1. Information We Collect

We collect various types of information to provide and improve our services to you. The specific data we gather depends on how you interact with our platform.

Personal Information You Provide

When you register for an account, request information, or engage with our fundraising services, we may collect:

• Identity Information: Your full name, date of birth, and copies of identification documents where required for verification purposes
• Contact Details: Email address, phone number, postal address, and preferred communication methods
• Business Information: Company name, ABN/ACN, business structure, industry sector, and details about your startup or venture
• Financial Data: Bank account details, transaction history, fundraising goals, investment preferences, and financial documents submitted during due diligence
• Professional Background: Work history, educational qualifications, professional references, and LinkedIn profile information

Information Collected Automatically

When you access our website, certain information is collected automatically through cookies and similar technologies:

• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths through our site
• Location Data: General geographic location based on IP address (city and state level, not precise coordinates)
• Technical Data: Connection speed, service provider details, and error logs

Information from Third Parties

We may receive information about you from external sources, including credit reference agencies, fraud prevention services, publicly available business registers (ASIC), and professional networking platforms when you grant permission.

2. How We Use Your Information

Your information helps us deliver effective fundraising services and maintain a secure platform. We process your data for specific purposes with appropriate legal basis.

We analyze aggregated usage patterns to understand which services resonate most with startups and investors. This helps us refine our platform without identifying individual users. For example, if we notice many users abandoning forms at a particular step, we'll investigate whether that section needs clarification.

3. Disclosure of Your Information

We share your information only when necessary to deliver our services or comply with legal requirements. We don't sell your personal data to third parties.

Service Providers and Partners

We engage trusted third-party providers who process data on our behalf:

• Technology Providers: Cloud hosting services (AWS Sydney region), email delivery platforms, and customer relationship management systems
• Payment Processors: Financial institutions and payment gateways that handle transaction processing securely
• Verification Services: Identity verification providers and credit reference agencies for compliance checks
• Professional Advisors: Legal counsel, accountants, and auditors bound by confidentiality obligations

Regulatory and Legal Disclosures

We may disclose your information when required by law, including to ASIC, AUSTRAC, or other regulatory bodies. We'll also share data if necessary to protect our rights, investigate fraud, or respond to valid legal processes like court orders or subpoenas.

Business Transfers

If relanexora undergoes a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We'll notify you via email and prominent website notice before this occurs, giving you options regarding your data.

4. Data Security Measures

We implement comprehensive security practices to protect your information from unauthorized access, alteration, or destruction.

Our security framework includes:

• Multi-factor authentication for staff accessing sensitive systems
• Regular security audits conducted by independent third-party experts
• Strict access controls limiting data access to authorized personnel only
• Continuous monitoring for suspicious activity and automated threat detection
• Regular backups stored in geographically separate locations
• Employee training on data protection and security best practices

Despite these measures, no system is completely secure. If we detect a data breach that poses serious harm, we'll notify affected individuals within 72 hours and report to the Office of the Australian Information Commissioner as required.

5. Your Privacy Rights

Under Australian privacy law, you have several rights regarding your personal information. Here's what you can request and how we'll respond.

Access Your Information

You can request a copy of the personal data we hold about you. We'll provide this within 30 days in a commonly used electronic format. There's no charge for reasonable requests, though we may apply a fee for excessive or repetitive requests that require significant administrative effort.

Correct Inaccurate Data

If you believe information we hold is incorrect or outdated, let us know. We'll update it promptly once you provide supporting documentation. This is particularly important for contact details and business information that affects service delivery.

Request Deletion

You can ask us to delete your personal information in certain circumstances. However, we may need to retain some data to comply with legal obligations (like financial record-keeping requirements under the Corporations Act 2001) or to establish, exercise, or defend legal claims. We'll explain what we can and cannot delete when you make a request.

Opt Out of Communications

You can unsubscribe from marketing emails using the link at the bottom of each message. Note that we'll still need to send essential service communications about your account or transactions.

Lodge a Complaint

If you're concerned about how we've handled your data, contact our Privacy Officer first. We'll investigate and respond within 30 days. If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

6. Data Retention

We retain your information only as long as necessary to fulfill the purposes outlined in this policy or meet legal requirements.

When data reaches the end of its retention period, we securely delete or anonymize it so it can no longer identify you. Anonymized data may be retained indefinitely for statistical analysis.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality and analyze usage patterns. You have control over cookie settings.

Types of Cookies We Use

• Essential Cookies: Required for basic site functionality like maintaining your session when logged in. These cannot be disabled without breaking the site.
• Performance Cookies: Help us understand how visitors use our site by collecting anonymous usage statistics. We use this to identify popular content and problem areas.
• Functional Cookies: Remember your preferences like language settings or display options to personalize your experience.
• Analytics Cookies: Provide detailed insights into user behavior, helping us improve site design and content relevance.

You can manage cookie preferences through your browser settings. Blocking certain cookies may affect site functionality. Most browsers allow you to view, delete, or block cookies on a site-by-site basis.

8. International Data Transfers

We primarily store data within Australia using local data centers. However, some service providers (like cloud infrastructure and email platforms) may process data in overseas locations including the United States and Singapore.

When we transfer data internationally, we ensure adequate protections through:

• Using service providers certified under recognized security frameworks
• Implementing contractual clauses that require equivalent privacy protections
• Ensuring data is encrypted during transmission and storage
• Conducting due diligence on overseas providers' privacy practices

You can request specific details about where your data is stored and what safeguards apply by contacting our Privacy Officer.

9. Children's Privacy

Our services are designed for business professionals and accredited investors. We do not knowingly collect information from individuals under 18 years of age. If you're a parent or guardian who discovers your child has provided us with personal information, please contact us immediately. We'll delete such information from our systems within 48 hours of verification.

10. Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email and display a prominent notice on our website for at least 30 days.

The "Last Updated" date at the top shows when the current version took effect. We encourage you to review this policy whenever you use our services to stay informed about how we protect your information.

Continued use of our services after policy changes indicates acceptance of the updated terms. If you disagree with changes, you may close your account by contacting us.