Privacy policy

How we protect your information

ProfitPulse Pty Ltd manages personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. This policy sets out, in plain terms, what we collect, why we collect it, how we hold it, who we share it with, how long we keep it, and the rights you have in respect of it.

Document version 2.0 · Last reviewed 20 May 2026 · Entity ProfitPulse Pty Ltd · ABN 27 660 294 710

Contents

Section 01

Scope and application

ProfitPulse Pty Ltd (ABN 27 660 294 710) operates under the registered domain Profit-Pulse.com.au and provides financial analysis, business consulting suggestions, and, where separately engaged, implementation support. In this policy, the terms ProfitPulse, we, us and our refer to ProfitPulse Pty Ltd.

This policy explains how ProfitPulse handles personal information that it collects, holds, uses and discloses in the conduct of its business. It applies to all visitors to Profit-Pulse.com.au, all prospective clients, all current and former clients, all individuals whose personal information we receive from a client in the course of an engagement, and all other individuals whose personal information comes into our possession.

ProfitPulse manages personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles set out in Schedule 1 to that Act (APPs). To the extent that any part of this policy is inconsistent with the Privacy Act or the APPs, the Privacy Act and the APPs prevail.

Section 02

Key terms used in this policy

Personal information. Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in a material form or not, as defined in section 6(1) of the Privacy Act.

Sensitive information. A subset of personal information that includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, professional or trade memberships, sexual orientation, criminal record, health information, genetic information and biometric information, as defined in section 6(1) of the Privacy Act.

Engagement. A defined piece of work performed by ProfitPulse for a client under the ProfitPulse Master Services Agreement, comprising the initial financial analysis engagement and any follow on implementation engagement activated by a signed Statement of Work.

Client data. All data, documents and information provided by a client to ProfitPulse in connection with an engagement, including data uploaded through the Profit-Pulse.com.au intake.

OAIC. The Office of the Australian Information Commissioner, the independent regulator with responsibility for privacy under the Privacy Act.

Section 03

Open and transparent management of personal information (APP 1)

ProfitPulse maintains this Privacy Policy in compliance with Australian Privacy Principle 1. The policy is published on the Profit-Pulse.com.au website at all times and is provided on request, free of charge, in a form requested by the individual where it is reasonable and practicable to do so.

ProfitPulse operates internal practices, procedures and systems for managing personal information in compliance with the APPs. These include written data handling protocols within the Microsoft 365 Business environment, role based access controls, audit logging of access to client folders, periodic review of access permissions, mandatory multi factor authentication on all administrator accounts, and a formal incident response procedure for suspected data breaches.

Concerns and complaints about ProfitPulse’s handling of personal information are addressed under the process set out in Section 27 of this policy.

Section 04

Anonymity and pseudonymity (APP 2)

Individuals have the option of not identifying themselves, or of using a pseudonym, when dealing with ProfitPulse, except where it is impracticable to deal with an unidentified individual or where ProfitPulse is required or authorised by law or by a court or tribunal order to deal with identified individuals only.

In practice, ProfitPulse cannot perform an engagement, issue a tax invoice, execute a Master Services Agreement, or comply with its record keeping obligations under Australian law and the Code of Ethics issued by Chartered Accountants Australia and New Zealand without identifying the client and the client’s authorised representatives. For these purposes, identification is required.

Section 05

Information we collect

The categories of personal information that ProfitPulse collects include the following:

Identity and contact information

  • Full name and any title or salutation;
  • Role within the client business;
  • Business email address;
  • Business telephone number;
  • Business postal address; and
  • Where relevant, the Australian Business Number of the client entity and the legal name of the client entity.

Engagement information

  • Financial statements, management accounts, trial balances, general ledgers, and supporting workpapers uploaded by the client at intake;
  • Operational data including customer lists, supplier lists, employee schedules, and inventory records, where these are uploaded by the client at intake;
  • Strategic and commercial information shared in discovery calls, working meetings and written correspondence;
  • Tax records, BAS statements, payroll records, and related compliance documents to the extent provided by the client; and
  • Any other information that the client elects to provide for the conduct of an engagement.

Transactional information

  • Payment confirmation details from the Profit-Pulse.com.au payment gateway operated by Stripe (Australia), noting that ProfitPulse does not itself collect or store full payment card numbers;
  • Tax invoice details for each engagement; and
  • Banking reference numbers required for the issue and reconciliation of tax invoices.

Website and technical information

  • Internet Protocol address of the device accessing Profit-Pulse.com.au;
  • Browser type and version;
  • Operating system;
  • Pages viewed and the time and date of access;
  • Referring website; and
  • Information collected through cookies and similar technologies as described in Section 24 of this policy.

