Independent IT oversightAdelaide · South Australia
Adeo — Independent IT Oversight
Privacy · Plain English Current version

Privacy Policy.

This policy explains, in plain English, what personal information Adeo collects, how it is used, and how it is kept safe. Adeo complies with the Australian Privacy Act 1988 and the thirteen Australian Privacy Principles (APPs).

What we collect

When you email us, we receive the name, email address, and any information you choose to include in your message. If you engage us for paid work, we also collect business details relevant to the engagement (organisation name, ABN, billing address) and the IT-configuration evidence required to deliver the engagement.

How we use it

Contact details are used to reply to your enquiry, confirm meetings, and send deliverables you have asked for. Engagement data is used only to deliver the work you have engaged us for. We do not use personal information for targeted advertising, profiling, or training third-party models.

How we store it

Email correspondence is stored in our Microsoft Exchange environment (data centres in Australia). Engagement data is stored in isolated, encrypted workspaces, one per client, accessible only to the Adeo practitioner delivering the engagement. Data is retained for the period required by Australian record-keeping obligations (generally seven years for financial records) and then destroyed.

Who sees it

Personal information is seen only by Adeo. We do not share, sell, or disclose personal information to third parties except where legally compelled (a court order, a regulator's formal request) or where you have given explicit written consent (for example, a co-delivery arrangement with a named partner).

Cookies and analytics

This website sets no cookies and runs no third-party marketing or behavioural trackers. The only visitor data we hold is aggregated server-log statistics — pages requested, rough geographic region, device type — with IP addresses anonymised. There is no JavaScript analytics product, no advertising pixel, and no profiling of visitors.

Fonts, stylesheets, and images are self-hosted on our own domain; no third-party networks are loaded by this website.

Sub-processors

We use a small set of service providers to run the firm. None of them process client engagement data.

  • Microsoft 365 — email, document storage, identity (data in Australian data centres)
  • Xero — accounting and invoicing (Australian data centres)

Overseas disclosure

No engagement data, client content, or correspondence is processed outside Australia. Email and document storage are held in Australian data centres.

Contacting us

The contact page opens your own email client with a subject line pre-filled for contact@adeo.au. Nothing you type is captured by this website; the email arrives in our Microsoft Exchange mailbox when you send it.

Your rights

You can ask us, at any time, what personal information we hold about you, and you can ask us to correct or delete it. Send requests to contact@adeo.au. We respond within ten business days.

Notifiable breaches

If a data breach occurs that is likely to result in serious harm, Adeo will notify affected individuals and the Office of the Australian Information Commissioner within the timeframes required by the Notifiable Data Breaches scheme.

Questions

Write to contact@adeo.au. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

Effective April 2026. Any material update will be notified to clients under active engagement.

Audit Appliance Data Handling

From May 2026, Adeo's evidence-collection methodology includes the temporary or permanent deployment of a hardened audit appliance on the Client's local network for the engagement duration. The appliance: (a) is sealed in transit and tamper-evident; (b) holds engagement-scoped credentials in an encrypted vault on a separate disk volume; (c) communicates only with Adeo's encrypted, access-controlled infrastructure located in Australia, isolated from Adeo's development environment, over an authenticated, ACL-restricted secure tunnel; (d) reads from, but does not write to, the Client's systems; (e) is decommissioned at engagement end via cryptographic erase, with a signed certificate of decommission issued to the Client.

Evidence packs collected by the appliance are synced to Adeo's infrastructure for retention against the relevant engagement record. Retention period: seven (7) years per Australian Taxation Office record-keeping requirements; Client right of erasure available on written request to contact@adeo.au, subject to overriding obligations.

Adeo does not use Client evidence to train any AI model. Adeo does not share Client evidence with third parties except where required by law. Adeo's use of third-party large-language-model APIs for evidence summarisation routes through Adeo's own infrastructure, under Adeo's API key — Client data is not sent under any other party's account, and the API provider is contractually prohibited from training on inputs.