Privacy Policy
Last updated: 16 July 2026
1. About this Privacy Policy
Phronessa provides software and related services that help organisations examine proposed organisational changes, identify assumptions and tensions, explore possible consequences, and support informed decision-making before implementation.
This Privacy Policy explains how Phronessa ("Phronessa", "we", "us" or "our") collects, holds, uses, discloses and protects personal information.
This Privacy Policy applies when you:
- visit our website at phronessa.com;
- contact us, join a waitlist or request a demonstration;
- create or use a Phronessa account;
- participate in a pilot, trial, research activity or customer interview;
- receive communications from us;
- provide services to, work with, or apply to work with Phronessa; or
- otherwise interact with Phronessa.
We aim to handle personal information consistently with the Privacy Act 1988 (Cth), the Australian Privacy Principles and other applicable privacy laws. Where the Privacy Act does not legally apply to a particular activity, we may still follow the principles in this policy as a matter of good practice.
2. Meaning of personal information
"Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or recorded in a material form.
"Sensitive information" includes certain information about an individual's health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, biometric information and other categories recognised by applicable law.
"Customer Data" means information, documents, records and other material submitted to the Phronessa platform by or on behalf of a customer. Customer Data may include personal information.
"De-identified information" means information that has been processed so that no individual is reasonably identifiable.
3. Our role when handling Customer Data
Where a customer uploads or provides information about its personnel, contractors, customers or other individuals, the customer generally determines why that information is collected and how it will be used.
In those circumstances:
- the customer is responsible for its relationship with the affected individuals;
- the customer must ensure that it has an appropriate legal basis, authority or consent to provide the information to Phronessa;
- Phronessa handles the information to provide the services and in accordance with the customer's documented instructions, our agreement with the customer and applicable law; and
- privacy requests relating to Customer Data may need to be directed to the relevant customer.
Phronessa may independently determine how it handles account details, billing information, website analytics, support records and information used to operate and secure its business.
4. Information we collect
Depending on how you interact with Phronessa, we may collect the following categories of information.
4.1 Identity and contact information
- your name;
- business email address;
- telephone number;
- organisation;
- job title;
- professional role;
- country or region; and
- communication preferences.
4.2 Account and authentication information
- username or account identifier;
- organisation and workspace membership;
- permissions and user role;
- authentication records;
- multi-factor authentication status;
- login dates and times; and
- account security information.
We do not ask users to provide their account password to Phronessa personnel.
4.3 Commercial and billing information
- subscription plan;
- billing contact details;
- transaction records;
- invoice information;
- payment status;
- purchase history; and
- contractual information.
Payments may be processed by a third-party payment provider. Phronessa does not ordinarily store complete payment card numbers.
4.4 Customer Data and organisational information
- proposed organisational changes, policies and initiatives;
- business processes and operating models;
- organisational structures;
- team responsibilities and dependencies;
- workforce capabilities and capacity information;
- change history;
- stakeholder concerns;
- project plans and risk registers;
- performance indicators;
- governance arrangements;
- integration and technology constraints;
- training requirements;
- complaints, incidents or operational records;
- scenario assumptions; and
- user instructions, prompts, documents and responses.
Customers should, wherever reasonably possible, use aggregated, anonymised or pseudonymised information instead of directly identifiable information.
4.5 Communications and support information
- emails and messages sent to us;
- meeting notes;
- support requests;
- call or demonstration records;
- survey responses;
- complaints;
- feedback; and
- information provided during onboarding, research interviews or customer success activities.
We will obtain appropriate notice or consent before recording a call or meeting where required.
4.6 Website, device and usage information
- IP address;
- browser type;
- device type;
- operating system;
- referring website;
- pages viewed;
- links selected;
- session dates and duration;
- approximate location derived from an IP address;
- diagnostic information;
- error and crash logs;
- security events; and
- interactions with platform features.
4.7 Marketing information
- marketing consent;
- event registration;
- content downloads;
- newsletter preferences;
- campaign interactions; and
- unsubscribe records.
4.8 Recruitment and supplier information
- employment history;
- qualifications;
- professional references;
- application materials;
- supplier contacts;
- insurance information;
- bank account details; and
- tax or business registration information.
5. Sensitive information and restricted data
Phronessa is not designed to require sensitive personal information for its standard organisational modelling services.
Unless Phronessa has expressly agreed otherwise in writing, customers and users must not upload:
- detailed health or medical information;
- biometric templates;
- genetic information;
- government identification numbers;
- passport or driver's licence copies;
- payment card data;
- personal banking credentials;
- criminal record information;
- information about an individual's sexual orientation or religious beliefs;
- highly sensitive employee case files;
- information subject to legal professional privilege; or
- classified, export-controlled or national-security information.
Where limited sensitive information is genuinely necessary for an agreed use case, we will seek to establish additional contractual, access, security and retention controls before it is collected.
