Skip to main content
Contact Us

Privacy Policy

Last updated: 1 June 2026

1. Who we are

Mindset Cyber Pty Ltd (ABN 55 668 364 261) (Mindset Cyber, we, us, our) is an Australian training company. We deliver ISO 27001 and ISO 42001 Lead Auditor and Lead Implementer courses, free guides, and a small set of free resources.

This Privacy Policy explains what personal information we collect through mindsetcyber.com.au, what we do with it, who we share it with, and the choices you have. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Mindset Prep is our sub-brand. The Mindset Prep app and its public site at mindsetprep.com.au are operated by Mindset Cyber Pty Ltd under a separate Mindset Prep Privacy Policy which governs the in-app experience. This policy governs the Mindset Cyber website and the email communications we send.

2. Information we collect

The personal information we may collect about you includes:

  • Contact details: your name and email address (and any other details you choose to provide via the contact form).
  • Course purchase details: the course you bought, the date, the price paid, your billing country, and the email address you would like us to use for your PECB (myPECB) account where applicable.
  • Payment details: we do not see or store your card details. Payments are processed by Stripe (see Section 6).
  • Live training enrolment details: if you book a live online course, the session you have booked and any post-purchase enrolment information.
  • Communications with us: emails you send to info@mindsetcyber.com.au, contact form submissions, and our replies.
  • Website usage data: pages you visit, links you click, device and browser type, approximate location derived from your IP address, referring source, and the time you spent on each page. This is collected through analytics tools described in Sections 7 and 8.

We do not actively collect sensitive information (such as health information or government identifiers) and we ask you not to send it to us unsolicited.

3. How we collect personal information

We collect personal information in three ways:

  • Directly from you, when you purchase a course, fill in the contact form, book a live session, subscribe to a guide, or email us.
  • Automatically, through cookies and analytics scripts loaded on this website (Section 8 explains which ones and why).
  • From our service providers, such as Stripe (purchase confirmation), or PECB (enrolment confirmation).

4. How we use your information

We use the information we collect to:

  • Deliver the course or service you purchased, including assigning your PECB seat where relevant.
  • Respond to questions, support requests, and enquiries.
  • Send transactional emails (purchase confirmations, PECB account instructions, enrolment confirmations, refund correspondence).
  • Send a small number of related-product marketing emails, including our Mindset Prep practice-app referral (Section 5).
  • Understand how visitors use our website and improve our content (Sections 7 and 8).
  • Meet our legal, accounting, and tax obligations.
  • Detect, prevent, and respond to fraud or misuse.

5. Marketing communications and the Mindset Prep referral

If you purchase a PECB course from us, we may send you a small number of marketing emails about Mindset Prep, our adaptive exam-practice app. The current schedule is one email roughly two days after purchase, inviting you to start the standard Mindset Prep free trial. We rely on the “inferred consent” basis under the Spam Act 2003 (Cth) because Mindset Prep is operated by Mindset Cyber and is directly related to the course you have just bought.

Every marketing email we send identifies us as the sender and includes a one-click unsubscribe link. You can also opt out at any time by emailing info@mindsetcyber.com.au with the subject “Unsubscribe”. We honour unsubscribes within 5 business days.

If you click through and sign up for Mindset Prep, your account on Mindset Prep is then governed by the Mindset Prep Privacy Policy. The only personal information that transfers from Mindset Cyber to Mindset Prep when you sign up is the email address you choose to enter on the Mindset Prep sign-up page.

Transactional emails (purchase confirmations, PECB enrolment instructions, refund correspondence) are not marketing and do not include unsubscribe links, because they relate directly to a purchase you made.

6. Service providers and overseas disclosure

We rely on a small set of service providers to run the business. Each of them processes personal information on our behalf under their own privacy and security commitments. Several are located outside Australia, which means your personal information may be stored or processed overseas.

