Privacy Policy.

This Privacy Policy explains how Maxil Systems, including Pulse (“we”, “us”, “our”) collects, uses, discloses and protects personal information when we provide our services and when you use our websites, products and related services.

Effective date: 30 January 2026

Summary

  • We collect only what we need to deliver and improve our services.

  • We use trusted sub-processors with appropriate safeguards.

  • You can access, correct or delete your data and object to certain processing.

1. Who we are

Maxil Systems Pty Ltd is an Australia-based security and compliance consultancy. Our principal place of business is Sydney, Australia. For privacy queries, contact us at hello@maxilsystems.com.

2. Data we collect

Information you provide:

  • Contact details (name, email, phone, company, role).

  • Account, billing, and correspondence information.

Pulse Portal Data: Business identification details and compliance metadata (e.g., certification types, certificate numbers, and expiry dates) uploaded by you to the Pulse portal.

Project artefacts provided during consultancy engagements (e.g., policies, process maps, logs), which may contain personal information controlled by our clients.

Information we collect automatically:

  • Usage and device information (browser type, pages visited, time on page, approximate location derived from IP).

  • Diagnostics and telemetry from our websites and tools.

Sensitive information: We do not intentionally collect sensitive information (such as PHI under HIPAA) via the Pulse portal. We only host summary compliance metadata as provided by the user. For consultancy engagements, we will only collect sensitive information where required and agreed in writing.

3. How we use your data

  • To provide, operate, and improve our services, including the Pulse portal.

  • Facilitating Connections: To enable the sharing of compliance status information between buyers and sellers as intended by the Pulse portal’s functionality.

  • To communicate with you (support, updates, proposals, invoices).

  • To meet legal, regulatory, and audit obligations.

  • To maintain security (fraud prevention, incident response).

  • With your consent—for example, marketing communications you can opt out of at any time.

4. Legal bases

Where the EU/UK GDPR applies, we rely on the following legal bases: (a) performance of a contract; (b) legitimate interests (e.g., securing our services, improving user experience); (c) consent where required; and (d) compliance with legal obligations. In Australia, we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

5. Sharing & sub-processors

General Sharing: We may share personal information with trusted service providers who process data on our behalf (“sub-processors”) for hosting, email, analytics, and support. Pulse Interactions: By using the Pulse portal, you acknowledge that your business name and provided compliance metadata will be visible to other registered Users of the platform based on your account settings and interaction requests. We do not sell this data to third parties.

Our current list of sub-processors is maintained at /sub-processors. We will update that page when providers are added or changed.

6. International transfers

Your information may be processed in countries outside your own. For users in Australia, we aim to host Pulse data within Australian-based data centres where commercially viable. Where required, we implement appropriate safeguards—for example, Standard Contractual Clauses (SCCs) or equivalent mechanisms—and ensure providers commit to robust security controls.

7. Retention

We retain personal information only for as long as necessary to fulfil the purposes outlined in this Policy. For the Pulse portal, data is retained while your account is active. We apply role-based access and scheduled review/deletion for client consultancy artefacts.

8. Security

We use:

  • Logical access controls, MFA, and least-privilege permissions.

  • Encryption in transit and at rest where supported.

  • Secure development and change control practices.

  • Vendor risk management and confidentiality undertakings.

9. Your rights

Depending on your location, you may have rights to access, correct, update, or delete your personal information; object to or restrict certain processing; or lodge a complaint with a supervisory authority. Where we process client-provided data as a processor, please contact the relevant client (controller). For requests we control directly, email hello@maxilsystems.com.

10. Cookies

We use essential cookies to deliver core site functionality and may use optional analytics cookies to understand usage and improve performance.

11. Children’s data

Our services are not directed to children and we do not knowingly collect personal information from children.

12. How to contact us

Email: hello@maxilsystems.com Location: Sydney, Australia

13. Changes to this policy

We may update this Policy from time to time. Material changes will be noted on this page and, where appropriate, communicated to you.

For any questions regarding this policy, please contact us at hello@maxilsystems.com.