Privacy Policy

Last updated: February 2026

 

1. ABOUT THIS POLICY

Nyxium Labs Pty Ltd ACN 689 387 406 (Nyxium, we, us, our) is committed to handling personal information in a transparent and secure way.

This Privacy Policy explains how Nyxium collects, holds, uses and discloses personal information in connection with:

  • our websites and communications; and

  • our software platform and related services (Platform).

This Policy is intended to support compliance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs), and any other applicable privacy laws.

2. SCOPE AND ROLES

Nyxium provides the Platform to business customers (each a Customer). The Customer generally controls what data is uploaded to or processed in the Platform.

  • Nyxium’s own business data:

We collect and handle personal information about Customers and users of the Platform (Users) (for example, account details, billing contacts, login and audit logs, and support requests). This Policy applies to that information.

  • Customer content / customer data:

Customers may upload or store information (including personal information) in the Platform (Customer Data). Nyxium handles Customer Data to provide the Platform and associated services. Our handling of Customer Data may also be governed by the Customer’s subscription / licence agreement with Nyxium.

3. DEFINITIONS

In this Policy:

  • Personal Information has the meaning given in the Privacy Act and generally means information about an identified individual, or an individual who is reasonably identifiable.

  • Sensitive Information has the meaning given in the Privacy Act and includes information such as health information, criminal record information and other sensitive categories.

  • User means an individual authorised by a Customer to access and use the Platform.

  • Customer Data means data or content uploaded to the Platform by or on behalf of a Customer, including any Personal Information contained in that data.

4. WHAT PERSONAL INFORMATION WE COLLECT

The kinds of personal information we may collect include:

4.1.      Account and identity information

  • names, titles, employer / business name, business contact details (email, phone, address); and

  • user IDs, authentication details (for example, Microsoft OAuth identifiers), and role / permission information.

4.2.      Billing and commercial information

  • billing contacts, invoicing details, payment status, and related correspondence.

4.3.      Platform usage, device and log information

  • login and access logs, audit trails, IP addresses, device and browser information, session activity, and platform usage analytics; and

  • security and diagnostic logs.

4.4.      Support and communications

  • enquiries, support tickets, call notes, emails, and other communications with us.

4.5.      Website and cookie information

  • website usage data collected through cookies or similar technologies (see section 11).

4.6.      Customer Data

  • personal information that Customers upload into the Platform may include information about individuals connected with the Customer’s operations (for example, clients, employees, directors, creditors, debtors, suppliers, and other stakeholders).

5. HOW WE COLLECT PERSONAL INFORMATION

We may collect personal information:

  • directly from you (for example, when you create an account, use the Platform, contact support, or communicate with us);

  • from a Customer (for example, when a Customer creates a User account for you);

  • from third parties you authorise (for example, identity / authentication providers such as Microsoft, or integrated third party services);

  • from publicly available sources (where reasonable and lawful); and

  • through cookies and analytics tools when you use our websites (see section 11).

6. WHY WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION

We collect, hold, use and disclose personal information for purposes including:

6.1.      Providing the Platform and services

  • to create and administer accounts, provide access and permissions, and enable Platform functionality;

  • to process requests, deliver support and training, and maintain service levels; and

  • to operate and maintain audit logging and security features.

6.2.      Security, quality and improvement

  • to monitor, investigate and prevent security incidents, fraud, misuse and unlawful activity; and

  • to troubleshoot, test, develop and improve the Platform, including performance and user experience.

6.3.      Billing and administration

  • to manage subscriptions, invoices, payments, and related business operations.

6.4.      Legal and compliance

  • to comply with applicable laws, lawful requests, regulatory obligations, and to enforce our agreements.

6.5.      Communications and marketing

  • to communicate with Customers and Users about the Platform, changes, updates, service messages, and (where permitted) marketing. You can opt out of marketing communications at any time.