  • Stripe (United States, Australia): processes card payments at checkout and stores purchase records. We never receive or store your full card number. Stripe’s privacy notice is at stripe.com/privacy.
  • Microsoft (Outlook + Microsoft Teams, global): sends our transactional and marketing emails from info@mindsetcyber.com.au, and hosts our internal order notifications in Microsoft Teams.
  • Supabase (United States): hosts the database that stores your order and enrolment records.
  • n8n Cloud (Germany / European Union): runs the workflow automations that process Stripe webhooks, send transactional and marketing emails, and write to our database.
  • Cloudflare (global edge): hosts and delivers this website. Cloudflare may see your IP address and basic request metadata for content delivery and security.
  • Google (United States): provides Google Analytics 4 and Google Ads conversion tracking (Section 8).
  • Microsoft Clarity (global): provides session insights for the website (Section 7).
  • PECB (Luxembourg): issues exam vouchers and runs the official exam platform. When you purchase a PECB course we share the email address you nominate so PECB can assign your seat.
  • Mindset Prep (Australia): our sub-brand. Only the email address you choose to enter on the Mindset Prep sign-up page is transferred, and only if you choose to sign up.

We do not sell personal information, we do not share it with data brokers, and we do not run advertising profiles based on it.

7. Microsoft Clarity (session insights)

This website uses Microsoft Clarity (project ID wn2x7bf9oi) to understand how visitors use our pages. Clarity records anonymised session information including the pages you view, the elements you click, how far you scroll, and your mouse movements, so that we can spot confusing pages and improve our explanations.

Clarity masks form inputs by default. We do not enable any unmasking. Microsoft may receive your IP address and standard device information as part of this processing. Clarity does not run inside the Mindset Prep app.

You can read more about Clarity at Microsoft’s privacy statement. To opt out of Clarity specifically, you can use browser-level anti-tracking settings or block clarity.ms in your browser.

8. Cookies and other tracking

We use a small number of first-party and third-party cookies on this website:

  • Google Analytics 4 (measurement ID G-VRL9BWH9KZ): aggregated traffic measurement, with IP anonymisation enabled. Cross-domain linker is configured for our Stripe checkout subdomains so that a purchase is correctly attributed to the page that drove it.
  • Google Ads (account AW-17722950328): conversion tracking for ads we run. No retargeting or audience-building cookies are set.
  • Microsoft Clarity: see Section 7.
  • Session storage: we use temporary browser session storage to preserve your Google Analytics linker parameter across our checkout flow so attribution survives the redirect to Stripe.

We do not set advertising or remarketing cookies, and we do not run cross-site tracking pixels.

You can control cookies in your browser settings. Disabling cookies may affect how some pages display, but will not prevent you from purchasing a course.

9. Your rights

You have the right to:

  • Access the personal information we hold about you. Email us at info@mindsetcyber.com.au.
  • Correct any information that is inaccurate, out of date, or incomplete.
  • Opt out of marketing emails at any time via the unsubscribe link or by emailing us.
  • Request deletion of your data, subject to our legal and accounting obligations to retain certain records (for example, tax invoices must be kept for 5 years under Australian law).
  • Make a complaint (see Section 13).

10. Data retention

We keep your personal information only as long as we need it for the purposes described in this policy or as required by law. As a guide:

  • Purchase records (invoices, course assignment records): retained for at least 5 years to meet Australian tax obligations.
  • Marketing list: retained while you are an active subscriber. If you unsubscribe we suppress your email so we do not re-email you, which we keep on file indefinitely for that single purpose.
  • Analytics data: aggregated within the analytics tools listed in Section 8 according to their default retention windows (Google Analytics 14 months; Microsoft Clarity 1 to 13 months depending on event type).
  • Support correspondence: retained for as long as needed to resolve the issue and a reasonable period afterwards.

11. Security

We protect your personal information with practical technical and organisational measures, including encryption in transit (HTTPS / TLS), access controls on our database and email systems, and a small set of vetted service providers. No system is perfectly secure. If we ever become aware of a notifiable data breach, we will notify you and the Office of the Australian Information Commissioner in line with the Notifiable Data Breaches scheme.

12. Children

Our courses and website are intended for working professionals. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected information about a child, please contact us and we will delete it.

13. Complaints

If you have a privacy concern, please email info@mindsetcyber.com.au with the subject “Privacy complaint” and as much detail as possible. We will acknowledge within 5 business days and aim to resolve within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

14. Changes to this policy

We may update this policy from time to time. The current version, and the date it was last updated, will always be available at this URL. Material changes will be flagged at the top of the page.

15. Contact

Mindset Cyber Pty Ltd
ABN 55 668 364 261
Email: info@mindsetcyber.com.au