CRS

Privacy Policy — Cloud Ready Solutions

Effective: 17 April 2026 Last updated: 17 April 2026

1. About this Policy

Cloud Recovery Solutions Pty Ltd ABN 68 166 375 766, trading as Cloud Ready Solutions ("CRS", "we", "us", "our"), is committed to protecting the privacy of individuals whose personal information we handle. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information, and how you can access or correct the information we hold about you.

This Policy is designed to meet our obligations under:

  • the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as amended by the Privacy and Other Legislation Amendment Act 2024;
  • the Privacy Act 2020 (New Zealand) and the thirteen Information Privacy Principles (IPPs) where we handle personal information of individuals in New Zealand; and
  • applicable privacy and confidentiality laws in Fiji, Papua New Guinea, and other Pacific jurisdictions in which our partners operate.

Where the laws of multiple jurisdictions apply to the same personal information, we apply the higher of the applicable standards.

2. Who this Policy applies to

This Policy applies to personal information we collect about:

  • visitors to www.cloudreadysolutions.com.au and its subdomains;
  • individuals who submit enquiries, subscribe to our newsletter, or otherwise contact us;
  • individuals who apply to become, or represent, a CRS channel partner;
  • authorised users of the CRS Partner Portal, Marketplace, Quote Builder, and associated tools;
  • end-user customers of our partners, to the extent their details are provided to us through deal registrations, quotes, or support requests; and
  • suppliers, vendors, contractors, and job applicants.

3. What personal information we collect

We collect personal information that is reasonably necessary for our business functions. The categories we collect include:

  • Contact details — name, email, phone number, postal address, job title, employer.
  • Partner application data — company name, business registration number (ABN, NZBN, TIN, IRC TIN, or other), company structure, year established, team size, specialisations, target markets and industries, existing vendor relationships, certifications, revenue band, and supporting documents (registration certificates, certifications) uploaded to us.
  • Account credentials — email, hashed passwords (we use bcrypt via our authentication provider; we never store passwords in readable form), LinkedIn OAuth identifiers and avatar URLs where you choose LinkedIn sign-in.
  • Commercial information — deal registrations, quotes requested or issued, purchase orders, payment history.
  • End-user details — where a partner provides the name, email, or company of their customer to us (for example, to register a deal or to receive a quote), we handle that information on behalf of the partner.
  • Website usage information — IP address, device and browser type, referring URL, pages visited, UTM parameters, timestamps, and interaction events. This information may be collected by cookies and similar technologies.
  • Communications — messages you send us via contact forms, email, chat, or phone.

Sensitive information

We do not intentionally collect "sensitive information" (as defined in the Privacy Act) in the ordinary course of business. Do not send us health, racial, religious, trade union, sexual orientation, or criminal record information in enquiries or applications. If you do, we will treat it in accordance with APP 3 requirements and delete it where it is not necessary.

Children

The CRS website is directed to business customers and is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently done so, please contact us at privacy@cloudreadysolutions.com.au and we will delete it.

4. How we collect personal information

We collect personal information:

  • directly from you — when you submit a form, apply to become a partner, create a portal account, send us an email, or speak with us;
  • from third parties — such as LinkedIn (if you sign in using LinkedIn OAuth), publicly available business registers (ABN Lookup, NZBN), and your employer (if a colleague nominates you);
  • automatically — from your device and browser when you visit our site, via cookies, analytics, and server logs; and
  • from our partners — when a partner submits a deal registration or quote request that includes an end user's contact details.

5. Why we collect, use, and disclose personal information

We collect, use, and disclose personal information to:

  • respond to enquiries and provide information about our vendors and services;
  • assess partner applications and onboard approved partners;
  • operate the Partner Portal, Marketplace, Quote Builder, and related tools;
  • process deal registrations and communicate with vendors about them;
  • prepare, deliver, and fulfil quotes and orders;
  • send service and transactional communications (account emails, quote notifications, order updates);
  • send marketing communications where you have opted in (see Section 9);
  • improve our website, products, and partner experience, including through aggregated analytics;
  • comply with legal, tax, anti-money-laundering, sanctions, and record-keeping obligations;
  • establish, exercise, or defend legal claims; and
  • in the event of a sale or restructure of CRS, disclose information to advisers and a prospective buyer on confidential terms.

We will not use or disclose personal information for a purpose materially different from the purpose for which it was collected unless you consent, the secondary purpose is directly related and reasonably expected, or disclosure is required or authorised by law.