Communications information

  • The content of emails, intake form submissions, and correspondence sent to ProfitPulse;
  • Records of telephone calls and video meetings where these are summarised in writing in accordance with our internal records procedure; and
  • Records of meetings booked through any calendar or scheduling tool linked to Profit-Pulse.com.au.

Section 06

How we collect information

ProfitPulse collects personal information directly from the individual concerned wherever it is reasonable and practicable to do so. The principal direct collection channels are:

  • The Profit-Pulse.com.au website, including contact forms, intake forms and file upload workflows operated through Jotform;
  • Email correspondence sent to Info@Profit-Pulse.com.au or to any ProfitPulse named delivery person;
  • Telephone calls and video conferences scheduled by the individual;
  • Discovery calls and engagement meetings; and
  • Execution of the Master Services Agreement and any Statement of Work through the ProfitPulse Jotform Sign workflow.

ProfitPulse may also receive personal information indirectly. The principal indirect collection channels are:

  • From the client, where the client provides records that include personal information about its employees, contractors, customers or suppliers;
  • From publicly available sources, where ProfitPulse conducts public domain research as part of the initial financial analysis engagement; and
  • From referrers, where an individual is referred to ProfitPulse by a current or former client, a professional contact, or another third party.

Where ProfitPulse collects personal information from someone other than the individual to whom the information relates, ProfitPulse takes reasonable steps to inform the individual of the collection at or around the time of collection, unless it is unreasonable or impracticable to do so.

Section 07

Sensitive information (APP 3)

ProfitPulse does not seek to collect sensitive information from individuals as part of its services. Sensitive information is collected only with the consent of the individual concerned, or where collection is required or authorised by law.

Where sensitive information is incidentally included in records provided by a client (for example, in payroll records that contain medical leave details), that information is treated with the additional protections required under the Privacy Act and is used only for the purposes for which it was provided.

Section 08

Unsolicited information (APP 4)

If ProfitPulse receives unsolicited personal information, ProfitPulse will, within a reasonable period, determine whether it could have collected the information under APP 3. If the information could not have been collected under APP 3, and the information is not contained in a Commonwealth record, ProfitPulse will destroy the information or ensure that it is deidentified, as soon as practicable, where it is lawful and reasonable to do so.

Section 09

Notification of collection (APP 5)

At or before the time we collect personal information from an individual (or as soon as practicable after), we take reasonable steps to ensure that the individual is aware of:

  • The identity and contact details of ProfitPulse;
  • The fact and circumstances of the collection;
  • Whether the collection is required or authorised by law;
  • The purposes of collection;
  • The main consequences (if any) if the personal information is not collected;
  • The categories of third parties to whom we usually disclose the information (as set out in Section 11 of this policy);
  • That this Privacy Policy contains information about how the individual may access their personal information, seek correction of it, complain about a breach of the APPs, and how we will deal with such a complaint; and
  • Whether we are likely to disclose the information to overseas recipients and, if so, the countries in which such recipients are likely to be located.

This Privacy Policy itself satisfies the notification requirement in respect of information collected through the Profit-Pulse.com.au website. For information collected through other channels, notification is provided at the point of collection.

Section 10

Purposes of use and disclosure (APP 6)

ProfitPulse uses and discloses personal information for the following purposes:

  • To respond to enquiries received through the Profit-Pulse.com.au website or by email;
  • To schedule discovery calls, working meetings and other interactions with prospective and current clients;
  • To perform the initial financial analysis engagement, including the preparation of the Financial Analysis Presentation, the Next Steps Presentation and any follow on Fee Service Proposal;
  • To perform implementation engagements activated by a signed Statement of Work;
  • To prepare and issue tax invoices in a form that complies with section 29 70 of A New Tax System (Goods and Services Tax) Act 1999 (Cth);
  • To process payments through the Profit-Pulse.com.au payment gateway operated by Stripe (Australia);
  • To maintain operational records of client engagements in the Airtable database used by ProfitPulse;
  • To execute the Master Services Agreement and any Statement of Work through the Jotform Sign workflow;
  • To comply with obligations under the Privacy Act, the Corporations Act 2001 (Cth), the A New Tax System (Goods and Services Tax) Act 1999 (Cth), the Tax Agent Services Act 2009 (Cth) (to the extent applicable), the Anti Money Laundering and Counter Terrorism Financing Act 2006 (Cth) (on and from 1 July 2026 if and to the extent ProfitPulse becomes a reporting entity), and other Australian laws of general application;
  • To comply with the Code of Ethics issued by Chartered Accountants Australia and New Zealand;
  • To establish, exercise or defend legal claims;
  • With the consent of the individual, to send relevant updates about ProfitPulse services; and
  • For other purposes that are within the reasonable expectations of the individual at the time of collection and are related to the primary purposes set out above.

