Mustard Seed IT
  • Approach
  • Meet Sri
  • Process
  • Results
  • Client Voices
  • Common Questions
  • Thoughts
  • Book a Call

Legal

Privacy Policy

Effective date: 17 July 2026
Entity: Mustard Seed IT Pty Ltd (ABN 58 666 754 810)
Location: Kingston, Queensland, Australia
Privacy contact: [email protected]

This Privacy Policy explains how we handle personal information when you use our website (mustardseedit.com), the Mustard Seed IT Directory (directory.mustardseedit.net.au), and related software solutions (together, the Services).

We aim to be transparent in the spirit of the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We are a small business (turnover under $3 million) and may not be required to comply with the APPs in all circumstances; we still publish this policy as good practice. If anything here is unclear, email [email protected].

1. Who we are

Mustard Seed IT Pty Ltd provides technology advisory and digital products for small businesses and founders. Our marketing site and the Directory (including free and paid solutions such as Essential Business Plan, 365 Security Dashboard, Asset & Application Register, and Resources) are operated by us.

2. What this policy covers

  • Visiting or contacting us via mustardseedit.com
  • Creating or using a Directory account (individual or organisation)
  • Using solutions reached through the Directory (and their domains)
  • Marketing emails where you have opted in (for example via Resources)

This policy does not cover third-party websites we link to. Microsoft 365 tenant data you connect for 365 Security Dashboard remains subject to your organisation’s relationship with Microsoft as well as this policy for data we process in our systems.

3. Personal information we collect

3.1 Account and identity

  • Name and email address
  • Sign-in identifiers from our identity service (Authentik) and, if you use Microsoft sign-in, claims from Microsoft Entra ID
  • Account type (individual or organisation) and related registration details

3.2 Organisation details

  • Organisation name, email domain, optional ABN or similar identifiers
  • Membership and roles within an organisation

3.3 Billing and subscriptions

  • Subscription tiers, grants, purchases, and related commercial records
  • When online payments are enabled, payment is processed by our payment provider (planned: Stripe); we do not store full card numbers
  • Invoices and GST-related records as required for our business

3.4 Product content you create or connect

  • Essential Business Plan: plan section content you enter
  • Asset & Application Register: asset and application inventory data
  • 365 Security Dashboard: Microsoft 365 tenant security metadata obtained via Microsoft Graph with permissions you (or your organisation) grant in each tenant (for example security events, audit/sign-in related data, and managed device compliance information, as configured for the product)
  • Resources: library access events, lead profile fields you provide, and marketing consent status

3.5 Marketing

  • Email address and consent records when you opt in to marketing (for example Resources free library access)
  • We intend to route marketing sign-up through the Directory / Resources rather than multiple separate lists on the marketing site

3.6 Technical information

  • IP address, browser/device information, and server logs
  • Session and authentication cookies required to keep you signed in and secure the Services
  • We do not currently run third-party analytics trackers; if we add analytics later, we will update this page

4. How we collect information

  • Directly from you (forms, registration, product use, email)
  • From your sign-in provider (Authentik / Microsoft) when you authenticate
  • From Microsoft Graph when you configure a client tenant for 365 Security Dashboard
  • Automatically through logs and cookies when you use the Services

5. Why we use personal information

  • To provide, secure, and improve the Services
  • To create and manage accounts, organisations, and subscriptions
  • To process payments and issue invoices (including GST) when you purchase
  • To send service-related messages (security, account, billing)
  • To send marketing only where you have opted in, and to honour unsubscribe requests
  • To provide AI-assisted features in Essential Business Plan (see section 7)
  • To comply with law and protect our rights, users, and systems

6. Cookies and similar technologies

We use essential cookies and similar technologies for authentication, security, and session management (for example Directory and solution sign-in sessions). These are required for the Services to function. We do not currently use non-essential marketing cookies. If that changes, we will update this policy.

7. Artificial intelligence (Essential Business Plan)

Essential Business Plan may send plan section content you enter to our AI gateway and then to AI model providers (currently via OpenRouter) to generate coaching or drafting assistance. We do not intentionally attach separate identity fields (such as your account email) to those AI requests as part of the product design; however, free-text you type into a plan section may include personal or business information.

Please avoid entering unnecessary personal information into AI-assisted fields. AI providers may process data on servers outside Australia.

8. Disclosure to others

We may share personal information with:

  • Infrastructure we operate in Brisbane, Australia (application hosting and databases)
  • Microsoft — identity (if you sign in with Microsoft), email delivery via Microsoft 365, and Graph access for 365 Security Dashboard in tenants you connect
  • OpenRouter / underlying model providers — for EBP AI assist as described above
  • Stripe (when enabled) — payment processing
  • Professional advisers or authorities where required by law or to protect rights and safety

Backups of platform data are stored on systems we control (including backup storage on our own network). We do not sell personal information.

9. Overseas disclosure

Some processors (for example Microsoft services and AI model providers) may handle information outside Australia. By using the Services, you acknowledge that such overseas processing may occur. We take reasonable steps to use reputable providers and appropriate contractual or product controls where available.

10. Security

We use reasonable technical and organisational measures appropriate to a small software business, including access controls, encrypted transport (HTTPS), authentication via a dedicated identity service, and operational backups. No method of transmission or storage is completely secure.

11. Retention and deletion

  • We keep account and service data while your account remains open and as needed to provide the Services.
  • After account closure, we aim to delete personal information within 30 days, unless you ask us to retain specific records, or we must keep information longer for legal, tax, dispute, or security reasons.
  • Anonymised or aggregated data that is no longer personal information may be retained for analytics or product improvement.

12. Access, correction, and complaints

You may request access to or correction of personal information we hold about you, or raise a privacy concern, by emailing [email protected]. We will respond within a reasonable time.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au.

13. Children

The Services are directed to businesses and adults. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact us and we will take appropriate steps.

14. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top of this page will change when we do. Please check this page periodically. Continued use of the Services after an update means you accept the revised policy.

15. Contact

Mustard Seed IT Pty Ltd
Kingston, Queensland, Australia
[email protected]

See also our Terms of Use.

Mustard Seed IT

Fractional CTO and trusted advisor for Christ-centred founders and business leaders.

Navigate

  • Approach
  • Meet Sri
  • Process
  • Results
  • Client Voices
  • Thoughts

Connect

  • LinkedIn
  • RSS Feed
  • Privacy Policy
  • Terms of Service
© 2026 Mustard Seed IT Pty Ltd. All rights reserved. Built with purpose. Rooted in Christ.
Hikari
Hikari Online Offline
Hikari
Hikari is thinking…
Powered by Mustard Seed IT