ORCA Opti

Legal

Privacy Policy

How ORCA Opti Software Ltd collects, uses, stores and protects your personal information.

Last updated: 27 May 2026

1. Who we are

In this Privacy Policy, "ORCA Opti", "we", "us" and "our" mean ORCA Opti Software Ltd, an Australian company with its principal place of business in Queensland, Australia. We operate the ORCA Opti marketing websites and the ORCA Opti governance, risk and compliance platform.

This policy explains what personal information we collect, how we use it, who we share it with, how we keep it safe, and the choices and rights you have. It applies to visitors to our websites, prospects, customers, users of our platform, investors, resellers, suppliers and job applicants.

2. The laws we follow

ORCA Opti complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we collect information from people in other jurisdictions, we also work to the relevant local standard, including the GDPR, the UK GDPR, India's DPDPA 2023, Mexico's LFPDPPP and applicable United States state privacy laws. We aim to apply the strictest reasonable standard globally rather than vary the protection by country.

3. The information we collect

We only collect personal information that we reasonably need for one or more of our business functions. The types of information we collect include:

  • Contact details you give us through forms, emails or events, such as your name, business email, phone number, company name, role and country.
  • Account and product data from your use of the ORCA Opti platform, including sign-in identifiers, role assignments, organisation membership, settings, audit logs and content you choose to upload or generate inside the product.
  • Commercial information such as proposals, quotes, contracts, invoices and payment records connected with our sales, reseller and partner relationships.
  • Marketing engagement data such as the pages you view, the emails you open, the events you register for and the resources you download, where you have consented to this being collected.
  • Technical and device data such as IP address, browser type, operating system, referring page and approximate location, collected through cookies and similar technologies. How and when this happens is set out in our Cookie Policy.
  • Recruitment information if you apply to work with us, including your CV, cover letter, references and right-to-work status.

We do not knowingly collect sensitive information (for example, health, racial or political information) through our marketing websites. Where sensitive information is needed inside the platform for a customer use case, we collect and handle it under the APPs and the relevant customer agreement.

4. How we collect it

We collect personal information directly from you wherever practical, for example when you fill in a form, request a demonstration, sign up for the platform, contact us, attend an event or apply for a role. We also collect information automatically through cookies and analytics tools, and we may receive information from third parties such as resellers, partners, referral sources and publicly available business directories.

5. How we use it

We use personal information to:

  • provide, operate, secure and improve our websites and platform;
  • respond to enquiries, demonstrations, support requests and complaints;
  • onboard, bill and support customers, resellers and partners;
  • send service communications such as security notices and product updates;
  • send marketing communications about ORCA Opti where you have consented or where we are otherwise permitted to do so, with an unsubscribe option in every commercial message;
  • understand site usage in aggregate so we can improve the experience;
  • meet our legal, regulatory, audit and contractual obligations, including record-keeping requirements;
  • protect our rights, our customers and our staff from misuse or fraud.

6. The lawful basis for processing

Under the Australian Privacy Principles we rely on collection notices and consent. For visitors covered by the GDPR or similar regimes, our lawful bases are typically the performance of a contract with you, our legitimate interests in running and growing the business in a measured way, your consent (for marketing cookies and direct marketing) and compliance with legal obligations. You can withdraw consent at any time without affecting earlier processing.

7. Who we share it with

We do not sell personal information. We share it only with parties that help us run the business, and only to the extent each party needs:

  • Cloud and platform providers who host our product and websites (including Microsoft Azure for the platform).
  • Customer relationship and marketing tools such as HubSpot, which we use to manage prospect and customer communications.
  • Analytics and tag management tools such as Google Analytics 4 and Google Tag Manager, governed by your cookie choices.
  • Resellers and channel partners where you have engaged with us through them, or where they have referred you with consent.
  • Professional advisers such as accountants, lawyers and auditors, under confidentiality.
  • Regulators and law enforcement where we are legally required to disclose information.
  • A successor entity in the event of a sale, merger or restructure of the business, subject to equivalent privacy protections.

8. Where your information is stored

The ORCA Opti platform is engineered to keep customer tenant data in Australia by default. Some of the operational tools we use to run the business (for example, our CRM, analytics and advertising platforms) are operated by providers that may store or process limited personal information overseas, including in the United States and the European Union. Where we transfer personal information outside Australia, we take reasonable steps to ensure the recipient handles it in a way that is consistent with the Australian Privacy Principles.

9. How long we keep it

We keep personal information only for as long as we need it for the purpose we collected it, or for as long as we are required to keep it by law. When we no longer need it, we either delete it or de-identify it.

10. Security

We use a combination of organisational, technical and physical controls to protect personal information against loss, misuse, unauthorised access, modification and disclosure. These include role-based access, encryption in transit and at rest where appropriate, multi-factor authentication for staff accessing sensitive systems, audit logging, and regular security reviews. No method of transmission over the internet is perfectly secure, so we cannot guarantee absolute security, but we work continuously to reduce risk.

11. Your rights and choices

You have the right to:

  • ask us what personal information we hold about you;
  • ask us to correct information that is inaccurate, incomplete or out of date;
  • ask us to delete information we no longer have a lawful reason to keep;
  • opt out of direct marketing at any time, including through the unsubscribe link in any commercial email;
  • change your cookie choices at any time using the "Cookie Preferences" link in the footer of every page;
  • make a privacy complaint to us, and have us investigate and respond.

To exercise any of these rights, please reach us through our contact page. We will respond within a reasonable period, usually within 30 days. If you are not satisfied with how we have handled your information or your complaint, you can contact the Office of the Australian Information Commissioner at www.oaic.gov.au.

12. Children

Our websites and platform are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us so that we can take appropriate steps.

13. Cookies and tracking

We use cookies and similar technologies on our websites. Full details, including the categories of cookies we use and how you can control them, are set out in our Cookie Policy.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, in technology, or in the law. The "last updated" date at the top of the page shows when the current version came into effect. We will tell you about material changes through the website or, where appropriate, by direct notice.

15. Governing law and jurisdiction

This Privacy Policy is governed by the laws of Queensland, Australia, and the Commonwealth of Australia where applicable. You and ORCA Opti Software Ltd submit to the exclusive jurisdiction of the courts of Queensland in connection with any matter arising from or relating to this policy.

16. How to contact us

If you have any questions about this Privacy Policy, would like to exercise a right under it, or want to make a complaint, please get in touch through our contact page.