7. DISCLOSURE OF PERSONAL INFORMATION

We may disclose personal information to:

7.1.      Service providers and contractors

including providers of:

  • cloud hosting and infrastructure (eg Microsoft Azure);

  • authentication and identity services (eg Microsoft);

  • customer support tooling;

  • analytics and monitoring;

  • email and communications services; and

  • professional advisers (legal, accounting, insurance).

We require service providers to handle personal information in a manner consistent with this Policy and our contractual requirements.

7.2.      Customers (representatives)

Where a User is provisioned by a Customer, we may disclose account, usage and administrative information to the Customer’s nominated representative for account management, security and compliance purposes.

7.3.      Related entities and corporate transactions

To our related bodies corporate and to prospective purchasers or advisers in connection with a merger, acquisition, restructure or sale (subject to appropriate confidentiality safeguards).

7.4.      Regulators and law enforcement

Where required or authorised by law, including to respond to subpoenas, court orders, regulatory requests, or to protect rights and safety.

8. OVERSEAS DISCLOSURE AND CROSS-BORDER ACCESS

Nyxium uses, and may from time to time engage, third-party service providers to support delivery of the Services (for example, cloud hosting, authentication, analytics, communications tools, customer support tooling, and security monitoring).

In providing the Services, Nyxium may store, process or otherwise handle Personal Information using systems or service providers that are located in, or accessible from, jurisdictions outside Australia. This may include circumstances where a third-party provider stores data in multiple locations, or provides remote support from an overseas location.

Nyxium takes reasonable steps to ensure that any overseas recipients and service providers handling Personal Information on Nyxium’s behalf do so in a manner consistent with this Policy and applicable privacy laws, including through contractual protections and vendor due diligence (where appropriate).

At the date of this Policy, Nyxium’s key service providers may be located in or accessible from Australia.

9. SECURITY OF PERSONAL INFORMATION

Nyxium takes reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

Our security measures may include:

  • access controls and role-based permissions;

  • multi-factor authentication and credential management;

  • encryption in transit and, where appropriate, at rest;

  • audit logging and monitoring;

  • secure development and change management practices; and

  • incident response processes and escalation procedures.

No system is completely secure. Customers and Users are responsible for maintaining appropriate security of credentials and access devices.

10. DATA BREACHES

If Nyxium becomes aware of a data breach affecting personal information, we will assess the incident and, where required, notify affected individuals and / or the Office of the Australian Information Commissioner (OAIC) in accordance with the Privacy Act and the Notifiable Data Breaches scheme.

11. COOKIES AND ANALYTICS

Nyxium websites may use cookies and similar technologies to:

  • enable site functionality;

  • analyse website traffic and usage; and

  • improve our content and user experience.

You can disable cookies through your browser settings, but doing so may affect website functionality.

12. ACCESS, CORRECTION AND COMPLAINTS

12.1.    Access and correction

You may request access to, or correction of, personal information we hold about you by contacting us using the details below. We may need to verify your identity before responding.

12.2.    Complaints

If you have a complaint about how Nyxium handles Personal Information, please contact Nyxium using the details above. Nyxium will acknowledge receipt and will investigate the complaint and respond within a reasonable timeframe (generally within 30 days).

If you are not satisfied with Nyxium’s response, you may lodge a complaint with the OAIC.

13. RETENTION

Nyxium retains Personal Information only for as long as reasonably necessary to provide the Services, for legitimate business purposes, and to meet legal, regulatory, accounting and reporting requirements. Where Personal Information is no longer required, Nyxium will take reasonable steps to delete, de-identify or securely destroy it, subject to any legal retention obligations.

14. CONTACT US

Privacy Officer: Conor Lane

Email: conor.lane@nyxium.com.au

Address: Level 3, 150 Edward St Brisbane QLD 4000

15. UPDATES TO THIS POLICY

We may update this Policy from time to time by publishing an updated version on our website. The updated version will take effect from the “Last updated” date.