Privacy Policy

Last updated: 2026-06-15

1. Who we are

This Privacy Policy describes how Exegete (operated by Andre Fabre, sole trader, ABN 81 554 376 814) collects, uses, and protects personal information when you visit https://exegete.com.au/ or purchase one of our services.

Contact for privacy enquiries: andre.fabre1@outlook.com

2. The personal information we collect

We collect personal information from you only when you actively provide it:

• When you make a purchase via Stripe: your name, email address, billing address, and payment method are collected by Stripe Inc. on our behalf. We receive your name and email address from Stripe to fulfil your order. We do not see or store your full payment card details.
• When you submit content for an audit (e.g. a settlement file or email correspondence for the Pre-Settlement Flash Audit): the content you upload, which may include personal information about your firm, your clients, or third parties.
• When you book a discovery call via Calendly: your name, email address, and any information you provide in the booking form.
• When you email us: the contents of your email and any attachments.

We do not use cookies, tracking pixels, analytics scripts, or any third-party tracking on https://exegete.com.au/. The site is served as static HTML from GitHub Pages.

3. How we use your information

We use your personal information only for the purpose for which you provided it:

• To deliver the service you purchased
• To respond to your enquiries
• To send you the deliverable for your purchase (PDF report, template, etc.)
• To meet our legal and tax obligations

We do not use your information for marketing or advertising. We do not sell, rent, or share your information with third parties for their marketing purposes.

4. How long we keep your information

• Stripe purchase records (name, email, billing address): held by Stripe per their retention policy. We retain copies in our records for 7 years to meet Australian tax record-keeping requirements.
• Content you submit for an audit (settlement files, email correspondence): held only as long as needed to deliver the audit, then deleted within 30 days of delivering the deliverable. We do not retain copies for training, marketing, or future use.
• Calendly booking records: held by Calendly per their retention policy. We retain meeting notes only as long as the engagement remains active or as required for our records.
• Email correspondence with you: retained in our email system per standard email retention.

5. Where your information is stored

• Stripe Inc. (United States) — payment processing and customer records. https://stripe.com/privacy
• Calendly LLC (United States) — booking and scheduling. https://calendly.com/privacy
• GitHub Inc. (United States) — website hosting (GitHub Pages). The site contains no user-submitted content; only pre-published pages. Privacy statement
• Microsoft (Outlook) — email correspondence. https://privacy.microsoft.com/
• Local devices under our control (Perth, Australia) — working copies during fulfilment, deleted per the retention schedule above.

By using our services, you consent to your information being transferred to and processed in these locations.

6. Your rights under the Australian Privacy Act

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Correct any personal information that is inaccurate, out of date, or incomplete
• Request deletion of your personal information (subject to our legal record-keeping obligations)
• Make a complaint about how we have handled your personal information

To exercise any of these rights, email andre.fabre1@outlook.com. We will respond within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au/

7. Security

We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification, or disclosure. These steps include:

• Using HTTPS for all website traffic
• Storing payment information only with Stripe (PCI-DSS Level 1 certified)
• Limiting access to working copies of audit content to authorised personnel only (currently the operator)
• Deleting audit content within 30 days of delivery
• Using strong passwords and multi-factor authentication on Stripe, Calendly, GitHub, and email accounts

Despite these measures, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security.

8. Notifiable Data Breaches

If we become aware of a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

9. Children's information

Our services are intended for use by Australian businesses and professional advisors. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact us and we will delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Material changes will be notified by email to existing customers.

11. Service disclaimer

DRMO services are operational support for security obligations. We do not provide legal advice, financial advice, or financial product advice. Information presented on our website and in our deliverables is for general informational purposes and should not be relied upon as a substitute for advice from a qualified professional. We do not guarantee the prevention of any fraud, breach, or compromise; our services are designed to reduce exposure and improve detection.

12. Contact

For questions about this Privacy Policy or our handling of your personal information:

Andre Fabre
Exegete
andre.fabre1@outlook.com
Perth, Western Australia, Australia
ABN: 81 554 376 814