Legal

Privacy Policy

How RiskProof collects, uses, holds and protects your personal information — aligned to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Last updated · May 2026 · v1.0

1. Who we are

RiskProof is a product of Healthy Minds (operated by Healthy Minds Australia Pty Ltd). In this policy, "RiskProof", "we", "us" and "our" refer to that entity. We are bound by the Privacy Act 1988 (Cth), including the thirteen Australian Privacy Principles (APPs).

This policy explains how we handle personal information collected through www.riskproof.com.au, our marketing communications, the early-access waitlist and (when launched) the RiskProof platform itself.

2. Information we collect

We collect only what we need to deliver the service and run our business. The categories of information we typically hold are:

CategoryExamplesWhy
Contact details Name, work email, organisation, role, phone (if provided). To respond to enquiries and waitlist requests, and to send relevant briefings.
Organisational context Organisation size, sector, jurisdiction, current readiness rating. To tailor your readiness briefing and prioritise pilot allocations.
Site usage IP address, device/browser, referring page, pages viewed, broad geographic region. To understand site performance and improve it. We do not use this to identify you personally.
Communications Emails, meeting notes, briefing materials we’ve shared with you. To maintain our relationship and keep an accurate record of what we’ve discussed.
Platform data (future) Documents you upload, control mappings, evidence records, audit packs. To deliver the RiskProof platform once you are a customer. Detailed handling is covered in our customer agreement and Data Processing Schedule.

We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we’ll delete it.

Sensitive information. RiskProof is a B2B compliance platform. We do not solicit health information, racial or ethnic origin, political views, or other sensitive information through this website. If sensitive information is incidentally included in something you send us (for example, an example incident report attached to an enquiry), we will treat it confidentially and remove it from our records on request.

3. How we use your information

We use personal information to:

  • respond to your enquiry or waitlist request and arrange a readiness briefing;
  • send you relevant content you’ve asked for (regulator-watch briefings, checklists, product updates);
  • operate, secure and improve our website and (in future) the RiskProof platform;
  • meet our legal, accounting and regulatory obligations;
  • protect against fraud, abuse and unauthorised access.

We will not use your information for marketing purposes unrelated to RiskProof or Healthy Minds, and we never sell personal information.

4. Who we share it with

We share personal information only with parties that help us run the service, and only to the extent necessary. These currently include:

  • Healthy Minds — our parent organisation, for joint client relationships and methodology delivery.
  • Hosting and infrastructure providers — including Netlify (web hosting) and standard cloud providers used by Healthy Minds.
  • Email and CRM providers — to send you the briefings or content you’ve requested and to record our conversations.
  • Analytics providers — in aggregated, non-identifying form (see §5).
  • Professional advisers — lawyers, accountants and auditors, under confidentiality.
  • Regulators or law enforcement — where we are required to do so by law.

We require each provider to handle your information at least to the standard required by Australian privacy law.

5. Cookies & analytics

This website uses a small number of cookies and similar technologies for two purposes:

  • Essential — to make the site work (e.g. spam protection on the waitlist form).
  • Analytics — to understand which pages are useful and where visitors get stuck, in an aggregated form that does not identify you.

You can disable cookies in your browser at any time. The site will still work; some analytics signals will simply be missing.

6. Storage & security

We take reasonable steps to protect personal information from misuse, loss and unauthorised access, modification or disclosure. These steps include:

  • encryption in transit (TLS 1.2+) and at rest;
  • access controls based on least-privilege;
  • vendor due diligence on third parties that hold our data;
  • incident response procedures aligned to the Notifiable Data Breaches scheme.

We keep personal information only for as long as we need it to deliver the service and meet our legal obligations. When it is no longer needed, we de-identify or destroy it.

7. Overseas disclosure

Some of our service providers store data outside Australia — typically in the United States and the European Union. We choose providers with strong contractual and technical safeguards, and we take reasonable steps to ensure they handle your information consistently with the APPs. If you would like the current list of overseas providers, please contact us.

8. Access, correction & deletion

You can ask us at any time to:

  • confirm what personal information we hold about you;
  • give you a copy of it;
  • correct anything that is inaccurate or out of date;
  • delete it, where we are not required to keep it for legal reasons.

We’ll respond within 30 days. There’s no charge unless the request is unusually complex, in which case we’ll tell you up front.

9. Complaints

If you believe we’ve mishandled your personal information, please contact us first (see §11) and we will investigate. We aim to acknowledge complaints within 5 business days and resolve them within 30 days.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page will change whenever we do. Material changes will be communicated by email to anyone on our active mailing list before they take effect.

11. Contact us

Privacy enquiries

RiskProof — a Healthy Minds product
Email: nick@healthymindsprogram.com
Postal: c/- Healthy Minds, Adelaide SA, Australia

Please mark "Privacy" in the subject line so we can route your enquiry quickly.