6. How we collect information
We may collect information:
- directly from you;
- from the organisation that provides your account;
- from authorised users and administrators;
- through our website or platform;
- through forms, surveys, interviews and demonstrations;
- from service providers acting on our behalf;
- from publicly available professional or business sources;
- from referral partners, with appropriate authority;
- from cookies and similar technologies; and
- automatically through security, diagnostic and usage systems.
Where reasonable, we collect personal information directly from the relevant individual.
7. Why we use personal information
We may use personal information to:
- provide, configure and administer the Phronessa platform;
- create and manage accounts and workspaces;
- authenticate users and manage permissions;
- process customer inputs and generate requested scenarios, analyses and outputs;
- provide onboarding, support and customer success services;
- respond to enquiries and demonstration requests;
- communicate about service updates, incidents and security matters;
- process subscriptions, invoices and payments;
- maintain, troubleshoot and secure our systems;
- detect fraud, abuse, unauthorised access and policy violations;
- monitor service reliability and performance;
- understand how our website and services are used;
- improve usability, workflows and product functionality;
- conduct appropriately controlled testing and evaluation;
- obtain and respond to feedback;
- manage suppliers, advisers and business partners;
- comply with legal and regulatory obligations;
- establish, exercise or defend legal claims;
- manage corporate transactions;
- recruit personnel; and
- send marketing communications where permitted.
We will not use personal information for an unrelated purpose unless permitted by law, authorised by the individual or reasonably expected in the circumstances.
8. Artificial intelligence and automated processing
Phronessa may use artificial intelligence, statistical methods, rules-based systems, simulation methods and other computational techniques to process Customer Data and produce analyses.
These processes may:
- extract themes and relationships from information;
- identify possible assumptions, dependencies and tensions;
- generate hypothetical stakeholder responses;
- develop best-case, likely and worst-case scenarios;
- identify possible second-order or third-order consequences;
- compare scenarios;
- summarise information; and
- generate questions or areas requiring additional evidence or judgement.
Phronessa's outputs are decision-support materials. They are not determinations about an individual and should not be treated as objective facts, professional advice or guaranteed predictions.
Phronessa does not intend its standard service to make solely automated decisions that produce legal or similarly significant effects for individuals.
Customers must not use Phronessa as the sole basis for:
- hiring, dismissal, promotion, remuneration or disciplinary decisions;
- decisions about an individual's access to essential services;
- medical, legal, financial or safety-critical decisions;
- employee surveillance or behavioural scoring;
- discrimination or profiling based on protected attributes; or
- decisions that may materially affect an individual's rights or livelihood.
Meaningful review by appropriately qualified people must remain part of the customer's decision-making process.
9. Use of Customer Data for model training
Unless a customer expressly agrees otherwise in writing:
- Phronessa will not use identifiable Customer Data to train a general-purpose artificial intelligence model;
- Phronessa will not sell Customer Data;
- Phronessa will not permit an artificial intelligence service provider to use identifiable Customer Data to train its general-purpose models; and
- Customer Data will be used only to provide, secure, support and improve the services in ways permitted by the applicable customer agreement.
Phronessa may use de-identified and aggregated information to understand service performance, identify general usage patterns and improve the platform, provided that the information cannot reasonably be used to identify a customer, user or individual.
We may use feedback voluntarily provided to us to improve Phronessa, but we will not knowingly include confidential Customer Data in publicly available materials or general-purpose training datasets.
10. Disclosure of information
We may disclose information to:
- cloud hosting and data storage providers;
- artificial intelligence and software infrastructure providers;
- authentication, cybersecurity and fraud-prevention providers;
- analytics and monitoring providers;
- communication, customer support and scheduling providers;
- payment processors and accounting providers;
- professional advisers, including lawyers, accountants and insurers;
- contractors and personnel who require access to perform their duties;
- a customer's authorised administrators and users;
- potential investors, purchasers or transaction advisers under confidentiality obligations;
- law enforcement, regulators, courts or government bodies where required or permitted by law; and
- other parties with your direction or consent.
Service providers are permitted to access information only as reasonably necessary to provide their services to Phronessa and are expected to protect it under contractual or legal obligations.
We do not sell or rent personal information to data brokers or third-party advertisers.
11. Overseas storage and disclosure
Some of our service providers may process or store information outside Australia.
Depending on the systems used by Phronessa, overseas recipients may be located in countries including the United States, Canada, the United Kingdom, Singapore, Ireland or other European Economic Area countries.
Phronessa will maintain a current list of material subprocessors and the countries in which they process information, where practicable.
We take reasonable steps appropriate to the circumstances to assess service providers, apply contractual safeguards and protect information disclosed overseas.
Information processed in another country may be subject to the laws and lawful access requirements of that country.
12. Data security
We use reasonable administrative, technical and organisational safeguards appropriate to the nature of the information and the risks involved.
