Privacy Policy

1. Introduction and Our Commitment

InsolX is an online venue that connects registered liquidators, administrators, receivers and other insolvency practitioners appointed under the Corporations Act 2001 (Cth) with prospective buyers of, and investors in, distressed and insolvent assets. In operating the platform, we necessarily collect and handle personal information about the people who use it — including buyers, investors, insolvency practitioners and their staff.

We collect only the personal information that is reasonably necessary for the functions and activities described in this Privacy Policy, and we handle that information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and, where applicable, the Spam Act 2003 (Cth). This Privacy Policy applies to personal information we collect through our website and platform, by email, and through any related interaction you have with us.

2. What Personal Information We Collect

The personal information we collect depends on how you interact with the platform. It may include:

• –Account information — your name, email address and password (passwords are stored only in hashed form and are never visible to us in plain text).
• –Professional and enquiry details — the professional details, credentials and firm or organisation information you provide when registering as a buyer or submitting an enquiry, together with the content of any enquiry messages you send to a listing practitioner.
• –Listing information — where you are an insolvency practitioner, the content of your listings and any contact, appointment and firm details you provide in connection with creating and managing listings.
• –Preferences and activity — your deal-alert preferences (such as selected industries, jurisdictions, deal sizes and email frequency), your saved listings and your activity on the platform.
• –Technical and usage data — your IP address, browser type, device information, operating system, pages visited, session data and server logs generated automatically when you use the platform.
• –Correspondence — personal information contained in emails or other communications you send to us, including support and account-related requests.

Sensitive information is a subset of personal information afforded heightened protection under the Privacy Act, including health information and information about an individual’s racial or ethnic origin or criminal record. We do not seek to collect sensitive information through the platform, and we will collect it only where you have consented and the collection is reasonably necessary for one or more of our functions or activities, or where we are otherwise required or authorised to do so by or under law.

3. How We Collect Personal Information

We collect personal information in the following ways:

• –Directly from you — when you create an account, complete your profile, submit an enquiry on a listing, configure deal alerts, save listings, create or manage listings as a practitioner, request a password reset, or correspond with us by email.
• –Automatically — when you visit or interact with the platform, through authentication and session cookies, server logs and our error-monitoring tooling, which record technical information such as your IP address and browser and device details.
• –From third parties — in limited circumstances, for example where an insolvency practitioner or a colleague provides your contact details in connection with a listing or an enquiry on a listing. Where we collect personal information about you from a third party, we will take reasonable steps to notify you or to ensure you are aware of the collection as soon as practicable.

4. Why We Collect, Use and Hold Personal Information

We collect, use and hold personal information for the following purposes:

• –Operating the marketplace — to register and authenticate accounts, display and manage listings, enable browsing and search, and provide saved-listing and dashboard functionality.
• –Routing enquiries — to deliver your enquiry, together with your name, contact and professional details, to the insolvency practitioner responsible for the listing you have enquired about (see Section 5).
• –Deal alerts — to send you opt-in email alerts matched to the industries, jurisdictions, deal sizes and frequency you have configured.
• –Security and fraud prevention — to protect the integrity of the platform, verify account activity, detect and prevent fraudulent, unlawful or abusive conduct, and maintain audit logs.
• –Service improvement — to diagnose errors, monitor performance and improve the functionality, reliability and usability of the platform.
• –Legal compliance — to comply with our legal and regulatory obligations, respond to lawful requests from regulators and law-enforcement agencies, and establish, exercise or defend legal claims.

We may also use personal information for other purposes that are directly related to the purposes above and that you would reasonably expect, or otherwise with your consent or as required or permitted by law.

5. Disclosure of Enquiry Details to Insolvency Practitioners

This section describes a disclosure that is central to how the platform works. When you submit an enquiry on a listing, we disclose your enquiry — including your name, email address, professional details, firm or organisation, and the content of your message — to the insolvency practitioner (or their firm) responsible for that listing. This disclosure is the very purpose of submitting an enquiry: it enables the practitioner to respond to you, assess your interest, and decide whether to grant you access to confidential sale materials such as information memoranda and financial records.