6. Who we disclose personal information to

We disclose personal information only where necessary for the purposes in Section 5. Recipients may include:

  • Our vendors (the manufacturers and software publishers we distribute — StoneFly, QSAN, Keepit, Nakivo, StarWind, Proxmox, Gladinet, UFSConnect, RackCorp, Wasabi, Cibecs, Replify, and others) — when we register a deal or pass through a support or warranty request relating to the vendor's product on your behalf.
  • Service providers — including those listed in Section 7 (hosting, database, email, analytics, CRM, chat, AI).
  • Professional advisers — lawyers, accountants, auditors, and insurers.
  • Government and regulators — where required by law (for example, the Australian Taxation Office, OAIC, ACCC, the NZ Office of the Privacy Commissioner, Commerce Commission, or equivalents in other jurisdictions).
  • Law enforcement — in response to valid legal process, or where necessary to protect life, property, or our lawful rights.

We do not sell, rent, or trade personal information to third parties for their independent marketing purposes.

7. Third-party service providers and where they process data

The following service providers may process personal information on our behalf. We have selected each of them on the basis of the security and privacy protections they offer, and we have data processing agreements in place where they are available:

Provider Purpose Processing location
Supabase (supabase.com) Primary database and authentication Sydney, Australia (ap-southeast-2)
Vercel (vercel.com) Website hosting and serverless functions USA and global CDN edge
Resend (resend.com) Transactional email delivery USA
Zoho Corporation (zoho.com) CRM (Accounts, Contacts, Deals) USA, EU, or India depending on data centre
Google (Google Analytics 4, Google Tag Manager) Website analytics USA and global
Meta Platforms (Facebook Pixel) Advertising attribution USA and global
LinkedIn (linkedin.com) OAuth sign-in to Partner Portal USA and global
Anthropic (anthropic.com) AI processing for our "Ready" website chat assistant, Blog Creator, and Quote Builder features. Anthropic's commercial API terms state that inputs are not used to train models by default. USA

We review our list of service providers periodically and will update this Policy when we add or replace a material processor. A current sub-processor list can be requested by emailing privacy@cloudreadysolutions.com.au.

8. Cross-border disclosure

Our primary database is hosted in the Sydney region of Australia. However, some of the service providers listed in Section 7 process personal information outside Australia and New Zealand.

When we disclose personal information overseas:

  • In relation to Australian personal information (APP 8) — we take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles. This includes selecting reputable providers, reviewing their published privacy and security practices, and relying on their standard data processing addenda where available. Unless an exception applies, CRS remains accountable for the acts and practices of an overseas recipient that would breach the APPs.
  • In relation to New Zealand personal information (IPP 12) — we disclose personal information outside New Zealand only where the recipient is subject to privacy laws providing comparable safeguards to the New Zealand Privacy Act, is bound by the Privacy Commissioner's model contract clauses or equivalent protections, is in a country prescribed by Order in Council, or where the individual has authorised the disclosure after being informed that comparable safeguards may not apply.

By providing your personal information to us, you acknowledge that the recipients listed in Section 7 may receive and process it outside your country of residence.

9. Direct marketing

We may send you newsletters, vendor updates, event invitations, and other marketing communications where:

  • you have given consent (for example, by ticking a newsletter opt-in box);
  • you have provided your business contact details in a context where it would be reasonably expected that we might market related products or services to you; or
  • your business email address has been conspicuously published by you in a business capacity without a statement declining marketing (in which case we rely on inferred or deemed consent under the Spam Act 2003 (Cth) and the Unsolicited Electronic Messages Act 2007 (NZ)).

Every marketing message we send identifies us as the sender and provides a working unsubscribe mechanism. You may unsubscribe at any time by using the unsubscribe link in our emails or by emailing privacy@cloudreadysolutions.com.au. We will action unsubscribe requests within five business days.

10. Cookies and tracking technologies

We use cookies and similar technologies to operate the site, remember your preferences, secure your session, and measure the effectiveness of our content and marketing.

Essential cookies are necessary for authentication, CSRF protection, and session management. You cannot opt out of these without losing access to the Partner Portal.

Analytics and marketing cookies include Google Analytics 4, Google Tag Manager, and Meta (Facebook) Pixel. You may opt out of these via our cookie consent banner, your browser settings, or the opt-out mechanisms published by each provider (for example, tools.google.com/dlpage/gaoptout).

Chat session storage. Our "Ready" chat assistant uses your browser's sessionStorage to remember the current conversation for the duration of your visit. This is cleared automatically when you close the tab and is not a cookie. Chat messages are also stored server-side in our Sydney-hosted Supabase database so that our team can review conversations on request — see Section 13 for retention.

11. Data security

We take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification, and disclosure:

  • all data in transit is encrypted using TLS 1.2 or higher;
  • passwords are hashed using bcrypt and never stored in readable form;
  • role-based access and database row-level security restrict access to authorised personnel;
  • administrative access requires multi-factor authentication where the underlying system supports it; and
  • we review access logs and audit trails periodically.

