Privacy Policy

Effective: 10 May 2026

Who we are

Validios is a vendor background check service operated as a sole trader in Sydney, NSW, Australia (ABN 13 121 057 709). In this policy, "we", "us" and "our" refer to Validios. You can reach us at hello@validios.com for any privacy-related question.

What information we collect

We deliberately keep the data we hold to a minimum. We collect:

• Vendor information you submit — the vendor's company name, website domain, and (optionally) ABN, plus the contextual questions you answer (data type, system access, certifications).
• Contact information for paying customers — your email address, used to deliver the report you purchased and, for subscribers, to manage your account.
• Standard web logs — IP address, browser user agent, request timestamps and basic error logs needed to operate and secure the service.
• Payment records — Stripe processes the payment and returns a transaction reference. We do not see or store full card details.

How we use your information

We use the information you submit to:

• Run the 12 background checks against publicly available data sources;
• Generate and deliver your paid report by email;
• Maintain, secure and improve the Validios service;
• Respond to your support, privacy or refund requests.

We do not sell your data, and we do not use it for advertising or profiling.

Public sources we query

To produce a report, we send the vendor name and/or domain you provide to a number of public information sources. These include:

• DFAT Consolidated Sanctions List (Australia)
• OFAC Specially Designated Nationals list (US Treasury)
• Australian Business Register / ABN Lookup
• HaveIBeenPwned (data-breach checks)
• NewsAPI (adverse-media checks)
• WhoisXML (domain registration data)
• SSL Labs (TLS configuration)
• crt.sh (certificate transparency)
• Wayback Machine (web history)
• ACCC public enforcement registers
• Public DNS and HTTP security-header checks

Each of these third parties has its own privacy policy and may log the queries we make. Please do not submit information through Validios that you would not want included in such queries.

Data retention

Our retention is short by design and depends on the product you use:

• Single-report customers ($19.99 AUD) — all assessment data, including vendor details and the generated report, is automatically deleted 24 hours after the report is generated. There is no ongoing customer account.
• Subscription customers ($250 AUD per month) — your assessment history is retained for the duration of your active subscription so you can revisit past reports. When you cancel, your account and all associated assessments are deleted within 30 days.

Your rights under the Privacy Act 1988

Australian privacy law gives you the right to:

• Ask what personal information we hold about you;
• Request correction of inaccurate information;
• Request deletion (the right to erasure) where we have no continuing reason to retain it;
• Make a complaint about how we handle your information.

How to exercise your rights

Email hello@validios.com describing your request. We will respond within 30 days. We may need to verify your identity before disclosing or changing data.

Cookies and analytics

We use minimal cookies that are necessary for the service to operate (for example, to maintain your session while a report is being generated). We may use Google Analytics to understand basic usage patterns such as page views and referral sources. We do not use advertising cookies or cross-site trackers.

Data security

All traffic to and from validios.com is encrypted in transit using HTTPS. Data we store is held in our managed database with encryption at rest. Automatic deletion is enforced by our backend on the schedule described above. We restrict internal access to data on a need-to-know basis.

Third-party processors

We rely on a small number of trusted providers to operate Validios:

• Stripe — payment processing
• Supabase — database and backend hosting
• Anthropic — AI-generated report summaries
• Resend — transactional email delivery
• Netlify — front-end web hosting

Each provider has its own privacy policy and applies its own security controls.

Cross-border transfers

Some of the providers above are based outside Australia, including in the United States. When your data is processed by these providers, we rely on their standard contractual safeguards and published privacy commitments. By using Validios you consent to this overseas processing for the purposes described in this policy.

Children

Validios is a business-to-business service. It is not directed at, and we do not knowingly collect information from, anyone under 18.

Changes to this policy

We may update this policy from time to time. The "Effective" date at the top of this page will always reflect the latest version. For material changes, subscribers will be notified by email.

Complaints

If you have a privacy concern, please contact us first at hello@validios.com so we can try to resolve it. If you remain unsatisfied, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

Contact

Validios · ABN 13 121 057 709 · Sydney, NSW, Australia · hello@validios.com