Skip to main content

Mailock Pty Ltd Privacy Notice

Mailock Pty Ltd

Last updated: 12 June 2026

Mailock Pty Ltd ("Mailock", "we", "us", "our") is committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Please read this Privacy Notice carefully (together with any other Privacy Notice we may provide on specific occasions when we are collecting or processing personal data about you) as it explains how we collect, store, use, disclose and otherwise handle personal information when providing Mailock services in Australia. It also explains how individuals may access or correct their personal information, make privacy enquiries, or lodge a complaint.

Mailock is a secure communications product developed by Beyond Encryption. Mailock Pty Ltd provides Mailock services in Australia. Certain support, operational, technical and privacy management functions may be performed by personnel employed by, or acting on behalf of, Beyond Encryption Limited and authorised service providers located outside Australia, including in the United Kingdom. Where personal information is disclosed overseas, we take reasonable steps to ensure it is handled in accordance with applicable privacy obligations.

1. Who We Are

Mailock Pty Ltd
ACN 696074192

Unit 526

368 Sussex Street

Sydney

New South Wales NSW 2000


Email: dpo@beyondencryption.com (privacy and data enquiries)
Website: www.beyondencryption.com

Mailock Pty Ltd is an Australian subsidiary of Beyond Encryption Limited, provides Mailock services in Australia. Certain support, operational, technical and privacy management functions are provided by Beyond Encryption Limited and authorised service providers located outside Australia, including in the United Kingdom.

2. Personal Information We Collect

Depending on how you interact with Mailock services, we may collect the following types of personal information:

Contact information

  • First name
  • Last name
  • Email address
  • Mobile phone number

Authentication data

  • Security challenge responses
  • Verification status
  • Authentication preferences

Service metadata

  • Message delivery status
  • Access timestamps
  • Sender / recipient identifiers
  • Configuration settings

Device and technical data

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Hardware identifiers
  • Session identifiers

Usage and telemetry data

  • Application performance data
  • Error diagnostics
  • System logs
  • Security monitoring data

Customer supplied content

Customers may use the service to send the following

  • Documents
  • Attachments
  • Messages
  • Identity information

Mailock does not control the content submitted by customers.

Where customers submit personal information through Mailock services, they remain responsible for ensuring they have appropriate authority to provide that information and for complying with applicable privacy obligations. Mailock processes such information as part of providing the service.

3. How We Collect Personal Information

We collect personal information in a number of ways, including:

  • when customers register for or use the Mailock services;
  • when secure messages are sent, received or accessed using Mailock services;
  • during identification verification or authentication processes;
  • through customer support requests;
  • through website usage, cookies and related technologies where applicable;
  • through system logs, monitoring, security tools and operational telemetry; and
  • through third-party service providers or integrations configured by customers.

Some personal information is collected automatically through use of our services and systems.

Where personal information is required to provide Mailock services, failure to provide that information may limit our ability to deliver or support those services, including authentication, secure communication and customer support functions.

4. Purpose of Collection

We collect and use personal information for purposes including:

  • providing secure messaging services, including access to and use of our website, products and services, such as registering for and setting up an account or opening an email which has been sent to you;
  • verifying your identity and authenticating users and maintaining account security;
  • to provide information to our customers and other users about emails they have sent (e.g. whether they were opened).
  • to maintain, develop, troubleshoot, test and improve our website, products and services.
  • to protect our services, systems and users from unauthorised access, misuse, fraud or other security risks.
  • for securing the website, products and services and communications.
  • to deploy and process personal data collected via cookies that are strictly necessary.
  • to communicate with you about the website, products and services.
  • to generally administer, monitor and improve our business, website, products and services meeting legal, regulatory or compliance obligations.
  • for enforcement of our contractual rights, terms of use and other legal rights.
  • to enable account recovery and support functions; and
  • complying with applicable laws and responding to lawful requests from regulators, law enforcement or government authorities.

We do not provide or sell personal information to any third-party agencies. We do not use personal information for unrelated direct marketing purposes.

5. Data Hosting and Storage Locations

Mailock operates a multi-region secure architecture. Personal information may be stored, processed or accessed in Australia and overseas in connection with the provision and support of Mailock services:

Australia
Primary hosting location for customer data

European Union
Service metadata databases;
Authentication data;
Operational telemetry;
SQL service databases
Azure Application Insights telemetry.

