Home / Privacy

Privacy policy.

How ABR Labs Pty Ltd collects, uses, and protects personal information under the Privacy Act 1988 (Cth).

About this policy

Fydis is operated by ABR Labs Pty Ltd (ABN 36 693 095 911), a company registered in Western Australia. We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) contained in that Act.

This policy explains how we handle personal information collected through the Fydis platform, our website at fydis.io, and any related services. It applies to customers, their users, and anyone who contacts us directly.

What we collect

We may collect the following categories of personal information:

  • Identity and contact information. Name, work email address, job title, employer organisation.
  • Account credentials. Hashed passwords or SSO tokens. We do not store plaintext passwords.
  • Usage data. Pages visited, features used, queries submitted, timestamps, and session duration. This is used to operate and improve the service.
  • Technical information. IP address, browser type, and device identifiers, collected automatically when you access our services.
  • Communications. Emails, support tickets, and messages you send to us.

We collect personal information only by lawful and fair means. Where practicable, we collect it directly from the individual concerned.

How we use it

ABR Labs uses personal information to:

  • Provide, operate, and maintain the Fydis platform under your customer agreement.
  • Authenticate users and manage access controls.
  • Process payments and issue invoices.
  • Respond to support requests and communicate about service changes.
  • Meet legal and regulatory obligations, including under the Corporations Act 2001 (Cth) and applicable tax legislation.
  • Detect and investigate security incidents or misuse.

We do not use customer data to train machine learning models or to build advertising profiles.

Disclosure

We do not sell personal information. We may share it with:

  • Service providers. Infrastructure providers (AWS), payment processors, and software tools that support our operations. Each is bound by confidentiality obligations and processes data only on our instruction.
  • Legal obligations. Government agencies, regulators, or courts where disclosure is required by Australian law or a valid legal process.
  • Business transfers. If ABR Labs merges with or is acquired by another entity, personal information may be transferred as part of that transaction. We will notify affected individuals before any transfer occurs.

Personal information is not disclosed to overseas recipients except where a service provider operates infrastructure in a jurisdiction with equivalent data protections. Current infrastructure is hosted in AWS ap-southeast-2 (Sydney, Australia).

Storage and security

Customer data is stored on AWS in the ap-southeast-2 region (Sydney). Data at rest is encrypted using AES-256. Data in transit is protected by TLS 1.3. Access to production systems is restricted to authorised ABR Labs personnel and is logged.

We retain personal information for as long as your customer agreement is active and for a further period required to meet legal obligations (generally seven years for financial records under the Corporations Act). Usage logs are retained for 12 months. You may request earlier deletion subject to any legal hold obligations.

Access and correction

You have the right to request access to personal information we hold about you, and to ask us to correct information that is inaccurate, out of date, incomplete, or misleading (APP 12 and APP 13).

To make a request, email hello@abrlabs.io with the subject line "Privacy access request". We will respond within 30 days. In limited circumstances we may decline a request; if so, we will explain the reason in writing.

Complaints

If you believe we have handled your personal information in a way that does not comply with the APPs, please contact us first at hello@abrlabs.io. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Contact

Privacy enquiries: hello@abrlabs.io
ABR Labs Pty Ltd, Perth, Western Australia.