No system is perfectly secure. If you believe your account or information has been compromised, please contact us immediately at privacy@cloudreadysolutions.com.au.

12. Data breach notification

If we experience an eligible data breach as defined by the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988 (Cth) — or a notifiable privacy breach under Part 6 of the Privacy Act 2020 (NZ) — we will:

  • assess the breach promptly (generally within 30 days of becoming aware);
  • notify the Office of the Australian Information Commissioner (OAIC) and/or the Office of the Privacy Commissioner (NZ) as applicable; and
  • notify affected individuals as soon as practicable, unless an exception in the legislation applies.

13. Retention

We retain personal information only for as long as necessary for the purposes for which it was collected, to comply with our legal obligations, and to protect or exercise our legal rights. Our indicative retention periods are:

Data class Retention period
Unsuccessful or abandoned partner applications 12 months after last activity
Contact enquiries without ongoing relationship 24 months from last contact
Partner accounts (active) Duration of partnership
Partner accounts (inactive, terminated) 7 years after termination, to meet tax and record-keeping obligations
Financial and transactional records 7 years (tax law)
Website analytics (aggregated) 14 months in Google Analytics standard retention
"Ready" chat transcripts (stored in Supabase, Sydney) 24 months from last message, then deleted
Backups and archives Up to 90 days rolling, then deleted

On request we may delete data earlier where legally permissible.

14. Your rights

Under the Australian Privacy Principles and the New Zealand Information Privacy Principles, you have the right to:

  • access the personal information we hold about you;
  • request correction of information that is inaccurate, out of date, incomplete, or misleading;
  • withdraw consent to marketing and ask us to stop contacting you;
  • in some circumstances, request that we delete or anonymise your personal information;
  • ask us to stop using your information where we are relying on your consent;
  • object to, or ask for human review of, any decision about you that is made solely by automated means and has significant effects (see Section 15); and
  • complain to us, and if not satisfied, to the relevant regulator (see Section 17).

To exercise these rights, email privacy@cloudreadysolutions.com.au. We may need to verify your identity. We will respond to most requests within 30 days.

15. Automated decision-making and AI

We use AI-assisted tools in three places:

  • "Ready" website chat assistant — the chat widget you may see on our public site and Partner Portal. Your messages, along with limited context (the page you are on, and for authenticated partners your name and company) are sent to Anthropic's Claude model via API so that Ready can respond. Transcripts are stored in our Sydney-hosted Supabase database (see Sections 7 and 13).
  • Blog Creator — an internal tool that drafts blog content for staff review before anything is published.
  • Quote Builder — an internal tool that helps staff extract line items from vendor-supplied quotes and draft partner quotes.

All three features send prompt content to Anthropic's Claude model via the Anthropic API. Anthropic's commercial API terms state that API inputs are not used to train models by default.

We do not use automated decision-making to approve or reject partner applications, grant or deny credit, or make other decisions that significantly affect you as an individual. A CRS staff member reviews and approves every partner application and every quote before it is issued. Ready provides information and routes requests but does not make binding commitments on our behalf.

If this position changes, we will update this Policy and, where required, seek your consent.

16. Children

See Section 3.

17. How to contact us and make a complaint

For questions about this Policy, to exercise any of your rights, or to make a complaint about how we have handled your personal information:

  • Email: privacy@cloudreadysolutions.com.au
  • Post: Privacy Officer, Cloud Recovery Solutions Pty Ltd (trading as Cloud Ready Solutions), Suite 707, 35-45 Spring St, Bondi Junction NSW 2022, Australia

We will acknowledge complaints within 5 business days and aim to provide a substantive response within 30 days.

If you are not satisfied with our response, you may lodge a complaint with:

  • Australia — the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au;
  • New Zealand — the Office of the Privacy Commissioner at www.privacy.org.nz;
  • Fiji, PNG, and other Pacific jurisdictions — the relevant regulator or Ombudsman in your jurisdiction.

18. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of this Policy shows when it was most recently changed. Material changes will be notified via the Partner Portal, by email to account holders, or by prominent notice on the website. Continued use of our services after the effective date of a change constitutes acceptance of the updated Policy.

Cloud Recovery Solutions Pty Ltd (trading as Cloud Ready Solutions) ABN 68 166 375 766 Suite 707, 35-45 Spring St, Bondi Junction NSW 2022, Australia Phone: 1800 752 706

Questions about this document? Email legal@cloudreadysolutions.com.au or call 1800 752 706.

Cloud Recovery Solutions Pty Ltd (ABN 68 166 375 766), trading as Cloud Ready Solutions. Suite 707, 35-45 Spring St, Bondi Junction NSW 2022, Australia.