United Kingdom
Support technical operations and authorised access by personnel providing customer support, service administration, security monitoring or privacy management functions.

These locations are used for:

  • operation and delivery of Mailock services;
  • authentication and identity verification processes;
  • storage and processing of service metadata and operational telemetry;
  • performance monitoring, security monitoring and system maintenance;
  • customer support, technical support and service administration; and
  • privacy management, compliance and related operational functions.

Where personal information is stored, processed or accessed outside Australia, Mailock takes reasonable steps to ensure overseas recipients handle personal information in a manner consistent with applicable privacy obligations.

6. Cross-Border Disclosure

To provide and support Mailock services in Australia, personal information may be disclosed to, processed by, or accessed by overseas recipients located outside Australia, including in the European Union and the United Kingdom.

These overseas disclosures or access arrangements may occur for purposes including:

  • operating and supporting Mailock services;
  • providing authentication and identity verification functions;
  • monitoring performance, security and service integrity;
  • maintaining and improving services and infrastructure;
  • providing customer support and technical assistance; and
  • privacy management, compliance and related operational functions.

Overseas recipients may include cloud service providers, authorised service providers and personnel employed by, or acting on behalf of, Beyond Encryption Limited in the United Kingdom.

Where personal information is disclosed outside Australia, Beyond Encryption takes reasonable steps to ensure overseas recipients handle personal information in a manner consistent with applicable privacy obligations and implements contractual, technical and organisational safeguards where appropriate.

7. Azure Hosting

Mailock currently uses Microsoft Azure cloud infrastructure to support the provision, operation and security of Mailock services. Depending on the relevant service and processing activity, Microsoft Azure may host or process personal information in:

  • Australia; and
  • The European Union

Personal information processed using Microsoft Azure services may include customer data, authentication information, service metadata, telemetry and operational information, depending on the relevant service functionality.

Mailock applies technical and organisational security measures designed to protect information processed through Microsoft Azure services, including:

  • encryption at rest and in transit;
  • access controls and role-based permissions;
  • monitoring and logging.

Use of Microsoft Azure services is subject to Microsoft’s applicable security and privacy controls and supporting contractual arrangements.

8. Telemetry and Diagnostic Data

Mailock collects limited telemetry, diagnostic and operational data to support the performance, security, maintenance and improvement of Mailock services. Depending on the relevant service or interaction, this may include:

  • browser type and version;
  • device information;
  • IP address;
  • performance and usage metrics;
  • system events and operational logs; and
  • error diagnostics and troubleshooting information.

Telemetry and diagnostic information may be processed using Microsoft Azure Application Insights. This data is currently stored in Azure Application Insights in the European Union.

Telemetry data is retained for up to90 daysbefore being automatically deleted or otherwise removed in accordance with applicable retention settings.

9. Disclosure of Personal Information

M ailock may disclose personal information to third parties where reasonably necessary to provide, operate, support or secure Mailock services, comply with legal obligations, or otherwise as permitted by law.

Depending on the relevant service or activity, personal information may be disclosed to any of the following:

  • cloud hosting providers supporting Mailock services;
  • authentication identity verification service providers;
  • telecommunications, messaging or SMS delivery providers;
  • support service providers;
  • personnel employed by, or acting on behalf of, Beyond Encryption Limited in connection with customer support, technical operations, privacy management or related functions;
  • professional advisors, auditors or consultants where reasonably required;
  • regulators, law enforcement agencies, courts or government authorities where required or authorised by law; and

Mailock will only disclose information necessary to provide services. It implements contractual, technical and organisational measures where appropriate to protect personal information.

10. Security

Mailock implements technical, organisational and administrative measures designed to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure. These measures include:

  • encryption of message content
  • encryption of stored data
  • role-based access controls and access management processes;
  • authentication and identity verification controls
  • audit logging, monitoring and alerting
  • infrastructure segregation and security management practices; and
  • secure key management processes.

Mailock regularly reviews and maintains security measures designed to support the confidentiality, integrity and availability of its services and information assets.

These measures are informed by recognised information security practices, including principles reflected in ISO 27001. However, no method of transmission over the internet or electronic storage is completely secure and Mailock cannot guarantee absolute security.

11. Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of fulfilling our contract with you or the organisation you represent, to provide our services, meeting contractual obligations, complying with legal, regulatory, tax, accounting or reporting requirements, resolving disputes and establishing, exercising or defending legal claims.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes.

