flagged

Privacy Policy

Last updated: April 2026

Who we are

flagged (flagged.com.au) is an Australian cyber security assessment tool for small and medium businesses. We are committed to handling your information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What we collect

Assessment answers: Your responses to the assessment questions are stored locally in your browser only (localStorage). They are never sent to our servers unless you choose to provide your email address at completion.

Email address (optional): If you choose to enter your email at the end of the assessment, we collect your email address along with your assessment results (score, risk level, flagged items, and answers). This is used to send you a copy of your results and to improve the tool.

Analytics: We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies and does not collect personal data. No IP addresses or personal identifiers are tracked.

How we use your information

  • To send you a summary of your assessment results (if you provided your email)
  • To understand aggregate usage patterns and improve the tool
  • We do not sell, rent, or share your personal information with third parties for marketing purposes

Where your data is stored

If you provide your email, your results are stored in Airtable (airtable.com), a US-based service. By providing your email you consent to this transfer. Airtable maintains appropriate security measures and complies with applicable data protection requirements.

Your rights

You have the right to access, correct, or request deletion of any personal information we hold about you. To exercise these rights, contact us at privacy@flagged.com.au.

Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Assessment answers that remain in your browser are never transmitted unless you opt in.

Disclaimer

The flagged assessment is provided for informational purposes only. It does not constitute insurance, legal, financial, or professional cyber security advice. Results reflect your self-reported answers and should not be relied upon as a definitive assessment of your security posture or compliance status.

Contact

Questions about this policy? privacy@flagged.com.au