DekkoSecure Privacy Policy

Applies to: DekkoCore-AU (au.dekko.io), DekkoCore-CA (ca.dekko.io), DekkoCore-US (us.dekko.io), DekkoCore-CH (ch.dekko.io), and DekkoDEMS (fusion.dekko.io)

Entity: Securest Pty Ltd (ABN 31 166 558 676) trading as DekkoSecure (“DekkoSecure”, “we”, “us”, or “our”)

1. Purpose

This Privacy Policy explains how DekkoSecure collects, uses, stores, and protects personal information when you use our software services (the “Services”).

DekkoSecure is committed to maintaining your privacy and protecting all information processed through the Services in accordance with applicable privacy and data-protection laws, including the Privacy Act 1988 (Cth) and, where applicable, GDPR, PIPEDA, HIPAA, and equivalent frameworks.

DekkoSecure’s systems are designed around zero-knowledge end-to-end encryption. This means that your files, messages, and other content remain fully encrypted and accessible only to you and other authorised users.

2. Information We Collect

DekkoSecure collects only the minimum information required to operate, secure, and support the Services.

2.1. Information You Provide

  • Name and email address when creating an account or accepting an invitation.

  • Organisation details (if applicable) such as department, tenancy name, or domain.

  • Information contained in support requests or correspondence.

  • Optional profile or configuration data you choose to provide.

2.2. Automatically Collected Information

To maintain performance, security, and compliance, we collect limited technical and operational data:

  • Login activity, timestamps, and IP address (for audit and security logging).

  • Browser and device information (e.g., user-agent string, operating system).

  • Error reports, performance diagnostics, and usage telemetry for reliability monitoring.

  • System events such as uploads, downloads, and collaboration actions (event records only — not file contents).

2.3. Information We Do Not Collect

  • DekkoSecure does not access or store your decrypted files, chat messages, videos, or documents.

  • We do not collect biometric, financial, or sensitive personal data unless voluntarily supplied through authorised customer workflows.

  • We do not use tracking cookies, behavioural analytics, or third-party advertising identifiers.

3. How We Use Information

We process collected information only for purposes directly related to operating and improving the Services, including:

  • Account authentication and access control.

  • Service maintenance, performance optimisation, and reliability monitoring.

  • Security auditing, threat detection, and incident response.

  • User support and troubleshooting.

  • Legal compliance and enforcement of Terms of Service and Acceptable Use Policy.

4. Data Encryption and Storage

All customer content (files, messages and meetings) is protected by end-to-end encryption (E2EE).

This means that only authorised users within your organisation, or invited participants you explicitly share content with, can decrypt and view it.

In limited circumstances, users may choose to share content with DekkoSecure personnel — for example, to assist with technical troubleshooting or verify a workflow outcome. Such access occurs only when explicitly authorised by the customer or user, applies only to the specific content shared, and is governed by strict confidentiality, logging, and time-limited access controls.

Operational metadata, account information, and encrypted customer data (including files, messages, and stored collaboration content) are held within sovereign cloud environments located in the jurisdiction associated with each system instance:

  • DekkoCore-AU (au.dekko.io): Australia

  • DekkoCore-CA (ca.dekko.io): Canada

  • DekkoCore-US (us.dekko.io): United States

  • DekkoCore-CH (ch.dekko.io): Switzerland

  • DekkoDEMS (fusion.dekko.io): United States

Data is replicated within each jurisdiction for resilience and availability but is never transferred outside its originating region unless explicitly authorised by the customer or as required by law.

5. Data Access and Disclosure

DekkoSecure does not have access to your encrypted content and will never view, share, or sell personal information.

Limited access to system information may occur only in the following circumstances:

  • Authorised Support: When you request technical support, limited metadata or, where you explicitly share it, specific content may be accessed solely for diagnostic or troubleshooting purposes.

  • Legal Obligations: When required by law, subpoena, or regulatory order, and only to the minimum extent necessary to comply with that obligation.

  • Service Providers: Trusted infrastructure or security partners engaged by DekkoSecure (such as cloud and email service providers) who operate under strict confidentiality and data-processing agreements.

All such access is explicitly controlled, time-limited, logged, and subject to audit.

6. Data Retention

Account information is retained for as long as your organisation maintains an active tenancy.

Activity logs are retained for operational and compliance purposes in accordance with applicable laws and regulatory requirements in each jurisdiction where the Services operate.

When an account or tenancy is deleted, associated data is securely erased following DekkoSecure’s defined retention and destruction schedule.

Encrypted customer files are permanently deleted upon user or administrator removal — they cannot be recovered by DekkoSecure after deletion.

DekkoSecure may retain limited records or metadata for the period required to comply with legal, regulatory, or audit obligations in the relevant operational jurisdiction (for example, for financial reporting, security investigations, or statutory data-retention requirements). Such retained information is minimal, access-controlled, and automatically purged once the retention period expires.

7. Cookies and Tracking

DekkoSecure uses only essential session cookies required for authentication and security (for example, maintaining a logged-in session). We do not use advertising, cross-site, or behavioural tracking cookies.

8. Data Subject Rights

Depending on your jurisdiction, you may have rights to:

  • Access and correct your personal information;

  • Request deletion of your account or related data;

  • Request a copy of personal data held about you; and

  • Restrict or object to certain processing.

Requests can be submitted to privacy@dekkosecure.com.

We may verify your identity before fulfilling a request and may retain limited records where required by law.

9. Security and Compliance

DekkoSecure implements technical and organisational measures consistent with recognised frameworks such as:

  • Australian ISM (PROTECTED)

  • GO-ITS 25.21 (Ontario)

  • CJIS Security Policy

  • HIPAA Security Rule

  • GDPR (General Data Protection Regulation)

Controls include encryption, network isolation, audit logging, vulnerability management, malware scanning, and multi-factor authentication.

Access to operational systems is restricted to vetted personnel under least-privilege principles.

The cloud infrastructure services utilised by DekkoSecure also maintain their own independent security, privacy, and compliance certifications, including ISO 27001, SOC 2, and regional government accreditations. This provides additional assurance that the underlying hosting environments meet or exceed industry and jurisdictional security standards.

10. Children’s Privacy

DekkoSecure is an enterprise service and is not intended for individuals under the age of 18.

We do not knowingly collect personal information from minors. If such data is identified, it will be securely deleted.

11. International Transfers

DekkoSecure maintains data within the customer’s selected jurisdiction.

If cross-border transfer is ever required (for example, by a multinational customer), it will occur only with explicit authorisation and under appropriate safeguards consistent with GDPR, PIPEDA, and other applicable regulations.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in laws, technology, or our operations.

Updates will be posted at www.dekkosecure.com/privacy and will take effect upon publication.

Material changes will be communicated through in-app notifications or email where appropriate.

13. Contact Us

For privacy-related questions, complaints, or requests, please email: privacy@dekkosecure.com

14. Acknowledgement

By creating an account or using the Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and handling of information as described above.