Privacy Policy
Last updated: March 2026
Your privacy matters to us. Learn how we collect, use, and protect your information when you use our security intelligence platform.
Our Privacy Commitment
AuditROI is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also respect the rights of individuals under the GDPR, CCPA, and other applicable international privacy regulations. We treat your business information with the highest level of care and confidentiality.
No Data Selling
We never sell your personal or business information to third parties.
Encrypted & Secure
All data encrypted in transit (TLS 1.3) and at rest (AES-256).
Your Control
Access, correct, or delete your data at any time.
About Us
AuditROI is an enterprise security intelligence platform operated by:
Company Name
QuestFeed Pty Ltd
ABN
58 632 013 855
Entity Type
Australian Private Company
Location
Queensland, Australia
Information We Collect
Information You Provide
Account Information
Email address, name, company name, password
Domain Information
Domain names and URLs submitted for scanning
Payment Information
Billing details processed securely via Stripe
Communication
Messages, support requests, and feedback you send us
Automatically Collected During Scanning
Publicly Available Data
DNS records, SSL certificates, HTTP headers, open ports, and publicly accessible content of domains you submit
Technical Metadata
Technology stack, server configurations, security headers, and externally observable infrastructure
Vulnerability Data
Security findings, CVE matches, misconfigurations, and risk scores generated by our 266 scanners and 184 ML models
Usage Analytics
How you interact with the platform (pages visited, features used, scan frequency) to improve our service
Important: AuditROI performs external scanning only. We do not access your internal systems, networks, databases, or credentials. All data collected is publicly observable from the internet.
Google Sign-In & Google API Services
AuditROI offers "Sign in with Google" as a convenient authentication option. When you choose to sign in with your Google account, the following applies:
What Google User Data We Access
Email Address
Your Google account email address, used to create and identify your AuditROI account.
Display Name
Your Google profile name, used to personalise your AuditROI experience.
How We Use Google User Data
Create and authenticate your AuditROI user account
Display your name within the AuditROI platform
Send you service-related communications (scan results, security alerts, account notifications)
How We Store Google User Data
Your Google email address and display name are stored in our encrypted database (AES-256 at rest) on AWS infrastructure. This data is retained for the duration of your active account plus 2 years after account deletion, consistent with our general data retention policy.
How We Share Google User Data
We do not sell, share, or transfer your Google user data to any third party. Your Google account information is used solely for authentication and account identification within AuditROI. It is never used for advertising, analytics, or any purpose unrelated to providing the AuditROI service.
Scopes Requested: AuditROI only requests the email and profile scopes from Google. We do not request access to your Google Drive, Gmail, Calendar, Contacts, or any other Google services. AuditROI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
How We Use Your Information
Perform external security scans on domains you authorize
Generate vulnerability reports, risk scores, and remediation guidance
Cross-reference findings against 507M+ threat intelligence records
Deliver scan results, alerts, and monitoring notifications
Process payments and manage your subscription
Improve our ML models, scanning accuracy, and platform features
Provide customer support and respond to your inquiries
Comply with legal obligations and enforce our terms
Send service-related communications (scan completions, alerts, security advisories)
What We Do NOT Do
We will NEVER:
Sell your personal or business information to third parties
Share your scan results or vulnerability data with your competitors
Access your internal systems, networks, or databases
Use your information for advertising without your explicit consent
Disclose your security findings to unauthorized third parties
Store payment card details on our servers (handled by Stripe PCI-DSS Level 1)
Data Security
TLS 1.3 in transit, AES-256 at rest. All scan data and reports encrypted end-to-end.
Role-based access, MFA enforcement, and least-privilege principles for all internal access.
AWS and Cloudflare infrastructure with SOC 2 compliance. Isolated scan environments per tenant.
Documented incident response procedures. Mandatory breach notification within 72 hours per GDPR/NDB scheme.
Continuous security monitoring and intrusion detection on all platform infrastructure.
Periodic security assessments and penetration testing of our own infrastructure.
Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this policy:
| Information Type | Retention Period |
|---|---|
| Scan results & reports | Per subscription tier (30 days Free, 90 days Starter, 365 days Professional, 1,095 days Enterprise) |
| Account information | Duration of active account + 2 years after deletion |
| Payment records | 7 years (as required by Australian tax law) |
| Usage analytics | 26 months (aggregated and anonymized) |
| Support communications | 3 years from date of resolution |
| Legal & compliance records | 7 years (as required by law) |
You may request deletion of your data at any time. We will process deletion requests within 30 days, subject to legal retention requirements.
Your Rights
Under the Australian Privacy Principles and applicable international regulations (including GDPR and CCPA), you have the right to:
Access
Request a copy of personal information we hold about you
Correction
Request correction of inaccurate or outdated information
Deletion
Request deletion of your personal information ("right to be forgotten")
Data Portability
Receive your data in a structured, machine-readable format
Restrict Processing
Request limitation of how we process your data
Withdraw Consent
Withdraw consent for data processing at any time
How to Exercise Your Rights
To exercise any of these rights, contact us at:
hello@auditroi.comWe will respond within 30 days. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local data protection authority.
International Data Transfers
AuditROI operates from Australia with infrastructure across multiple regions. Your data may be processed in:
- - Australia (primary data storage)
- - United States (AWS infrastructure, Cloudflare CDN)
- - European Union (where required for EU data residency)
Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU data transfers and compliance with the Australian Privacy Act cross-border disclosure requirements (APP 8).
Third-Party Services
We use the following third-party services to operate our platform. Each has been selected for their security and privacy practices:
OAuth authentication ("Sign in with Google") — receives only email and profile name
Payment processing (PCI-DSS Level 1 certified)
Cloud infrastructure and data storage
CDN, DDoS protection, and edge computing
Privacy-friendly product analytics (self-hosted option available)
We do not share your scan results or vulnerability data with any third-party service. Third-party services only receive the minimum data necessary for their specific function.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email (for registered users) or by posting a prominent notice on our platform. Your continued use of AuditROI after changes constitutes acceptance of the updated policy.
Contact Our Privacy Team
For questions about this Privacy Policy or to exercise your privacy rights:
QuestFeed Pty Ltd
Document Version: 3.0 | Effective: March 2026