OziShield Privacy & Data Protection Policy 

Effective Date: November 2025
Last Updated: November 2025

OziShield — A product by Ozinexus Technologies — helps users identify and report online scams, phishing links, and suspicious messages.
Your safety and privacy are our top priorities.

1. What We Collect

We collect only the minimum data required to run a scan and improve security.

Data Type Purpose Retention
Link or message content you submit To analyse for phishing, malware, or scam patterns Automatically deleted after scanning
Screenshot (optional) Used only for text extraction via OCR (processed client-side when possible) Not stored or retained on our servers
Scan metadata (e.g. timestamp, hashed IP, country) To monitor service usage and prevent abuse Retained ≤ 90 days, then anonymised

2. What We Never Collect or Store

  • Personal emails, names, or login credentials
  • Full IP addresses (unless hashing disabled by admin)
  • Payment details or tracking cookies
  •  Any data for advertising or profiling

3. How We Use Your Data

  • To generate a temporary scan result card and overall statistics
  • To improve our detection algorithms (anonymised only)
  • To help authorities identify emerging threat trends (aggregated form only)

We do not share raw scan inputs with any third party.

4. Security & Encryption

  • All connections use HTTPS + HSTS with TLS 1.3 encryption.
  • Data in transit and storage is AES-256 encrypted.
  • All system credentials and security tokens are encrypted and stored using industry-standard best practices.
  • Access is restricted to authorised Ozinexus staff only (using least-privilege principle).

5. User Rights & Control

You can:

  • Request anonymised scan logs linked to your session.
  • Request permanent deletion of any stored record.
  • Opt out of analytics (we respect Do Not Track).

To request, email privacy@ozishield.com.au.

6. Third-Party Services & APIs

OziShield integrates only with trusted providers:

  • Google Safe Browsing (for phishing database lookups)
  • WhoisXML (for domain age verification)

These APIs receive only the URL being scanned — never your personal information.

7. Compliance & Jurisdiction

We comply with:

  • Australian Privacy Principles (APPs)
  • GDPR (Article 6 & 17) for EU users
  • Consumer Data Right (CDR) guidelines for transparency

All data is processed in Sydney, Australia, with failover servers in Singapore.

8. Contact Us

OziShield Privacy Team
Ozinexus Technologies Pty Ltd
Sydney, NSW – Australia
📧 privacy@ozishield.com.au

We review this policy every 90 days to keep it accurate and compliant.

9. In Plain English Summary

We don’t track you.
We don’t sell data.
We only check for scams — safely, anonymously, and ethically.