Privacy Policy

Last updated: April 2026

1. About this policy​

This Privacy Policy explains how Viocorp International Pty Ltd (ABN 43 100 186 838), trading as Viostream, collects, holds, uses and discloses personal information. It applies to all personal information we handle, whether collected through our platform, websites or otherwise.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We are also guided by the Australian Government Information Security Manual (ISM) in our approach to information security.

This policy is available free of charge on our website. You may request a copy in an alternative format by contacting us.

2. Who we are​

3. Kinds of personal information we collect​

We only collect personal information that is reasonably necessary for our functions and activities (APP 3). The types of personal information we may collect include:

• Identity information — name, job title, organisation name
• Contact information — email address, phone number, postal address
• Account information — username, password (hashed), account preferences
• Billing information — billing address, payment details (processed by our payment provider; we do not store full card numbers)
• Usage data — IP address, browser type and version, operating system, device information, pages visited, features used, session duration
• Video analytics data — viewing activity, play/pause/seek events, completion rates, engagement metrics
• Cookies and tracking identifiers — see Section 8 below
• Support data — information provided when contacting our support team, including chat transcripts

We do not generally collect sensitive information (as defined by the Privacy Act). If we ever need to collect sensitive information, we will obtain your consent and explain why it is necessary.

Sensitive information may also be incidentally included in customer-uploaded video content. In those circumstances, Viostream processes such content solely in accordance with the customer's instructions as a data processor and takes reasonable steps to protect the information in line with this Privacy Policy.

4. How we collect personal information​

We collect personal information through the following means:

• Directly from you — when you register for an account, complete a form, contact our support team, subscribe to communications or otherwise interact with us.
• Automatically — through cookies, server logs, analytics tools and similar technologies when you use our platform or visit our websites.
• From third parties — from your employer or organisation administrator (if they create an account on your behalf), single sign-on (SSO) identity providers, or publicly available sources.

Where we collect personal information about you from a third party, we will take reasonable steps to notify you (APP 5).

If you choose not to provide personal information we request, we may be unable to provide you with access to our platform, respond to your enquiry or deliver our services.

5. Unsolicited personal information​

If we receive personal information we did not solicit, we will within a reasonable period determine whether we could have collected it under APP 3. If we determine we could not have collected it, we will destroy or de-identify the information as soon as practicable (APP 4).

6. Purposes of collection, use and disclosure​

We collect, hold, use and disclose personal information for the following purposes:

Account and service delivery​

• Providing, operating and maintaining the Viostream platform
• Creating and managing your account
• Processing payments and managing billing
• Providing customer support and responding to enquiries

Analytics and improvement​

• Analysing platform usage to improve our services and user experience
• Providing video analytics and reporting to our customers

Communications​

• Communicating service updates, maintenance notices and security alerts
• Sending marketing communications where you have opted in or where permitted by law (see Section 11)

Security and compliance​

• Preventing fraud, enforcing our terms of service and protecting the security of our platform
• Complying with applicable laws, regulations and legal processes
• Meeting our obligations under the Notifiable Data Breaches scheme

We will only use or disclose personal information for the primary purpose for which it was collected, or for a related secondary purpose that you would reasonably expect (APP 6).

7. Who we disclose personal information to​

We may disclose personal information to the following categories of recipients:

• Service providers and sub-processors — cloud infrastructure providers (Amazon Web Services), content delivery networks, payment processors, analytics services, customer support tools, email delivery services
• Your organisation — if you use Viostream through an enterprise account, your organisation administrator may have access to account and usage information
• Related bodies corporate — entities related to Viocorp International Pty Ltd
• Professional advisers — lawyers, auditors and accountants as necessary
• Law enforcement and regulators — where required or authorised by law, including to comply with court orders, subpoenas or regulatory requests

We do not sell personal information to third parties. We do not disclose personal information for purposes unrelated to our services unless required by law.

8. Cookies and tracking technologies​

Our platform and websites use cookies and similar tracking technologies to enhance your experience, analyse usage and support our services.

Types of cookies we use​

• Essential cookies — required for the platform to function (authentication, session management, security)
• Analytics cookies — help us understand how visitors interact with our websites and platform (e.g. Google Analytics)
• Preference cookies — remember your settings and preferences

Managing cookies​

Most web browsers allow you to control cookies through their settings. You can choose to block or delete cookies, though this may affect the functionality of our platform.

• Google Chrome — Settings > Privacy and Security > Cookies and other site data
• Mozilla Firefox — Settings > Privacy & Security > Cookies and Site Data
• Safari — Preferences > Privacy > Manage Website Data
• Microsoft Edge — Settings > Cookies and site permissions

On mobile devices:

• iOS — Settings > Safari > Privacy & Security
• Android — Chrome > Settings > Site settings > Cookies

9. Overseas disclosure​

Viostream's primary infrastructure is hosted on Amazon Web Services (AWS) in the Sydney, Australia region (ap-southeast-2). All personal information at rest is stored within Australia.

