Privacy Policy

Meshed Group Privacy Policy

Version: 1.1

Effective Date: 11 March 2026

Last Reviewed: 10 March 2026

This Privacy Policy explains how personal information is collected, used, disclosed, stored, and protected when you access or use the Meshed Group website and associated services (the Product).

The Product is owned and operated by Websutra Technology Pty Ltd (ACN 126 549 308) trading as Meshed Group ("Meshed Group", "we", "us", or "our").

We are committed to protecting personal information in accordance with:

  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles (APPs)
  • ISO/IEC 27001:2022 information security standards

This Privacy Policy applies only to the Product available at: https://www.meshedgroup.com.au

and does not apply to third-party websites or applications linked from the Product.

1. Key Definitions
  • Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
  • Product means the Meshed Group website, including all associated pages, content, and online services.
  • Client means an education provider, agent, or organisation using Meshed Group platforms.
  • End User means a student, agent, staff member, or other individual whose personal information is processed through the Product.
  • Data Controller means the entity that determines the purposes and means of processing personal information.
  • Data Processor means the entity that processes personal information on behalf of a Data Controller.
2. Roles and Responsibilities (Controller vs Processor)

The Product is a multi-tenant SaaS platform serving multiple Clients and their End Users.

2.1 Websutra Technology (Meshed Group)

  • Acts as a Data Controller for personal information collected directly through the Meshed Group website (e.g. enquiries, contact forms, marketing subscriptions).
  • Acts as a Data Processor for Client-controlled data stored or processed within Meshed platforms.

2.2 Clients

Clients are responsible for:

  • Determining the lawful basis for collecting End User personal information
  • Obtaining required consents
  • Managing data accuracy, retention, masking, and deletion
  • Complying with sector-specific and jurisdictional privacy laws

Meshed Group does not assume responsibility for a Client’s compliance obligations in relation to End User data. References to "Data Controller" and "Data Processor" are used for contractual clarity only and do not replace or override obligations under the Privacy Act 1988 (Cth), where Meshed Group and Clients act as APP entities in accordance with their respective roles.

3. Information We Collect

3.1 Information You Provide Directly

We may collect personal information when you:

  • Register for an account
  • Submit enquiries or forms
  • Request demonstrations or information
  • Communicate with us

This may include:

  • Name
  • Email address
  • Contact details
  • Organisation and role
  • User type

Meshed Group does not intentionally collect personal information directly from children and relies on Clients to manage student data lawfully.

3.2 Information Collected Automatically

When you use the Product, we may collect:

  • IP address
  • Browser type and device information
  • Usage logs and interaction data
  • Cookies and similar technologies

This information is collected to ensure system security, performance, and service improvement.

4. Cookies and Tracking Technologies

We use cookies to:

  • Enable core website functionality
  • Improve user experience
  • Analyse website usage

You may control cookies through your browser settings. Disabling cookies may affect Product functionality.

Third-party service providers may also use cookies in accordance with their own privacy policies. Meshed Group does not control third-party cookies.

5. How We Use Personal Information

We use personal information for purposes including:

  • Providing and operating the Product
  • Responding to enquiries and support requests
  • Managing user accounts
  • Improving services and security
  • Conducting analytics and service improvement
  • Sending product updates and lawful marketing communications

Marketing communications include opt-out mechanisms in accordance with Australian law.

6. Disclosure of Personal Information

We may disclose personal information:

  • To trusted third-party service providers (e.g. cloud hosting, security, payment processing, analytics)
  • To Clients and their authorised users, where relevant to service delivery
  • Where required or authorised by law
  • To protect our legal rights, safety, or property

We do not sell personal information.

All third-party service providers are contractually required to implement privacy and security controls consistent with this Policy.

7. Related Entities

We may share personal information with related entities or affiliates where necessary for business operations, provided they comply with equivalent privacy and security obligations.

8. Data Storage, Security & ISO/IEC 27001:2022 Alignment

Meshed Group implements a formal Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022, including controls relating to:

  • Access control and least-privilege access
  • Encryption of data at rest and in transit
  • Secure cloud infrastructure
  • Monitoring, logging, and audit trails
  • Staff security awareness and training
  • Incident response and breach management
  • Supplier and third-party risk management

Personal information is protected against misuse, loss, unauthorised access, modification, or disclosure.

While we take reasonable and appropriate security measures, no system can be guaranteed to be completely secure.

9. Data Hosting and Location

Unless otherwise agreed in writing with a Client, personal information is hosted on secure cloud infrastructure located in Australia.

Where data is processed offshore, appropriate safeguards are implemented to ensure compliance with applicable privacy laws.

10. Data Retention and Disposal

Personal information is retained only for as long as necessary to fulfil its purpose, comply with legal obligations, or meet Client contractual requirements.

Certain Client-controlled records may be required to be retained for statutory periods (commonly up to 7 years). Upon expiry of retention obligations, data is securely destroyed or de-identified.

11. Publicly Available Information

If you choose to publish personal information in publicly accessible areas of the Product (e.g. forums), you do so at your own discretion. Meshed Group is not responsible for subsequent use of such information.

12. Access, Correction and Requests

You may request access to or correction of your personal information by contacting us using the details below. We will respond in accordance with the Privacy Act.

13. Marketing Communications

You may opt out of marketing communications at any time by using unsubscribe links or contacting us directly. Transactional or service-related communications may still be sent where necessary.

14. Business Transfers

If Meshed Group undergoes a merger, restructure, or sale, personal information may be transferred as part of that transaction, subject to continued protection under this Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be published at: https://www.meshedgroup.com.au/privacy-policy/

Changes apply prospectively unless otherwise required by law.

16. Complaints and Dispute Resolution

We take privacy complaints seriously and aim to resolve them promptly.

  • Complaints reviewed within 7 days
  • Response provided within 30 days

If unresolved, complaints may be escalated to the Office of the Australian Information Commissioner (OAIC).

17. Contact Us

Websutra Technology Pty Ltd

PO Box 7310
Alexandria NSW 2015
Australia

Phone: 1300 695 985
Email: feedback@meshedgroup.com.au