Privacy Policy

Last updated: January 2026

Your privacy matters to us. Learn how we collect, use, and protect your information across all QuestFeed products and services.

Jump to: About Us What We Collect Platforms How We Use It Security Your Rights Contact

Our Privacy Commitment

QuestFeed Pty Ltd is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We treat your data with the highest level of care and confidentiality across all our decision support platforms.

No Data Selling

We never sell your personal or business information to third parties.

Encrypted & Secure

All data is encrypted in transit (TLS/SSL) and at rest (AES-256).

Your Control

Access, correct, or delete your data anytime. Revoke access instantly.

1

About QuestFeed

QuestFeed builds AI-powered decision support systems using graph-based reasoning, Bayesian networks, and machine learning. We are operated by:

Company Name

QuestFeed Pty Ltd

ABN

58 632 013 855

Entity Type

Australian Private Company

Location

Queensland, Australia

Our Products:

AuditROI — Cybersecurity Threat Intelligence (auditroi.com)
AuditDSS — Regulatory Compliance Intelligence (auditdss.com)

Services We Provide:

  • - Cybersecurity vulnerability scanning and threat intelligence
  • - Regulatory compliance risk assessment and obligation mapping
  • - Graph-based cascade risk analysis
  • - AI and geospatial consulting services
  • - Decision support platform access and reporting
2

Information We Collect

Information You Provide

Contact Information

Name, email, phone number, business name

Business Details

Business type, location, industry, website URL

Project Requirements

Design preferences, functionality needs, goals

Account Credentials

Login information for your dashboard access

Automatically Collected Information

Website Analytics

Usage patterns, pages visited, time on site

Technical Data

IP address, browser type, device information

3

Third-Party Platform Data

Our platforms collect and process data from various sources to provide intelligence and risk analysis:

AuditROI — Cybersecurity Data

  • What we collect: Publicly accessible website and infrastructure data (DNS, SSL, headers, technologies) provided by you for scanning
  • Why we collect it: To identify vulnerabilities, map attack chains, and generate threat intelligence reports
  • How we process it: Through 266 automated scanners, 184 ML models, and graph-based cascade risk analysis

AuditDSS — Regulatory Compliance Data

  • What we collect: Organisation profile, industry classification, and compliance questionnaire responses
  • Why we collect it: To map regulatory obligations, score compliance risk, and generate actionable intelligence
  • How we process it: Through Bayesian reasoning networks, obligation graph analysis, and 5-axis risk scoring

Data Retention

  • - Third-party platform data is retained for the duration of your service + 90 days
  • - OAuth tokens are stored securely and refreshed automatically
  • - Upon service termination, your data is deleted within 90 days
  • - You can request immediate deletion at any time

Data Protection Guarantees

  • - We only access data necessary to provide our services
  • - We never sell or share third-party platform data with external parties
  • - Third-party data is stored with the same protections as your direct data
  • - You can revoke platform access at any time through your account settings or by contacting us
  • - We comply with Google API Services User Data Policy
4

How We Use Your Information

Perform cybersecurity vulnerability scanning and threat intelligence analysis

Map regulatory obligations and score compliance risk across jurisdictions

Generate risk reports and decision support intelligence

Train and improve our ML models and graph-based reasoning engine

Communicate with you about your account, reports, and platform updates

Comply with legal obligations

Third-Party Services We Use

AWS

Cloud infrastructure and compute

Cloudflare

CDN, edge hosting, and security

PostgreSQL (RDS)

Database hosting

Threat Intelligence Feeds

CVE, NVD, EPSS, and CISA data sources

5

Data Security

Encryption

TLS/SSL in transit, AES-256 at rest

Access Controls

Role-based access, OAuth token security

Infrastructure

Cloudflare edge + Google Cloud Australia

Incident Response

Breach detection and notification procedures

International Data Transfers

Your data may be processed in Australia and the United States (via AWS and Cloudflare). We ensure appropriate safeguards are in place for international transfers in compliance with Australian Privacy Principles.

6

Your Rights

Under Australian Privacy Principles, you have the right to:

Access

Request access to your personal information

Correction

Request correction of inaccurate information

Deletion

Request deletion of your personal information

Withdraw Consent

Withdraw consent and revoke OAuth access at any time

How to Exercise Your Rights

To exercise any of these rights or revoke third-party platform access, contact us at:

hello@questfeed.com

We will respond within 30 days.

7

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice (such as email notification). Your continued use of our services after changes constitutes acceptance of the updated policy.

Contact Our Privacy Team

For questions about this Privacy Policy or our privacy practices:

QuestFeed Pty Ltd

ABN: 58 632 013 855

hello@questfeed.com

questfeed.com

Queensland, Australia

Third-Party Privacy Policies

AWS Privacy Policy Cloudflare Privacy Policy

Document Version: 1.0 | Effective: January 2026