We collect only what we need to provide the service you have subscribed to, deliver your first PDF snapshot, and maintain your account. We do not sell your information, share it with advertisers, or pass it on to any third party for commercial purposes. Ever.
01Who We Are
Red Bridge Cyber is an automated website security and performance scanning service operated by QANT Pty Ltd (ACN 088 738 943; ABN 77 088 738 943), a company registered in Australia. The service is accessible at redbridgecyber.com.au and associated domains including our test-mail domain testthis.email, report.redbridgecyber.com.au, and redbridgecyber.com.au/improve.
Red Bridge Cyber provides automated continuous scanning, analysis, and findings delivery (as a live view in your account with weekly PDF snapshot exports) across the five categories that make up the platform: Email (deliverability and authentication), Speed (page performance), Domain (DNS and SSL certificate health), Visibility (a technical audit of how well your website is configured to be discovered by search engines and cited by AI tools — this is a configuration check, not a measurement of whether any specific search engine or AI product is actually citing your site), and Security (vulnerability indicators and security-header posture). Nothing on this platform constitutes professional security consulting, legal advice, or a guarantee of security outcomes.
For any privacy-related enquiries, contact us directly at privacy@redbridgecyber.com.au.
02What Information We Collect
We collect only the minimum information necessary to operate the platform, process your subscription, and deliver the live view and PDF snapshots in your account.
Account and Contact Information
Your name and email address, provided when you subscribe or create an account. Subscribers have a platform account at report.redbridgecyber.com.au where the live view and historical PDF snapshots are stored.
Domain Information
The domain name or names you submit for scanning. This is the core input for every scan we run. Subscribers may register multiple domains depending on their plan.
Payment Information
Transaction details associated with your purchase. We do not store payment card details. All payment processing is handled exclusively by Stripe, which operates under PCI-DSS compliance standards. Your card statement will show a charge from RED BRIDGE CYBER.
Test Email
As part of the Email category of the scan, we ask you to send a test email from your business email account to a unique address on our scanning infrastructure (testthis.email — a dedicated domain we operate exclusively for receiving these test emails). We capture and process the technical headers of that email — the routing and authentication metadata that is invisible in a normal email reader — for the sole purpose of analysing your email deliverability and authentication configuration.
To be specific about what is and is not captured: the email headers — the technical routing and authentication metadata — are analysed. The message body, subject line, and any attachment are discarded immediately and are not read, stored, or used for any purpose. Header data is used only to generate findings for your live view and PDF snapshots, and is not retained beyond what is required to produce and store those.
Scan and Live View Data
The technical findings generated by scanning your domain. Scan data is retained for the duration of your subscription to power the live view in your account and the historical PDF snapshot archive that tracks changes in your security and SEO posture over time.
Communications
Any messages you send us via email or through our support system, and any responses we provide.
03How We Use Your Information
Your information is used solely for the following purposes:
- To create and manage your account and subscription access
- To process your payment and maintain accurate transaction records
- To scan your nominated domain or domains and surface findings in your live view
- To generate PDF snapshots and make them available in your account for export
- To send communications directly related to your subscription — including first-snapshot and weekly-snapshot delivery notifications, billing reminders, and account-related notices
- To enable historical comparison in the live view by retaining prior scan results
- To respond to support requests and direct communications
- To maintain the security and integrity of the platform
- To comply with applicable Australian law
We do not use your information for advertising, automated profiling, or any purpose beyond the direct operation of this service.
04What We Do Not Do
We do not sell, rent, trade, or share your personal information with any third party for any commercial purpose. We do not use your data to target you with advertising on any platform. We do not pass your contact details to any other business, partner, or affiliate without your explicit consent.
05Sharing of Information
The only circumstances under which limited information may be shared with a third party are:
Your transaction details are processed by Stripe. Only information strictly necessary to complete your transaction is shared. Stripe's own privacy policy and PCI-DSS security standards apply.
The application and the PDF snapshot archive are hosted on Google Cloud Platform — Cloud Run for compute, Cloud Storage for files — both deployed to the Sydney (australia-southeast1) region. This sub-processor holds your account information and scan history.
Cloudflare provides DNS, content delivery, and DDoS protection for our domains. Traffic passes through Cloudflare's edge network; no account-identifying data is stored there.
Our contact form uses Cloudflare Turnstile to confirm submissions come from a real person rather than an automated bot. Turnstile assesses browser and interaction signals and returns a verification token submitted with your message; it does not ask you to identify yourself and is not used to track you across sites. Turnstile is governed by Cloudflare's privacy terms.
