Belljar...

Legal

Privacy policy and related legal information.

Introduction

Belljar is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/

What is Personal Information and Why Do We Collect It?

Personal Information is information or an opinion that identifies an individual, or could reasonably identify an individual when combined with other data. We collect Personal Information to operate our web application firewall (WAF), bot protection, DDoS mitigation, CAPTCHA, and related security services; to manage customer accounts; to communicate with you; and to improve and secure our products.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Data We Collect

Depending on how you interact with Belljar—as a website visitor, account holder, or as traffic protected by our security products—we may collect the following categories of information:

Identity and contact information
  • Full name, title, and job role
  • Email address, postal address, and phone or facsimile number
  • Organisation or company name, ABN or business identifiers, and billing contact details
  • Account username, profile information, and communication preferences
Account, authentication, and credentials
  • Login credentials (stored in hashed form; we do not store plaintext passwords)
  • Multi-factor authentication data, session tokens, and API keys
  • Account configuration, permissions, roles, and audit logs of administrative actions
Network, device, and browser information
  • IP address (IPv4 and IPv6), including source and destination addresses
  • User agent string, browser type, browser version, and rendering engine
  • Operating system, platform, and device type (desktop, mobile, tablet, bot, etc.)
  • Screen resolution, viewport size, colour depth, and timezone offset where available
  • Language and locale preferences, accepted content types, and encoding settings
  • TLS/SSL protocol version, cipher suite, and certificate-related metadata
  • Network path data such as autonomous system number (ASN), ISP, and hostname lookups
HTTP request and traffic metadata
  • Requested URL, path, query string parameters, HTTP method, and protocol version
  • HTTP request and response headers (including Referer, Origin, Accept, Accept-Language, Accept-Encoding, Connection, Cache-Control, and custom application headers)
  • Request and response status codes, payload sizes, and transfer timings
  • Session identifiers, cookie names and values, and CSRF or security tokens
  • WebSocket connection metadata and API call patterns
  • Rate-limit counters, connection counts, and bandwidth usage statistics
Security, threat, and WAF-related data
  • Security event logs, blocked and allowed requests, and rule match details
  • Bot detection scores, behavioural signals, fingerprint data, and challenge outcomes (including CAPTCHA responses)
  • Malware, injection, cross-site scripting (XSS), and other attack signatures detected in traffic
  • IP reputation scores, blocklists, allowlists, and GeoIP-derived location data (country, region, city)
  • DDoS attack characteristics, volumetric metrics, and mitigation actions taken
  • Spam filtering results, content classification labels, and abuse reports
  • Incident investigation notes and forensic artefacts necessary to protect your applications
Cookies, local storage, and similar technologies
  • Essential session and authentication cookies
  • Security and anti-abuse cookies used to distinguish legitimate users from automated traffic
  • Preference cookies that remember settings you have chosen
  • Analytics or performance cookies that help us understand how our website and services are used
  • Local storage, session storage, and similar client-side identifiers where used by our products
Communications and support records
  • Content of emails, contact form submissions, support tickets, and chat messages
  • Call or meeting notes, attachments you provide, and correspondence history
  • Feedback, survey responses, and product usage enquiries
Billing and transaction information
  • Invoicing details, purchase orders, subscription plan, and payment status
  • Partial payment card or banking details as supplied for billing (full card numbers are handled by our payment processors and are not retained by Belljar beyond what is necessary for reconciliation)
  • Tax identifiers and billing history
Website and product usage analytics
  • Pages viewed, features accessed, clicks, scroll depth, and navigation paths on our website or management interface
  • Timestamps, session duration, frequency of visits, and referral source
  • Error logs, crash reports, performance metrics, and diagnostic metadata
  • Product telemetry needed to maintain service quality, capacity planning, and reliability
Information from other sources
  • Information you provide during sales calls, demonstrations, or onboarding
  • Publicly available business directories, media, and professional profiles
  • Information from your organisation’s administrators who provision access on your behalf
  • Threat intelligence feeds and reputation data used solely to improve security outcomes

This information is obtained through direct interactions with you, through your use of our website and management interfaces, through traffic processed by Belljar security products protecting your applications, via email and telephone correspondence, through cookies and similar technologies, and from software and infrastructure that we operate. We don’t guarantee website links or the privacy practices of external sites.

We collect your Personal Information for the primary purposes of providing and securing our services, administering accounts, communicating with you, billing, product improvement, and—where you have opted in—marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use. You may unsubscribe from our mailing or marketing lists at any time by contacting us in writing.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

  • For the primary purpose for which it was obtained
  • For a secondary purpose that is directly related to the primary purpose
  • With your consent; or where required or authorised by law.
We Do Not Sell or Share Your Data

Belljar does not sell, rent, trade, or otherwise provide your Personal Information to third parties for their own marketing or commercial purposes. We do not monetise customer or end-user data, and we do not make Personal Information available to data brokers, advertisers, or unrelated third parties.

Any data we process is used solely to deliver, operate, support, and improve Belljar’s security products and services, to communicate with you about those services, and to meet our legal obligations. Where limited disclosure is necessary—such as to infrastructure providers that host our systems under strict contractual terms, or where required by law—such parties may only use the information to perform services for Belljar and must protect it in accordance with applicable privacy requirements.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information directly from you. However, in some circumstances we may receive information from third parties—for example, your organisation’s administrators, publicly available sources, or security intelligence feeds used to protect your applications. In such cases we will take reasonable steps to ensure you are aware of the information provided to us.

Receiving information from a third party does not mean we share your data with them in return. Belljar remains responsible for Personal Information in its possession, subject to the limited disclosure circumstances described in this policy.

Disclosure of Personal Information

We do not routinely disclose Personal Information to third parties. Your Personal Information may be disclosed only in the following limited circumstances:

  • Where you have given explicit consent to the disclosure
  • Where disclosure is required or authorised by law, regulation, court order, or government authority
  • To professional advisers (such as lawyers or accountants) bound by confidentiality obligations, where necessary for Belljar’s legitimate business purposes
  • To subprocessors who provide essential infrastructure or operational services to Belljar (such as cloud hosting or email delivery), solely to perform those services on our behalf and under agreements that require them to protect your information and prohibit independent use or sale of your data

Except for the circumstances above, Belljar will not disclose, license, or otherwise make your Personal Information available to third parties.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Access to Your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

Belljar will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information we may require identification from you before releasing the requested information.

Maintaining the Quality of Your Personal Information

It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates

This Policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

Belljar
Email: contact@belljar.com