Sequb
Legal Document

Privacy Policy

Last Updated: August 20, 2025

Barranjoey Capital Pty Limited ABN 85 630 955 387 trading as SEQUB.COM is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our post-quantum cryptography scanning platform.

Introduction

Barranjoey Capital Pty Limited ABN 85 630 955 387 trading as SEQUB.COM ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our post-quantum cryptography scanning platform, including our website, web application, CLI tools, and related services (collectively, the "Services").

Information We Collect

How We Use Your Information

Primary Purposes

Service Delivery

Provide cryptographic scanning, generate reports, maintain user accounts

Security Analysis

Perform post-quantum cryptography assessments, identify vulnerabilities

Platform Improvement

Enhance scanning algorithms, improve user experience, develop new features

Customer Support

Respond to inquiries, provide technical assistance, resolve issues

Communication

Service Notifications

Scan completion alerts, security findings, system updates

Account Management

Password resets, billing notifications, subscription changes

Marketing Communications

Product updates, feature announcements (with your consent)

Security Alerts

Urgent security notifications, breach notifications if required

Legal and Compliance

  • Legal Obligations: Comply with applicable laws, respond to legal requests
  • Terms Enforcement: Enforce our Terms of Service, prevent fraud and abuse
  • Business Operations: Internal analytics, business planning, regulatory compliance

Information Sharing and Disclosure

We Share Information With:

Service Providers

We work with trusted third-party service providers to deliver our Services:

Cloud Infrastructure

Cloudflare (CDN, security, and performance services)

Payment Processing

Stripe (subscription billing, payment processing, and financial transactions)

Business Operations

Google Workspace (email, document collaboration, and internal communications)

Analytics & Support

Privacy-focused analytics providers and customer service platforms

These providers are contractually bound to protect your information and use it only for the specific services they provide to us.

We Do NOT Share:

  • • Your source code with unauthorized parties
  • • Detailed scan results outside your organization
  • • Personal information for marketing by third parties
  • • Sensitive cryptographic findings publicly

Legal Requirements

  • • When required by law, regulation, or court order
  • • To protect our rights, property, or safety
  • • To prevent fraud, security threats, or illegal activity
  • • In connection with business transactions (mergers, acquisitions)

Data Security and Protection

Security Measures

Encryption

Data encrypted in transit (TLS 1.3) and at rest (AES-256)

Access Controls

Multi-factor authentication, role-based permissions, principle of least privilege

Infrastructure Security

SOC 2 Type II compliant cloud providers, regular security audits

Monitoring

24/7 security monitoring, intrusion detection, automated threat response

Code Processing Security

Temporary Processing

Source code analyzed in secure, ephemeral environments

Memory Management

Code cleared from memory immediately after analysis

Isolated Scanning

Each scan runs in isolated containers with no cross-contamination

Result Security

Scan results encrypted and accessible only to authorized team members

Incident Response

1

Containment

Immediate containment of any security incidents

2

Notification

Prompt notification of affected users within 72 hours

3

Investigation

Forensic investigation and remediation

4

Improvement

Continuous improvement of security measures

Data Retention and Deletion

Retention Periods

Account Data

Retained while your account is active and for 3 years after closure

Scan Results

Retained for 2 years or as specified in your subscription plan

Usage Logs

Retained for 1 year for security and debugging purposes

Source Code

Never permanently stored; processed temporarily and immediately discarded

Data Deletion

Account Deletion

Complete account and associated data deletion within 30 days of request

Selective Deletion

Individual scan results can be deleted through your dashboard

Legal Holds

Data subject to legal obligations may be retained as required by law

Backup Recovery

Data in secure backups automatically purged according to retention schedules

Your Privacy Rights

Access and Control

You have full control over your personal data and account settings.

Account Access

View and update your profile information anytime

Data Portability

Export your scan results and account data in standard formats

Scan Management

Delete individual scans, modify scan configurations

Communication Preferences

Opt-out of non-essential emails and notifications

Regional Rights

Exercising Your Rights

To exercise any of these rights, contact us at ask@sequb.com or through your account settings. We will respond within 30 days and may request verification of your identity.

International Data Transfers

Cross-Border Processing

As an Australian company using global service providers, your information may be transferred to and processed in various countries.

Australia

Primary data controller and business operations

United States

Cloudflare (CDN/security), Stripe (payment processing)

European Union

Cloudflare edge locations, Google Workspace services

Other Jurisdictions

Service provider edge locations for performance optimization

Legal Safeguards

Standard Contractual Clauses (SCCs)

For EU data transfers where required

Adequacy Decisions

Transfers leverage adequacy decisions where available

Service Provider Agreements

All providers bound by strict data protection clauses

Security Standards

Consistent security measures maintained across all jurisdictions

Third-Party Services and Integrations

Connected Services

When you integrate Sequb with third-party services (GitHub, GitLab, CI/CD tools), those services may collect information according to their own privacy policies. We recommend reviewing their privacy practices.

Analytics and Monitoring

We use privacy-focused analytics tools to improve our service. These tools are configured to minimize data collection and respect your privacy preferences.

Children's Privacy

Our Services are not designed for or directed at individuals under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it immediately.

Changes to This Privacy Policy

Updates

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. We will notify you of material changes by:

  • • Email notification to your account email address
  • • Prominent notice on our website and dashboard
  • • In-app notifications for significant changes

Effective Date

Changes become effective 30 days after notification, giving you time to review and opt-out if desired.

Contact Information

Privacy Team

For privacy-related questions, concerns, or requests

Address

Barranjoey Capital Pty Limited
Suite 20, 47 Abbeywood St
Taigum QLD 4018
Australia

ABN

85 630 955 387

Data Protection Officer

For EU inquiries

Address

As above (Australian entity servicing global customers)

General Support

For general questions about our Services

Documentation

docs.sequb.com