ProfitPulse does not sell, rent or trade personal information. ProfitPulse does not use personal information for purposes unrelated to the conduct of its business.

Section 11

Disclosure to third parties

ProfitPulse discloses personal information only in the following circumstances:

  • To the third party service providers identified in Section 12 of this policy, for the limited purposes set out against each provider;
  • To external professional firms (for example, registered tax agents, Australian legal practitioners, registered company auditors, or insurance brokers) where the client expressly directs ProfitPulse to share information with such a firm for the client’s own purposes;
  • To a successor in business of ProfitPulse (whether by sale of business, restructure or otherwise) where the disclosure forms part of a corporate transaction and the successor agrees to be bound by privacy obligations no less protective than those set out in this policy;
  • To the OAIC and to affected individuals, where required under Part IIIC of the Privacy Act;
  • To a court, tribunal or regulator, where required by a binding direction, subpoena, summons, search warrant or comparable instrument; and
  • Where the individual has expressly consented to the disclosure.

Section 12

Service providers we engage

The third party service providers that ProfitPulse engages in the storage and processing of client data are set out below. Each provider is bound by written terms that include obligations of confidence, security and lawful processing.

ProviderRole in the ProfitPulse environment
Microsoft 365 AustraliaProductivity suite covering email, document storage and identity management. ProfitPulse maintains the storage of record for client data in Microsoft Australian data centres. Identity protection includes multi factor authentication, conditional access policies and audit logging.
Stripe AustraliaPayment processing for the Profit-Pulse.com.au intake. Stripe processes payment card information under the Payment Card Industry Data Security Standard. ProfitPulse does not collect, store or transmit full payment card numbers.
JotformClient intake forms, secure file upload at intake, and Jotform Sign for execution of the Master Services Agreement, the Confidentiality Deed and any Statement of Work.
AirtableOperational records database used by ProfitPulse to manage client records, engagement references, milestones and deliverables.
Make.comWorkflow automation connecting the systems listed in this table. Make.com routes structured workflow data between systems and does not act as the storage of record for client data.
AnthropicProvider of large language model services used by ProfitPulse in the preparation of deliverables. Inputs submitted by ProfitPulse to the Anthropic service are subject to Anthropic’s commercial terms, which include commitments not to use commercial customer inputs to train its models.

ProfitPulse reviews this list periodically. Where ProfitPulse engages a new provider that materially changes how client data is processed, ProfitPulse will update this policy and, where appropriate, notify affected clients.

Section 13

Australian data residency

ProfitPulse maintains the storage of record for client data in Australian data centres operated by Microsoft within the Microsoft 365 Business environment. Client documents, email correspondence, Airtable records, and Jotform submission records are held in Australia as the primary storage of record.

Section 14

Cross border data flows (APP 8)

Some service providers identified in Section 12 may, for transient processing purposes, process data through systems located outside Australia. Where this occurs, ProfitPulse takes reasonable steps under APP 8.1 to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that information. These steps include:

  • Reviewing the contractual terms offered by the provider and the protections they extend to personal information;
  • Selecting providers that publish privacy and security commitments aligned to recognised international standards;
  • Limiting the data that is shared with the provider to what is reasonably necessary for the relevant processing task; and
  • Configuring provider settings, where available, to retain Australian residency for storage of record.

Individuals who would like further information about the cross border arrangements applicable to a particular provider may contact ProfitPulse using the details in Section 29.

Section 15

Direct marketing (APP 7)

ProfitPulse may use personal information to send direct marketing communications about its services to individuals who have provided their contact details and who have not opted out of receiving such communications. Direct marketing is conducted in accordance with APP 7 and the Spam Act 2003 (Cth).

Every direct marketing communication sent by ProfitPulse includes a functional unsubscribe mechanism. Individuals who wish to opt out of direct marketing at any time may do so by using the unsubscribe link in any marketing email, or by emailing Info@Profit-Pulse.com.au.

ProfitPulse does not use sensitive information for the purposes of direct marketing.

Section 16

Government related identifiers (APP 9)

ProfitPulse does not adopt a government related identifier of an individual as its own identifier. ProfitPulse does not use or disclose a government related identifier except in the limited circumstances permitted under APP 9, including where the use or disclosure is reasonably necessary to verify the identity of the individual, or is required or authorised by law.

