Who we are
Pipelabs (ABN 92 631 681 546) ("we", "us", "our") operates www.getpocketknife.io ("Site") and provides SaaS eCommerce, ERP and B2B-related services.
We handle personal information and data security in accordance with Australia's Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and industry best practices.
1. Information classification and protection
We classify information based on sensitivity and apply proportional security controls. Personal and client data are stored securely in controlled environments hosted on Google Cloud Platform (GCP). Access to these systems is limited to authorised personnel and protected by encryption, MFA, and network security controls.
2. Security in human resources
All employees and contractors with access to systems or data sign confidentiality agreements and receive onboarding and ongoing security awareness training. Access is removed immediately upon termination or change of role.
3. Physical security
Our office and equipment are secured through controlled access, locked facilities, and surveillance where applicable. Laptops and mobile devices use disk encryption and automatic locking.
4. Acceptable use of information and IT devices
Company systems and devices must be used only for authorised business purposes. Employees are prohibited from downloading unapproved software, disabling security features, or sharing credentials. Personal data handling must follow this policy and relevant laws.
5. Access control
Access to systems and data is based on the principle of least privilege. User accounts are unique, protected by multi-factor authentication, and reviewed periodically. Access to client environments or sensitive systems requires approval and logging.
6. Password policy
Passwords must meet complexity and rotation requirements and are never shared. All critical systems use MFA. Credentials are stored and managed securely using password managers with enterprise-grade encryption.
7. Authorized and unauthorized data use
Personal and client data are used only for the purposes described in this policy. Unauthorised access, disclosure, or modification is strictly prohibited and treated as a security incident.
8. Software development and change control
Our software development follows secure coding standards and peer review processes. All code changes are reviewed via pull requests and undergo automated testing. Sensitive credentials are not hardcoded and are managed securely via environment variables and secret management systems.
9. Cryptography
All data in transit is encrypted using TLS 1.2+; data at rest is encrypted using AES-256. Sensitive backups and credentials are encrypted and stored securely. Encryption keys are managed using GCP's Key Management Service (KMS).
10. Incident management and response
We maintain an incident response plan covering both security and privacy incidents. Incidents are logged, assessed, and escalated promptly. Where required by law, affected individuals and regulators will be notified without undue delay.
11. Compliance with laws and regulations
We comply with the Privacy Act 1988 (Cth), the APPs, and all relevant Australian cybersecurity and data protection standards. Where applicable, we also align with international frameworks such as ISO 27001 and SOC 2 principles.
12. Data retention and destruction
We retain personal information only as long as necessary to fulfil the purposes for which it was collected or as required by law. When no longer required, data is securely destroyed or de-identified using industry-standard methods.
13. Business continuity and disaster recovery
We maintain automated data backups and a cloud-based recovery plan to ensure continued service availability. Backup integrity is verified regularly, and critical systems are hosted in redundant environments.
14. Cookies & analytics
We use cookies and similar technologies to operate the Site, remember settings, analyse traffic, and improve performance. You can control cookies through your browser settings, though disabling them may affect certain features.
15. Direct marketing
We may send you marketing communications where permitted by law. You can opt out at any time using the unsubscribe link or by contacting us directly.
16. Access and correction
You can request access to the personal information we hold about you and ask for corrections if it is inaccurate, out of date, or incomplete. We will respond within a reasonable time.
17. Complaints
If you have a privacy or security concern, contact us first so we can resolve it. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) for guidance.
18. Third-party links
Our Site may contain links to third-party sites. We are not responsible for their privacy or security practices.
19. Changes to this policy
We may update this policy periodically. The updated version will be posted here with a new "Last updated" date.