Privacy notice

How we handle your information.

Last updated: 17 June 2026

This notice covers qrom.com.au and the tools on it — including the free exposure check. It's written in plain English and aligns with the Australian Privacy Principles (APP).

Who we are

QROM is an Australian cybersecurity and secure-AI practice operated by QuietTango Pty Ltd, based in Sydney. For privacy queries: privacy@qrom.com.au.

The free exposure check

When you enter a domain on our exposure check, our backend looks up public records about that domain — DNS, the TLS certificate, the homepage response headers. We do not probe, scan, attempt to log in, or look at anything that isn't already public.

If you don't fill in the "Email me the report" form, we don't store any record of your check in our database. Amazon Web Services keeps short-lived operational logs of every request (the source IP, the path requested, and any errors) so the service can be monitored and abuse can be detected. Those logs are not used for outreach, are not shared with anyone, and roll off automatically within 30 days.

If you ask us to email the report

When you fill in the "Email me the full report" form, you're explicitly opting in to share your details with us. We collect:

• Your name
• Your work email address
• Your company name
• Your phone number, if you give it (optional)
• The domain you scanned and the scan result
• Your IP address and browser user-agent, captured automatically by the request

We use this information to:

• Send you the report once
• Follow up once to ask whether you'd like a security review
• Improve the tool by understanding what people are scanning and why

We will not add you to a marketing list. We will not sell, rent, or share your details with anyone outside QROM.

Where the data lives

The exposure check and the lead form run on Amazon Web Services in Sydney (ap-southeast-2). Your details are stored in an encrypted DynamoDB table in that region. Email is delivered via Amazon SES. We do not transfer your data offshore.

How long we keep it

• Operational logs (IP, domain): 30 days, then deleted.
• Lead records (name, email, company, phone, scan result): kept until you ask us to delete them.

Your rights

You can ask us to:

• Tell you what we hold about you
• Correct anything that's wrong
• Delete your record entirely

Email privacy@qrom.com.au and we'll action it within 14 days.

Cookies

This site does not set any cookies and does not run third-party analytics. The fonts loaded from fonts.googleapis.com are the only third-party resources, and they do not require a cookie.

Complaints

If you're unhappy with how we've handled your information, email privacy@qrom.com.au first — we'd like the chance to fix it. If you're still not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC).

Changes to this notice

If we change anything material, we'll update the "Last updated" date at the top and, where we have your email, we'll let you know before the change takes effect.