Section 17

Quality of personal information (APP 10)

ProfitPulse takes reasonable steps to ensure that the personal information it collects is accurate, current and complete, and that the personal information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, current, complete and relevant.

If an individual considers that personal information held by ProfitPulse is inaccurate, out of date, incomplete, irrelevant or misleading, the individual may request correction under the process set out in Section 23 of this policy.

Section 18

Security of personal information (APP 11)

ProfitPulse takes reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

Technical measures

  • Storage of client data within the Microsoft 365 Business environment, with encryption of data at rest and encryption of data in transit using contemporary cryptographic standards;
  • Mandatory multi factor authentication on all ProfitPulse user accounts;
  • Conditional access policies restricting sign in from untrusted networks and devices;
  • Microsoft Exchange Online Protection for email filtering, anti malware scanning, and protection against phishing and business email compromise;
  • Endpoint protection on devices used to access the ProfitPulse environment, including device level encryption;
  • Data loss prevention controls within the Microsoft 365 environment;
  • Audit logging of access to client folders and records;
  • Regular installation of security updates and patches; and
  • Periodic backups, with backups stored on Australian infrastructure and protected by the same access controls as the primary store.

Organisational measures

  • Role based access controls, with access to client folders granted on a need to know basis;
  • Written confidentiality obligations binding all ProfitPulse personnel and subcontractors;
  • Documented incident response procedures for suspected data breaches;
  • Periodic review of user accounts and access permissions, including prompt removal of access on departure of personnel or subcontractors; and
  • Internal training on privacy and information security.

Recognition of standards. The Microsoft 365 platform underlying the ProfitPulse environment is independently audited against recognised information security standards including ISO/IEC 27001 and SOC 2. ProfitPulse aligns its internal controls to these standards but does not itself hold a separate ISO/IEC 27001 certification.

Section 19

Retention period

ProfitPulse retains client data for a period of seven years from the end of the relevant engagement. This retention period is consistent with Australian record keeping standards applicable to professional services and tax records, including the record keeping obligations under section 262A of the Income Tax Assessment Act 1936 (Cth) and section 286 75 of Schedule 1 to the Taxation Administration Act 1953 (Cth).

Where a client is a returning client and elects to incorporate legacy data from a prior engagement into a current engagement, the retention period for that legacy data is reset to seven years from the end of the current engagement.

Section 20

Destruction and courtesy notice protocol (APP 11.2)

At the end of the retention period, ProfitPulse will destroy or deidentify client data in accordance with APP 11.2, using a process appropriate to the sensitivity of the data. The destruction process includes secure deletion from production systems and overwriting of backup copies in accordance with the ProfitPulse data lifecycle policy.

Not less than 30 calendar days before the scheduled destruction date, ProfitPulse will send the client a courtesy notice by email identifying the data scheduled for destruction and inviting the client to:

  • confirm destruction; or
  • request continued retention for a defined further period at the client’s reasonable expense.

Where the client does not respond to the courtesy notice within the period stated in the notice, ProfitPulse will proceed with destruction.

Section 21

Earlier destruction on client request

The client may request earlier destruction of its data by written notice to ProfitPulse. ProfitPulse will give effect to the request within 30 business days, subject to:

  • any retention obligation imposed on ProfitPulse by law, including under the Anti Money Laundering and Counter Terrorism Financing Act 2006 (Cth) on and from 1 July 2026 if and to the extent ProfitPulse becomes a reporting entity;
  • any retention obligation imposed by a professional body to which ProfitPulse is subject, including the Code of Ethics issued by Chartered Accountants Australia and New Zealand; and
  • any retention reasonably required to establish, exercise or defend a legal claim arising out of an engagement.

Section 22

Data breach notification (Part IIIC)

ProfitPulse complies with the Notifiable Data Breaches scheme set out in Part IIIC of the Privacy Act. Where ProfitPulse suspects on reasonable grounds that an eligible data breach involving personal information has occurred:

  • ProfitPulse will commence an assessment promptly and will take all reasonable steps to complete the assessment within 30 calendar days, consistent with section 26WH(2) of the Privacy Act;
  • Where the breach involves the data of a particular client, ProfitPulse will notify that client promptly on suspecting the breach;
  • Where the assessment confirms that the breach is likely to result in serious harm to one or more affected individuals, and remedial action has not removed that risk, ProfitPulse will notify the OAIC and affected individuals as required under Part IIIC; and
  • ProfitPulse will cooperate with the affected client in the client’s own breach response, including by providing information reasonably required for the client’s own assessment.

If you believe a breach has occurred involving information you have provided to ProfitPulse, please contact us immediately by emailing Info@Profit-Pulse.com.au with the subject line “Suspected Privacy Incident”. A member of the ProfitPulse team will respond within one business day.