Once your enquiry details are disclosed to a practitioner, that practitioner handles your personal information under their own privacy practices and professional obligations, not under this Privacy Policy. Practitioners may retain your details in their own systems, contact you directly about the relevant sale process, and use your information in connection with the administration of the relevant insolvency appointment. We encourage you to raise any questions about a practitioner’s handling of your information with that practitioner directly. We do not control, and are not responsible for, the privacy practices of listing practitioners or their firms.

By submitting an enquiry through the platform, you consent to your enquiry details being disclosed to the practitioner responsible for the relevant listing for these purposes.

6. Disclosure to Service Providers and Other Third Parties

We disclose personal information to a limited number of third-party service providers that help us operate the platform:

• –Supabase — our database and authentication provider, which stores account data, profile and preference data, listing and enquiry records, and hashed credentials on cloud-hosted infrastructure.
• –Vercel — our web hosting and content delivery provider, which processes request data (including IP addresses) in the course of serving the platform.
• –Resend — our transactional email provider, which processes your name and email address in order to deliver account emails, password resets, enquiry notifications and deal alerts.
• –Sentry — our error-monitoring provider, which collects error and diagnostic data that may include your IP address and browser or device information when a technical fault occurs.

These providers are engaged to process personal information only for the purposes of providing their services to us. We take reasonable steps to ensure our service providers handle personal information consistently with the Australian Privacy Principles.

We may also disclose personal information to professional advisers (such as lawyers, accountants and auditors) under obligations of confidentiality; to regulators, law-enforcement agencies, courts and tribunals where required or authorised by law; in connection with an actual or proposed sale, restructure or transfer of our business or assets; and otherwise with your consent.

7. We Do Not Sell Your Personal Information

We do not sell, rent or trade your personal information to any third party for commercial purposes. The only disclosures we make are those described in this Privacy Policy: to the practitioner responsible for a listing you enquire about (Section 5), to the service providers and other recipients described in Section 6 (including professional advisers and recipients in connection with a sale or restructure of our business), with your consent, or otherwise as required or permitted by law.

8. Overseas Disclosure

Some of the service providers described in Section 6 store or process personal information on servers located outside Australia, including in the United States of America. In particular, our database and authentication infrastructure (Supabase), web hosting (Vercel), email delivery (Resend) and error monitoring (Sentry) may each involve the storage or processing of personal information on overseas infrastructure.

Before disclosing personal information to overseas recipients, we take reasonable steps, as required by APP 8, to ensure that the recipient handles your personal information in a manner consistent with the Australian Privacy Principles, including by engaging reputable providers that maintain contractual data-protection commitments and recognised security practices.

Please be aware that, once personal information is disclosed to an overseas recipient, the Privacy Act may not require that recipient to protect your information in the same way as an Australian APP entity, and you may not have the same remedies available against the overseas recipient. Overseas processing by the service providers named in this Privacy Policy is inherent in the operation of the platform, and we take the steps described above in respect of each of them.

9. Data Security

We take reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. The measures we apply include:

• –Encryption of data in transit between your browser and the platform using industry-standard Transport Layer Security (HTTPS/TLS).
• –Passwords stored only as cryptographic hashes — we never store or have access to your password in plain text.
• –Access controls that restrict access to personal information to authorised systems and personnel on a need-to-know basis, including practitioner-controlled access to confidential listing materials.
• –Authentication tokens with limited lifetimes and secure session management.
• –Engagement of reputable infrastructure providers that maintain their own security certifications and controls.

Despite these measures, no data transmission or storage system can be guaranteed to be completely secure. You are responsible for keeping your account credentials confidential. If you believe that personal information you have provided to us has been compromised, or you suspect unauthorised access to your account, please contact us immediately using the details in Section 17.

