deployment.

On written request as part of customer onboarding, an Onsitr instance can be provisioned in a different AWS region (for example the European Union, the United States, or another Asia-Pacific region) to meet a customer's data-residency requirements. The chosen region is recorded in the customer's service agreement and applies for the life of that engagement.

Cofferdam

Cofferdam is distributed as a self-hosted application. Customer data (racks, cables, IP assignments, environmental telemetry, audit logs) resides entirely on the customer's own infrastructure, and Trificta does not host, process, or have access to data captured by self-hosted deployments.

On request, Cofferdam can also be provisioned as a managed SaaS service hosted by Trificta. Each managed customer receives a dedicated, single-tenant instance in the cloud region that best meets their data-residency requirements. Trificta does not operate shared-tenancy Cofferdam environments; every customer's data is isolated to its own instance and its own region of choice.

Where we disclose personal information to an overseas recipient we take reasonable steps to ensure they handle it in accordance with the Australian Privacy Principles or a substantially similar regime.

6. Data Security and the Notifiable Data Breaches scheme

We take reasonable steps under APP 11 to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • TLS 1.2+ encryption in transit for all website traffic and client integrations
  • Encryption at rest for systems that store personal information
  • Role-based access controls, multi-factor authentication, and least-privilege service accounts
  • Regular patching, vulnerability scanning, and staff security awareness training
  • Logging and monitoring of access to systems containing personal information
  • Secure destruction or de-identification of information that is no longer required

If Trificta becomes aware of a data breach that is likely to result in serious harm to an affected individual, and we are unable to remediate the breach before that harm occurs, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. This means we will notify the Office of the Australian Information Commissioner (OAIC) and each affected individual as soon as practicable, with the information required by section 26WK of the Act.

No method of transmission over the internet is completely secure. While we apply the safeguards above, we cannot guarantee absolute security of information transmitted to us online.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typical retention periods are:

  • Website enquiries and contact-form submissions — 24 months from last contact, then deleted unless converted into an active client engagement.
  • Client business records (contracts, invoices, project documentation) — 7 years from end of engagement, to meet Corporations Act and ATO record-keeping obligations.
  • Unsuccessful job applications — 12 months from the date of application, then deleted (we may ask for consent to keep your details on file for longer).
  • Employee records — for the duration of employment and 7 years afterward, as required by the Fair Work Act and related regulations.
  • Website analytics (aggregate, non-identifying) — retained indefinitely; personally-identifying logs (IP addresses) are rotated out after 90 days.

When personal information is no longer needed for any purpose permitted by APP 11.2, we take reasonable steps to destroy or de-identify it.

8. Cookies and Website Analytics

Our website uses a small number of cookies and similar browser storage mechanisms, grouped by purpose:

  • Strictly necessary — none. The contact form submits via plain HTTPS POST to our own backend (Azure Static Web Apps Function) and does not require a session cookie.
  • Preferences — local storage entries that remember UI state (e.g. "reduce motion" respected, mobile navigation drawer state). No identifying information.
  • Analytics — at the time of writing we do not run any third-party analytics tools on this website. If we introduce analytics in the future, this policy will be updated to name the vendor and you will be given a clear opt-out.

You can configure your browser to refuse cookies or alert you when cookies are being sent. The website does not rely on cookies for core functionality, but disabling local storage may reset preference settings between visits.

8A. Direct Marketing (APP 7)

We do not send unsolicited marketing messages. If, in the course of a business engagement, we send you service updates or information relevant to your account, you can unsubscribe at any time by replying to that message or emailing sales@trificta.com.au. We will action opt-outs within five business days, consistent with the Spam Act 2003 (Cth).

9. Accessing and Correcting Your Personal Information

You have the right to request access to the personal information Trificta holds about you, and to request that we correct any inaccurate, out-of-date, or incomplete information. To make such a request, please contact us using the details in section 11.

We will respond to access requests within a reasonable timeframe. In some circumstances we may be unable to provide access (for example, where it would unreasonably impact the privacy of another individual), and we will advise you of the reasons.

10. Complaints

If you believe Trificta has handled your personal information in a way that breaches the Australian Privacy Principles, you may make a complaint by contacting us using the details below. We will acknowledge your complaint within 7 days and provide a substantive response within 30 days, as required by OAIC guidance.

If you are not satisfied with our response, or if we have not responded within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Online: www.oaic.gov.au/privacy/privacy-complaints
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

11. Contact Us

For any privacy-related questions, requests, or complaints, please contact us:

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version will always be available at trificta.com.au/privacy.html. We encourage you to review this policy periodically.