Section 23

Access and correction rights (APP 12, APP 13)

Right of access

Individuals have a right to request access to the personal information that ProfitPulse holds about them. Requests should be sent to Info@Profit-Pulse.com.au and include sufficient information to identify the individual and the personal information requested.

ProfitPulse will respond to an access request within a reasonable period, and in any event within 30 calendar days of receiving the request. Access will be provided in the manner requested by the individual, where it is reasonable and practicable to do so. ProfitPulse does not charge a fee for making a request for access. A reasonable charge may apply to the provision of access where the request is complex or voluminous; any such charge will be disclosed to the individual before access is provided.

ProfitPulse may refuse access in the limited circumstances permitted under APP 12, including where giving access would be unlawful, where giving access would have an unreasonable impact on the privacy of other individuals, or where the request is frivolous or vexatious. Where ProfitPulse refuses access, ProfitPulse will provide written reasons for the refusal and information about the complaints process.

Right of correction

If an individual considers that personal information held by ProfitPulse is inaccurate, out of date, incomplete, irrelevant or misleading, the individual may request correction. ProfitPulse will take reasonable steps to correct the information so that it is accurate, up to date, complete, relevant and not misleading.

If ProfitPulse refuses to correct personal information, the individual may request that a statement be associated with the information noting the requested correction. ProfitPulse will take reasonable steps to associate the statement in such a way that it will be apparent to users of the information.

Section 24

Website, cookies and analytics

The Profit-Pulse.com.au website uses cookies and similar technologies to support the proper operation of the site and to understand how visitors engage with it. The categories of cookies that may be used include:

  • Strictly necessary cookies that are required for the operation of the website, including session management, secure form submission and load balancing;
  • Functional cookies that remember preferences set by the visitor;
  • Analytics cookies that collect aggregated, statistical information about visits to the website. Where used, analytics data is configured with the most privacy preserving settings available, including Internet Protocol address truncation; and
  • Performance cookies set by third party tools embedded in the website (for example, embedded scheduling tools or form tools).

Visitors can manage cookies through their browser settings. Disabling strictly necessary cookies may affect the proper operation of the site. ProfitPulse does not use cookies to build profiles for the purposes of advertising and does not engage in retargeting.

Section 25

Children

ProfitPulse provides services to business clients. The Profit-Pulse.com.au website is not directed at children, and ProfitPulse does not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete that information.

Section 26

AML and CTF regulatory reservation

The Anti Money Laundering and Counter Terrorism Financing Amendment Act 2024 (Cth) extends the reporting entity regime to certain professional services from 1 July 2026. If, and to the extent that, ProfitPulse becomes a reporting entity under that regime, ProfitPulse will be required to conduct customer due diligence and ongoing customer due diligence, and to retain certain records for a period prescribed by that Act.

Where this regime applies, the collection, use, disclosure and retention of personal information for customer due diligence purposes is required or authorised by Australian law. ProfitPulse will update this policy with further detail before the regime becomes applicable to its services.

Section 27

Complaints process

If you have a concern or complaint about how ProfitPulse has handled your personal information, please contact us in the first instance by email to Info@Profit-Pulse.com.au with the subject line “Privacy Complaint”. Please include:

  • Your name and preferred contact details;
  • A description of the concern or complaint;
  • Any relevant dates, communications or records; and
  • The outcome you are seeking.

ProfitPulse will acknowledge receipt of a privacy complaint within five business days, and will provide a substantive response within 30 calendar days of receipt. Where the matter is complex and a longer period is required, ProfitPulse will inform the complainant of the expected timeline.

If you are not satisfied with the response from ProfitPulse, you may refer the matter to the Office of the Australian Information Commissioner:

  • Website: www.oaic.gov.au
  • Telephone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001

Section 28

Changes to this policy

ProfitPulse may update this Privacy Policy from time to time. The current version is the version published at Profit-Pulse.com.au at the date of access. The document version and last reviewed date are shown at the top of this page. Material changes will be notified to current clients by email.

Section 29

Contact us

For any matter concerning this Privacy Policy, the personal information ProfitPulse holds about you, an access or correction request, a privacy complaint, or a suspected privacy incident, please contact us using the details below.

ProfitPulse Pty Ltd

  • Entity: ProfitPulse Pty Ltd
  • ABN: 27 660 294 710
  • Registered office: 31/1180 Creek Road,
    Carina Heights, QLD 4152
  • Email: Info@Profit-Pulse.com.au
  • Website: profit-pulse.com.au
  • Authorised signatory: Nitesh Roopa, Managing Partner