Depending on the maturity and configuration of the service, these controls may include:
- access controls based on role and operational need;
- multi-factor authentication;
- encryption in transit and, where supported, at rest;
- secure cloud infrastructure;
- logging and monitoring;
- vulnerability management;
- secure development practices;
- staff and contractor confidentiality obligations;
- incident response procedures;
- backups and recovery processes;
- service provider assessments; and
- periodic review of access permissions.
No internet transmission, software platform or storage system can be guaranteed to be completely secure. Users must also protect their devices, credentials and account access.
Users should notify us immediately at abooksellerinfishpond@gmail.com if they suspect unauthorised access or another security incident.
13. Data breaches
We maintain processes for identifying, assessing and responding to suspected data breaches.
Where a breach is likely to result in serious harm and notification is required by applicable law, we will notify affected individuals, customers and relevant regulators as required.
Where Customer Data is involved, we will also communicate with the relevant customer in accordance with our contractual obligations and incident response procedures.
14. Retention and deletion
We retain information only for as long as reasonably necessary for the purposes described in this policy, including to provide the services, comply with legal obligations, resolve disputes and enforce agreements.
Our retention periods depend on factors such as:
- the type and sensitivity of the information;
- the customer's subscription and instructions;
- contractual requirements;
- security and fraud-prevention requirements;
- applicable limitation periods; and
- legal, tax and accounting obligations.
Unless a different period is agreed:
- active Customer Data is retained while the applicable account or contract remains active;
- following account termination, Customer Data will ordinarily be deleted or de-identified within 90 days;
- residual copies may remain in secured backups until they are overwritten through the ordinary backup cycle;
- billing and contract records may be retained for legally required periods;
- security logs may be retained for a limited period; and
- de-identified information may be retained for service analysis and improvement.
Customers should export information they require before their account or subscription ends.
15. Access and correction
You may request access to personal information that we hold about you or ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading.
To make a request, contact abooksellerinfishpond@gmail.com.
We may need to verify your identity before responding. In some circumstances, access may be limited or refused where permitted by law. Where appropriate, we will explain the reason.
Where the information forms part of Customer Data controlled by one of our customers, we may refer your request to that customer or assist the customer in responding.
16. Deletion, restriction and objection requests
You may ask us to delete personal information or restrict or object to certain processing. These rights are subject to applicable law and may be limited where we need to retain information to:
- provide a contracted service;
- comply with law;
- protect security;
- establish or defend legal claims; or
- maintain necessary transaction records.
Individuals in jurisdictions that provide additional privacy rights may contact us to exercise those rights.
17. Marketing communications
We may send marketing communications where we have the required consent or are otherwise permitted to do so.
Marketing messages will identify Phronessa and provide a way to unsubscribe. You can also opt out by contacting abooksellerinfishpond@gmail.com.
We will action valid unsubscribe requests within the period required by law. Unsubscribing from marketing will not prevent us from sending necessary service, account, security or transaction-related communications.
We do not use sensitive information for direct marketing without appropriate consent.
18. Cookies and similar technologies
Our website and platform may use cookies, local storage, pixels and similar technologies.
These technologies may be used to:
- maintain sessions and account authentication;
- remember preferences;
- protect against fraud and abuse;
- understand website and product usage;
- diagnose performance issues;
- measure communications; and
- improve our services.
We classify cookies broadly as:
Essential cookies
These are necessary for security, account access, service delivery and core website functions.
Preference cookies
These remember choices such as language, region or interface preferences.
Analytics cookies
These help us understand how visitors and users interact with our website and services.
Marketing cookies
These may be used to measure campaigns or provide relevant communications. Where required, these will be used only with appropriate consent.
You may manage non-essential cookies through our cookie banner or browser settings. Disabling certain cookies may affect website or platform functionality.
Our cookie banner and cookie list should identify the actual technologies in use, their purposes, providers and approximate durations.
19. Third-party websites and services
Our website or platform may contain links to third-party websites, integrations or services.
Phronessa is not responsible for the privacy practices of third parties that operate independently from us. You should review their privacy notices before providing information to them.
20. Children
Phronessa is a business service and is not directed to children under 16.
We do not knowingly collect personal information directly from children through the standard service. Contact us if you believe that a child has provided personal information to Phronessa without appropriate authority.
21. Complaints
You may contact us if you have a privacy question, concern or complaint.
Please provide sufficient information for us to understand and investigate the matter. We will acknowledge and respond within a reasonable period.
If you are not satisfied with our response and the Privacy Act applies, you may be entitled to contact the Office of the Australian Information Commissioner.
22. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes to our services, technology, business practices or legal obligations.
The current version will be published on our website with its effective date. Where a change materially affects how we handle existing personal information, we will take reasonable steps to provide additional notice.
23. Contact us
Privacy Officer
Phronessa
Email: abooksellerinfishpond@gmail.com
Website: phronessa.com