Privacy Policy

Last Updated: 31 March 2026

Comply Drive is a registered business in Australia by Viperfish Media Pty Ltd (ABN 60118090798). Viperfish Media is committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you visit our website, submit information through our contact form, or purchase products from us.

1. Information We Collect

Information You Provide

When you submit an enquiry through our contact form, we collect:

  • Name
  • Phone number
  • Email address
  • Enquiry message

When you purchase a product from our website, we additionally collect:

  • Billing name and address
  • Email address
  • Payment information (processed securely by our third-party payment provider — see Section 4)
  • Transaction and order details
  • Download and licence records

Information Collected Automatically

We collect non-personally identifiable information via cookies and similar technologies, including through the use of Google Analytics and Google reCAPTCHA, to help us monitor website usage and protect against spam and abuse. This may include your IP address, browser type, device information, pages visited, and referring URLs.

2. How We Use Your Information

The personal information you provide is used to:

  • Respond to your enquiries
  • Contact you about our services
  • Process and fulfil your purchases, including delivering downloadable products
  • Provide order confirmations, receipts, and purchase-related communications
  • Manage your account and order history
  • Provide product updates or important notices related to products you have purchased
  • Comply with our legal and regulatory obligations, including tax and consumer law requirements

We do not use your personal information for marketing purposes unless you have provided explicit consent, and you may withdraw that consent at any time.

2A. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data. The legal basis for each processing activity is as follows:

Processing activity Legal basis (GDPR Art. 6)
Processing your purchase and delivering the product Art. 6(1)(b) — performance of a contract
Responding to enquiries Art. 6(1)(b) — steps taken at your request prior to entering a contract; or Art. 6(1)(f) — our legitimate interest in responding to communications
Retaining transaction records for tax and legal compliance Art. 6(1)(c) — compliance with a legal obligation
Website analytics (Google Analytics) Art. 6(1)(a) — your consent (given via the cookie consent banner)
Fraud prevention and security (Google reCAPTCHA) Art. 6(1)(f) — our legitimate interest in protecting the website from spam and abuse

3. Disclosure of Your Information

We do not sell or rent your personal information to third parties.

We may share your personal information with the following categories of service providers who assist us in operating our website and fulfilling orders:

  • Payment processors — to securely process your transactions. We do not store your full credit card or payment details on our servers; these are handled directly by our payment provider.
  • Analytics providers — Google Analytics collects aggregated, non-personally identifiable usage data to help us improve our website.
  • Security providers — Google reCAPTCHA processes data to protect our forms from spam and abuse.

These service providers are bound by their own privacy policies and are only permitted to use your information for the purposes of providing their services to us.

We may also disclose your personal information where required or authorised by Australian law.

4. Payment Processing

All payment transactions are processed through Payhip Ltd. Your payment details are transmitted directly to the payment provider using industry-standard encryption (TLS/SSL) and are not stored on our servers.

Please refer to the payment provider's own privacy policy for information on how they handle your data:

https://payhip.com/privacy

5. Digital Product Delivery

When you purchase a downloadable product, we retain a record of your purchase, including your email address and transaction details, to facilitate product delivery, verify your access to downloads, and provide ongoing support.

Download links or access credentials are delivered to the email address you provide at the time of purchase.

6. Retention of Information

Enquiries: If you submit an enquiry but do not engage our services or purchase a product, your information will be deleted within 90 days of the enquiry being resolved.

Purchases: If you purchase a product, we retain your transaction records, contact information, and order history for as long as necessary to provide you with access to your purchased products and to comply with Australian tax and consumer law obligations (generally a minimum of five years for financial records).

Account deletion: You may request deletion of your personal information at any time, subject to our legal obligations to retain certain records.

7. Cookies

Our website uses cookies for the following purposes:

  • Analytics cookies (Google Analytics) — to collect aggregated data about website usage
  • Security cookies (Google reCAPTCHA) — to protect forms from automated spam
  • Essential cookies — to enable core website functionality, including shopping cart and checkout processes

We do not use cookies for advertising or tracking across third-party websites. You can manage or disable cookies through your browser settings, though this may affect website functionality.

8. Overseas Disclosure and International Transfers

Some of our service providers, including Google and our payment processor, may store or process data on servers located outside of Australia, including in the United States. In accordance with APP 8, we take reasonable steps to ensure that overseas recipients handle your personal information consistently with the APPs.

For EEA and UK users (GDPR): Where your personal data is transferred outside the EEA or UK — for example, to Google (United States) or to our payment processor — we rely on appropriate safeguards to protect your data. These safeguards include:

  • Standard Contractual Clauses (SCCs) — approved by the European Commission, incorporated into our agreements with Google and our payment processor where applicable
  • Adequacy decisions — where the European Commission has determined that a third country provides an adequate level of data protection

You may request a copy of the relevant transfer safeguards by contacting us using the details in Section 10.

9. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These measures include the use of SSL/TLS encryption for data in transit and secure storage practices for data at rest.

However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of any inaccurate or incomplete information
  • Request deletion of your personal information, subject to our legal retention obligations
  • Withdraw consent for any optional data processing, such as marketing communications

Additional rights for EEA and UK users (GDPR): If you are located in the EEA or UK, you also have the right to:

  • Data portability (Art. 20) — receive a copy of personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means
  • Right to object (Art. 21) — object at any time to processing of your personal data where we rely on legitimate interests as the legal basis; we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests
  • Right to restrict processing (Art. 18) — request that we restrict processing of your personal data in certain circumstances, for example while a correction request is being resolved

To exercise any of these rights, please contact us at:

Privacy Contact

Viperfish Media Pty Ltd

Email: complydrive@viperfish.com.au

We will respond to your request within 30 days.

11. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us using the contact details above. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

For EEA and UK users (GDPR): You have the right to lodge a complaint with the data protection supervisory authority in your country of residence. In the UK this is the Information Commissioner's Office (ico.org.uk). A list of EEA supervisory authorities is available at edpb.europa.eu.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page, and the "Last Updated" date at the top will be revised accordingly. We encourage you to review this page periodically.