Privacy Policy

Last Updated: 09/12/2025

Vertex Pulse Pty Ltd (“Vertex Pulse”, “We”,“Us”) respects your privacy and handles Personal Information in compliance withthe Privacy Act 1988 (Cth), GDPR (where applicable), and relevant internationaldata

protection laws.Contact: privacy@vertexpulse.com
Address: Level 5, Nexus Building, 4 Columbia Court, Norwest NSW 2153

Information We Collect

Personal Information

We collect:

  • name
  • email address, phone number
  •   job title, department, role
  • site and organisation assignment
  • authentication data (SSO metadata, MFA status)
  • usage logs
  • training and compliance history
  • VP Hub communication metadata

Operational & Compliance Data

Includes but is not limited to:

  • Includes but is not limited to:
  • environmental compliance logs
  • tank gauge data
  • competitor fuel price data
  • forms, checklists, inspections
  • policies, permits, certificates
  • files uploaded via Vertex Studio

Automatic Data Collection

Includes:

  • IP address
  • browser/OS type
  • error logs
  • timestamped activity logs

How We Use Personal Information

We use data to:

  • operate and deliver Platform features
  • generate compliance and audit reports
  • power Vertex Advisor AI responses
  • provide support via Intercom or email
  • maintain audit logs and regulatory traceability
  • improve the Platform’s reliability and functionality
  • enforce security controls
  • send alerts and notifications (via VP Hub)

We do not sell Personal Information.

Vertex Advisor (AI Advisory Module)

AI queries may be processed to generate responses.
Retention of AI logs is configurable per customer.
Vertex Pulse does not use Customer Data to train external AI systems.

AI output is guidance only, not legally binding and not legal advice.

VP Hub Communications

VP Hub assigns dedicated communication channels to users and sites.
Metadata (timestamps, read-state, geolocation if enabled) may be logged.
VP Hub messages are retained for 7 years unless Customer specifies a different policy.

Legal Basis for Processing (GDPR)

Where GDPR applies, processing is based on:

  • performance of contract
  • legitimate interests (security, logs, support)
  • legal obligations (audit retention)
  • consent (cookies, optional analytics)

Data Sharing & Subprocessors

  • AWS (hosting provider)
  • Intercom (customer support/website chat)
  • ERP integration partners
  • tank gauge/SCADA connectivity partners
  • email/SMS vendors
  • analytics tools

All subprocessors are contractually bound to confidentiality and data protection
requirements.

International Transfers

Data is primarily stored in AWS Sydney (ap-southeast-2).
Enterprise customers may request hosting in another region or private cloud.
International transfers use Standard Contractual Clauses or equivalent safeguards.

Security

Security measures include:

  • encryption at rest & in transit
  • SSO/SAML support
  • role-based access control
  • audit trails
  • anomaly detection
  • multi-zone AWS redundancy
  • disaster recovery mechanisms

Customer is responsible for enforcing internal access controls and protecting credentials.

Data Retention

Unless a different Customer policy applies:

  • Compliance & regulatory records: 7 years
  • VP Hub messages: 7 years
  • AI logs: configurable per customer
  • Backups: retained only for disaster recovery

Your Rights

You may request:

  • access to your information
  • correction of inaccurate information
  • deletion (subject to legal restrictions)
  • restriction of processing
  • portability

Requests: privacy@vertexpulse.com

Children’s Privacy

Minimum age for Platform use is 16 years.

Updates to This Policy

This Privacy Policy may be updated periodically. Notice of material updates will be provided
via VP Hub or email.