10. Notifiable Data Breaches

We are subject to the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth). If a data breach occurs that is likely to result in serious harm to any individuals whose personal information is involved, we will notify the Office of the Australian Information Commissioner (OAIC) and the affected individuals as soon as practicable, in accordance with our legal obligations. Our notification will include the nature of the breach, the kinds of information involved, and the steps we recommend affected individuals take in response.

11. Data Retention and De-identification

We retain personal information for as long as it is reasonably necessary for the purposes for which it was collected, including to operate your account, maintain records of enquiries and listings, comply with applicable legal, regulatory or professional retention obligations, and establish, exercise or defend legal claims.

When personal information we hold is no longer needed for any purpose for which it may be used or disclosed under the APPs, and we are not required by law or a court or tribunal order to retain it, we take reasonable steps to destroy it or to permanently de-identify it. De-identified or aggregated data that can no longer reasonably identify you may be retained and used for analytical and service-improvement purposes.

12. Cookies

The platform uses cookies — small text files placed on your device — strictly for authentication and the secure operation of the platform. Specifically, we use session and authentication cookies (including Supabase authentication tokens) to keep you signed in, protect your account and enable core platform functionality. These cookies are strictly necessary: the authenticated parts of the platform cannot function without them.

We do not currently use any advertising cookies, third-party ad trackers or third-party analytics services (such as Google Analytics) on the platform. If we introduce analytics or other non-essential cookies in the future, we will update this Privacy Policy before doing so.

You can manage or disable cookies through your browser settings, but disabling authentication cookies will prevent you from signing in and using account features such as saved listings, deal alerts and the listing dashboard.

13. Marketing Communications and Deal Alerts

Our deal-alert emails are strictly opt-in. You will receive deal alerts only if you have created an account and configured alert preferences — including your selected industries, jurisdictions, deal sizes and delivery frequency (daily or weekly). You can change or disable your deal alerts at any time in your account settings, and each alert email contains a functional means of unsubscribing.

We comply with the Spam Act 2003 (Cth) in respect of all commercial electronic messages we send: we send such messages only with your consent, we identify ourselves as the sender, and we honour unsubscribe requests promptly. Transactional and service messages — such as enquiry notifications, password resets and important account or security notices — are not marketing communications and may be sent to you as a necessary part of operating your account.

14. Access to and Correction of Your Personal Information

You have the right to request access to the personal information we hold about you, and to request the correction of personal information that is inaccurate, incomplete, out of date, irrelevant or misleading. You can view and update much of your information directly — including your profile details, deal-alert preferences and saved listings — through your account settings.

For any other access or correction request, please contact us using the details in Section 17. We will respond to your request within 30 days. We do not charge a fee for making a request, although in limited cases we may charge a reasonable fee for the work involved in providing access.

We may decline a request for access or correction in the limited circumstances permitted by the Privacy Act. If we do, we will provide you with written reasons for the refusal and information about how you can complain about that decision.

15. Complaints

If you have a concern or complaint about how we have collected or handled your personal information, including a possible breach of the Australian Privacy Principles, please contact us in the first instance using the details in Section 17. Please include sufficient detail for us to investigate your complaint.

We will acknowledge your complaint within 5 business days of receiving it and will endeavour to provide a substantive response within 30 days. If we need more time to investigate, we will let you know the reason for the delay and the expected timeframe.

If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC): online at www.oaic.gov.au or by phone on 1300 363 992.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the platform, our service providers or applicable law. The updated version will be published on our website with a revised “Last updated” date. Where a change is material — for example, the introduction of analytics cookies or a new category of overseas disclosure — we will take reasonable steps to bring it to your attention. We encourage you to review this Privacy Policy from time to time so that you are aware of how we handle your personal information. Where a change would materially affect how we handle personal information we have already collected from you, we will seek any consent the Privacy Act requires before relying on that change.

17. Contact Us

If you have any questions about this Privacy Policy, wish to make an access or correction request, or wish to make a privacy complaint, please contact us at info@insolx.com.au. We will respond as soon as reasonably practicable and within the timeframes described in this Privacy Policy.