Please note the following:

  • If you set up an account with us but you do not use our related website, products or services for a prescribed amount of time (the length of time will be as determined by us in our absolute discretion from time to time) then we may treat your account as expired and deactivate it.
  • If you are a customer and register for a paid-account (a subscription) and you cancel your subscription your payment details will be deleted 10 days after the subscription is cancelled.
  • All email messages that have been secured with Mailock are set with an expiry date which depending on the type of Mailock account is normally 365 days after the message is sent. For messages sent using our Free Account or for replies sent as a “Guest”, the expiry date is set to 21 days. On expiry, the message data will be retained but it will be moved to our secure archive store where it will remain, encrypted, for up to 10 years after which time it will be permanently deleted. We are not able to see the content of any message that has been sent, due to the nature of the encryption solution which you have purchased, but other Usage personal data will still be accessible.
  • Users are responsible for deleting messages held in their accounts when they are no longer required and should no longer be retained. If you do not do so, then messages will continue to be stored by us for your future access if required in accordance with our Retention Periods (being such periods as we shall decide from time to time in our absolute discretion).
  • Users are also responsible, where permitted by their account, for specifying the length of time after a message is sent to a recipient that will be available to them.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research, product development, business or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Telemetry data is retained for up to 90 days. Data is securely deleted from our data archive when it is no longer required.

In some circumstances you can ask us to delete your personal data. You can also use the cookie banner on our website to change your cookie preferences.

12. Your Privacy Rights

As a data subject you have a number of rights under data protection laws in relation to your personal data and information and we have set out details of these rights below. The rights available will depend on the circumstances and the laws that apply to the handling of the relevant information.

If you would like to exercise any of these rights, please contact us via dpo@beyondencryption.com and provide us with enough information to identify you as well as what right you want to exercise and the personal data to which your request relates.

For individuals in Australia, subject to applicable exceptions under the Privacy Act 1988 (Cth), these rights may include

Access

The right to be provided with a copy of the personal data we hold about you.

Correction or Rectification

The right to require us to correct the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us

Complaints

The right to raise concerns regarding the handling of personal information, including complaints regarding potential breaches of applicable privacy obligations.

Direct marketing

You may have the right to object or opt out at any time to the processing of your personal data for direct marketing purposes.

Depending on your location and the privacy laws that apply, you may have additional rights regarding your personal information. These may include rights relating to deletion, restriction of processing, portability, objection to certain processing activities or withdrawal of consent where such rights apply under relevant laws.

Identity Verification.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed or access given, to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response .

Time limit to respond:

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Charges

Access requests will generally be handled free of charge, although a reasonable fee may apply where permitted by law or where a request is clearly unfounded, repetitive or excessive.

13. Complaints and Privacy Enquiries

If you have a question, concern or complaint regarding how Mailock handles personal information, please contact us using the details provided in this Privacy Notice. We will seek to investigate and respond to privacy enquiries and complaints within a reasonable period.

Privacy enquiries and complaints may be directed to dpo@beyondencryption.com

If you are not satisfied with our response, or you believe your personal information has been handled in a manner inconsistent with applicable privacy obligations, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

14. Third Party Services

Customers may choose to configure or use third party services, integrations or applications in connection with Mailock services. Thecollection, handling and use of personal information by those third parties will generally be governed by their own privacy policies, terms and practices.

Mailock is not responsible for the privacy practices of independent third-party services or providers that customers elect to use. Customers should review the privacy notices and terms of those third parties before enabling or using such services.

Where Mailock engages third party service providers in connection with the operation or delivery of Mailock services, those arrangements are addressed separately in this Privacy Notice.

15. Changes to this Policy

We keep our Privacy Notice under regular review and therefore we may change it from time to time. If we do change this Privacy Notice we will inform you via our website with the last updated date will be amended accordingly. If any material changes are likely to have an adverse impact on your rights under relevant Data Protection law, we will use reasonable endeavours to notify you of the changes in advance in writing or by alternative means.

16. Contact

If you have questions regarding this Privacy Notice or Mailock’s handling of personal information, please contact:

Data Protection Officer,  Beyond Encryption Limited.

Email: dpo@beyondencryption.com

Website: www.beyondencryption.com

Mailock services in Australia are provided through Mailock Pty Ltd. Certain privacy, support and operational functions may be performed by Beyond Encryption Limited and authorised service providers located outside Australia.