We measure aggregate traffic — which pages are visited and how visitors arrive — using our own first-party analytics, built and hosted entirely within QANT infrastructure in Sydney. No data is sent to Google, Meta, or any third-party analytics provider — there is zero third-party visibility into your visit. We store no advertising profile, set no tracking cookies (a short-lived in-browser session id only), and never record your full IP address (only an aggregate country derived at our edge).
The transactional and account emails we send you — including first-snapshot and weekly-snapshot delivery notifications, billing reminders, account notices, and replies to your enquiries — are delivered through Mailgun (operated by Sinch). Mailgun is used for delivery only — it does not store your messages as part of our records. Because Mailgun operates outside Australia, the email content transits overseas infrastructure while it is being delivered.
DataForSEO supplies upstream data feeds used by the Visibility category of the scan. Queries sent to DataForSEO are limited to the domain you have submitted; no account-identifying data is shared.
In the rare circumstance where we are required to disclose information under Australian law or a valid legal order, we will comply. Where lawfully permitted, we will notify you before any such disclosure.
Of the sub-processors above, your personally identifiable information is only ever held by Stripe (for payment) and Google (for account and scan-data hosting), and handled transiently by Mailgun while a transactional email is being delivered. The other sub-processors — Cloudflare, Cloudflare Turnstile, and DataForSEO — handle traffic, infrastructure, or domain-level queries that do not contain your account-identifying information. All sub-processors are engaged under appropriate data processing terms.
We will never share your personal information with advertisers, data brokers, or any other commercial third parties.
06Data Storage and Security
All customer data — including account information, domain scan data, live-view content, and PDF snapshot history — is stored on infrastructure located in Sydney, Australia, and stays in Australia at rest. The one exception is in transit: the transactional emails we send you (see Sharing, above) are delivered through Mailgun, which routes the message content through overseas infrastructure during delivery. We do not store your data outside Australia. International customers accessing the service from outside Australia: your account, live-view content, and PDF snapshot data is also stored in Sydney — there is no separate regional copy.
Access to your data is strictly limited to authorised personnel only.
While we take all reasonable technical and organisational precautions to protect your personal information, no digital platform can guarantee absolute security. We encourage all customers to maintain strong, unique passwords on their accounts. If you suspect any unauthorised access to your account, contact us immediately at privacy@redbridgecyber.com.au.
07Cookies and Tracking
Our platform uses minimal browser storage technologies solely for maintaining your session and delivering platform functionality. We do not use advertising cookies, retargeting pixels, or tracking tools that transmit your personal information to external parties for commercial purposes.
Specifically, we may use:
To maintain your logged-in state during your visit to report.redbridgecyber.com.au and deliver platform features correctly.
The redbridgecyber.com.au marketing site uses our own first-party analytics (see Sharing, above) — no third-party analytics provider is involved. It reports on aggregate traffic patterns only — page views, traffic sources, device categories — using a short-lived in-browser session id rather than a tracking cookie, and never stores or transmits your full IP address. No data is sent to any external analytics provider.
We do not run advertising tracking technology — including Meta Pixel or Google Ads remarketing tags — on any of our domains. Any advertising we conduct is managed through those platforms' own native reporting tools, not through tracking installed on our sites.
08Your Rights
Under the Australian Privacy Act 1988 and Australian Privacy Principles, you have the following rights regarding your personal information:
Request a copy of the personal information we hold about you.
Request corrections to any inaccurate or outdated information.
Request complete removal of your personal data from our systems.
Opt out of any marketing or non-transactional communications at any time.
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been breached.
Withdraw your consent for us to hold your information at any time.
To exercise any of these rights, email privacy@redbridgecyber.com.au with your request. We will respond promptly and without question. Data access and correction requests will be actioned within 30 days. Data deletion requests will be completed within 30 days, subject to any legal retention obligations described below.
09Data Retention
We retain your personal information only for as long as you remain an active customer, or as long as is reasonably necessary to provide your live-view and snapshot service and meet any outstanding obligations.
Transaction and billing records are retained for the period required under Australian taxation and financial record-keeping law — typically seven years — after which they are permanently deleted.
For subscription customers, your account data, domain registrations, and scan history are retained for the duration of your active subscription and for a reasonable period following cancellation to resolve any outstanding matters. Upon request, all personal data will be permanently removed within 30 days.
10International Customers
Red Bridge Cyber is an Australian business operating under Australian law. If you are located outside Australia and choose to use this service, you do so voluntarily and accept that your data will be stored and processed in Australia under Australian privacy law. We do not represent that our practices comply with the specific privacy laws of any other jurisdiction. If you have questions about whether this service is appropriate for use from your location, contact us before purchasing.
11Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our platform, services, or applicable law. Where changes are material, we will make reasonable efforts to notify active customers via email before the changes take effect.
The date of the most recent update is noted at the top of this page. Continued use of the platform following any update constitutes acceptance of the revised policy.