We do not disclose personal information to overseas recipients. Video content may be delivered via a global content delivery network (CDN) with edge nodes in multiple countries, however CDN caching is temporary and transient and does not constitute a disclosure of personal information.

10. Data processor and data controller roles​

Viostream acts in two capacities with respect to personal information:

• Data controller — for personal information we collect directly (e.g. account registration, website visitors, support enquiries). We determine the purposes and means of processing this information.
• Data processor — for personal information contained within customer video content and associated metadata. Our customers determine the purposes and means of processing; we process this information on their behalf in accordance with our terms of service and any applicable data processing agreement.

11. Direct marketing​

We may use your contact information to send you marketing communications about our products and services where you have opted in or where we are permitted by law to do so.

Every marketing communication includes an unsubscribe mechanism. You may opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at privacy@viostream.com

We do not use sensitive information for direct marketing purposes. We will not use personal information for marketing if you have asked us not to (APP 7).

12. How we store and secure personal information​

We take the security of your personal information seriously and implement measures aligned with the Australian Government Information Security Manual (ISM) and industry best practices.

Storage​

• All data at rest is stored on AWS infrastructure in Australia (Sydney region, ap-southeast-2)
• Data is encrypted at rest using AES-256 encryption
• Data in transit is encrypted using TLS 1.2 or higher

Security controls​

• Role-based access controls limiting access to personal information to authorised personnel
• Multi-factor authentication for administrative access
• Regular vulnerability assessments and security monitoring
• Logging and audit trails for access to personal information
• Incident response procedures for security events

We regularly review our security practices and update them as necessary to address emerging threats and changes to the ISM.

13. Data retention and destruction​

We retain personal information only for as long as it is needed for the purposes for which it was collected, or as required by law.

• Account data — retained for the duration of the account and for a reasonable period afterwards to fulfil legal and regulatory obligations
• Customer content — retained for the term of the service agreement and for 30 days after termination, unless otherwise agreed
• Usage and analytics data — retained for the duration of the service agreement
• Support records — retained for up to 3 years after the last interaction

When personal information is no longer needed, we destroy or de-identify it in accordance with APP 11.2. Destruction methods include secure deletion from databases and storage systems.

14. Anonymity and pseudonymity​

Where practicable, you may interact with us without identifying yourself — for example, when browsing public video content or our public website (APP 2).

However, identification is required for certain activities, including account registration, accessing licensed features and contacting support.

15. Government identifiers​

We do not adopt, use or disclose government-related identifiers (such as tax file numbers or Medicare numbers) as our own identifiers, unless required by law (APP 9).

16. Data quality​

We take reasonable steps to ensure that personal information we collect, use and disclose is accurate, up-to-date, complete and relevant (APP 10). We encourage you to contact us if your information changes.

17. Deletion and de-identification​

You may request that we delete or de-identify your personal information. We will comply where practicable, unless retention is required for contractual, legal or evidentiary reasons.

Backups and archived copies may persist for a defined retention period before being purged in accordance with our data retention schedule (see Section 13). If we are unable to fulfil a deletion request, we will notify you and explain the reasons.

18. Your rights​

Right to access (APP 12)​

You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days. There is no charge for making an access request, though we may charge a reasonable fee for providing access if the request requires substantial effort.

Right to correction (APP 13)​

You have the right to request that we correct personal information we hold about you that is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will respond to correction requests within 30 days at no charge.

How to make a request​

To request access to or correction of your personal information, contact our Privacy Officer:

Please provide sufficient detail to allow us to identify the information in question.

19. How to complain​

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may lodge a complaint with us.

Our complaints process​

1. Submit your complaint in writing to privacy@viostream.com, providing details of the matter and the outcome you are seeking.
2. We will acknowledge your complaint within 5 business days.
3. We will investigate and respond to your complaint within 30 days. If we need more time, we will let you know and explain why.
4. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).

Office of the Australian Information Commissioner​

20. Notifiable data breaches​

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

If we become aware of a data breach that is likely to result in serious harm to affected individuals, we will take all reasonable steps to complete an assessment within 30 days, as required by the NDB scheme. If we determine that an eligible data breach has occurred, we will notify:

• The OAIC — as soon as practicable, with a statement that includes our identity and contact details, a description of the breach, the kinds of information concerned, and recommended steps for affected individuals.
• Affected individuals — as soon as practicable, with the same information.

If you are a Viostream customer and a breach affects personal information you have entrusted to us as a data processor, we will also notify you in accordance with our service agreement so that you can meet your own NDB obligations.

21. Corporate transactions​

In the event of a merger, acquisition, sale or corporate restructure, personal information may be disclosed to prospective purchasers and their advisers under confidentiality obligations. If ownership of Viostream changes, the new entity will be bound by this Privacy Policy until it is updated. We will notify affected individuals of any material changes to how their personal information is handled.

22. Changes to this policy​

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Where practicable, notify you via email or through a notice on our platform

We encourage you to review this policy periodically to stay informed about how we protect your personal information.

23. Contact us​

If you have questions about this Privacy Policy or how we handle your personal information, please contact our Privacy Officer: