Legal
Privacy Policy
Last updated: 2 May 2026.
1. Introduction
9t5 Pty Ltd (ABN 12 623 421 563) ("9t5", "we", "us", "our") operates SOCI Sentinel, an Australian-hosted compliance evidence platform for responsible entities under the Security of Critical Infrastructure Act 2018. This policy explains how we collect, use, disclose and safeguard personal information and customer-supplied artefacts in connection with this website and the SOCI Sentinel service.
2. The information we collect
We collect personal information you provide directly: name, work email, organisation, role, and any information you submit through enquiry, briefing or design-partner conversations. We also collect technical information when you visit this website, including IP address, browser type and device information. When you operate SOCI Sentinel under a paid agreement, we receive the control evidence artefacts you choose to export from your existing OT and IT toolchain. We do not receive or process live telemetry from your networks.
3. How we use information
We use personal information to respond to enquiries, deliver the SOCI Sentinel service, support contractual obligations, improve the product, and meet regulatory requirements. We use customer-supplied artefacts only to assemble, classify and produce the Critical Infrastructure Risk Management Program evidence pack, the board attestation pack and any incident reporting artefacts you request. We do not sell personal information.
4. Hosting and data residency
SOCI Sentinel is hosted in Australia. Production workloads run in AWS Sydney (ap-southeast-2). Customer artefacts and evidence packs are stored in Australian data centres with encryption in transit and at rest. The Phase 1 product targets the OFFICIAL: Sensitive classification under the Australian Government Information Security Manual.
5. Indigenous Data Governance
SOCI Sentinel encodes the CARE Principles for Indigenous Data Governance (Collective Benefit, Authority to Control, Responsibility, Ethics) into the evidence pack data taxonomy. Where customer-supplied artefacts contain or relate to Indigenous data, we engage a paid Indigenous data governance advisor to validate the classification.
6. Disclosure
We may disclose personal information to service providers who help us operate the platform (cloud infrastructure, identity, monitoring), to professional advisers, where required by law, or with your consent. We require service providers to maintain appropriate security and confidentiality. Customer artefacts are not shared with third parties without explicit instruction.
7. Security
We follow Australian Government Information Security Manual baselines. Controls include phishing-resistant multi-factor authentication, role-based access control, immutable audit logs of every reasoning step, and customer-isolated single-tenant deployments for paid pilots. No method of transmission over the internet is completely secure, but we work to a Maturity Level 2 Essential Eight target as a minimum.
8. Notifiable Data Breaches
If a data breach is likely to result in serious harm to an individual, we will notify affected individuals and the Office of the Australian Information Commissioner in line with the Notifiable Data Breaches scheme under the Privacy Act 1988. Where the breach involves SOCI Act-regulated information, we will support our customer's reporting obligations under section 30BC and Part 2B.
9. Your rights
Under the Privacy Act 1988 (Cth) you have the right to access and correct your personal information. You can request access, correction or deletion, or make a complaint, by emailing the contacts below. We will respond within 30 days.
10. Contact
For questions about this Privacy Policy or to exercise your rights, email salam@9t5.com.au or liaqat@9t5.com.au.
This policy is provided in good faith and will be reviewed by Australian privacy counsel before SOCI Sentinel begins paid operation with a responsible entity.