Legal

Privacy & Security Policy.

How Pipelabs handles personal information, client data and security for Pocketknife, our site, and related SaaS eCommerce, ERP and B2B services.

Last updated: 27 August 2025

Who we are

Pipelabs (ABN 92 631 681 546) ("we", "us", "our") operates www.getpocketknife.io ("Site") and provides SaaS eCommerce, ERP and B2B-related services.

We handle personal information and data security in accordance with Australia's Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and industry best practices.

1. Information classification and protection

We classify information based on sensitivity and apply proportional security controls. Personal and client data are stored securely in controlled environments hosted on Google Cloud Platform (GCP). Access to these systems is limited to authorised personnel and protected by encryption, MFA, and network security controls.

2. Security in human resources

All employees and contractors with access to systems or data sign confidentiality agreements and receive onboarding and ongoing security awareness training. Access is removed immediately upon termination or change of role.

3. Physical security

Our office and equipment are secured through controlled access, locked facilities, and surveillance where applicable. Laptops and mobile devices use disk encryption and automatic locking.

4. Acceptable use of information and IT devices

Company systems and devices must be used only for authorised business purposes. Employees are prohibited from downloading unapproved software, disabling security features, or sharing credentials. Personal data handling must follow this policy and relevant laws.

5. Access control

Access to systems and data is based on the principle of least privilege. User accounts are unique, protected by multi-factor authentication, and reviewed periodically. Access to client environments or sensitive systems requires approval and logging.

6. Password policy

Passwords must meet complexity and rotation requirements and are never shared. All critical systems use MFA. Credentials are stored and managed securely using password managers with enterprise-grade encryption.

7. Authorized and unauthorized data use

Personal and client data are used only for the purposes described in this policy. Unauthorised access, disclosure, or modification is strictly prohibited and treated as a security incident.

8. Software development and change control

Our software development follows secure coding standards and peer review processes. All code changes are reviewed via pull requests and undergo automated testing. Sensitive credentials are not hardcoded and are managed securely via environment variables and secret management systems.

9. Cryptography

All data in transit is encrypted using TLS 1.2+; data at rest is encrypted using AES-256. Sensitive backups and credentials are encrypted and stored securely. Encryption keys are managed using GCP's Key Management Service (KMS).

10. Incident management and response

We maintain an incident response plan covering both security and privacy incidents. Incidents are logged, assessed, and escalated promptly. Where required by law, affected individuals and regulators will be notified without undue delay.

11. Compliance with laws and regulations

We comply with the Privacy Act 1988 (Cth), the APPs, and all relevant Australian cybersecurity and data protection standards. Where applicable, we also align with international frameworks such as ISO 27001 and SOC 2 principles.

12. Data retention and destruction

We retain personal information only as long as necessary to fulfil the purposes for which it was collected or as required by law. When no longer required, data is securely destroyed or de-identified using industry-standard methods.

13. Business continuity and disaster recovery

We maintain automated data backups and a cloud-based recovery plan to ensure continued service availability. Backup integrity is verified regularly, and critical systems are hosted in redundant environments.

14. Cookies & analytics

We use cookies and similar technologies to operate the Site, remember settings, analyse traffic, and improve performance. You can control cookies through your browser settings, though disabling them may affect certain features.

15. Direct marketing

We may send you marketing communications where permitted by law. You can opt out at any time using the unsubscribe link or by contacting us directly.

16. Access and correction

You can request access to the personal information we hold about you and ask for corrections if it is inaccurate, out of date, or incomplete. We will respond within a reasonable time.

17. Complaints

If you have a privacy or security concern, contact us first so we can resolve it. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) for guidance.

18. Third-party links

Our Site may contain links to third-party sites. We are not responsible for their privacy or security practices.

19. Changes to this policy

We may update this policy periodically. The updated version will be posted here with a new "Last updated" date.

Contact us

Pipelabs
Postal: T4, Level 2, 109 Hawke Street, West Melbourne 3003