Privacy Policy

Updated 7 June 2023
We respect your privacy

At Retrospect Labs Pty Ltd, we are committed to protecting your privacy and personal information. As part of our business operations, we may collect personal information about you when you interact with our products, such as Gauntlet, or services such as delivering cyber security exercises.

By providing us with personal information, you consent to the terms of this Privacy Policy and the types of disclosure covered within.

This policy sets out how we collect and treat your personal information.

What information we collect about you

We collect information about you when you input it into our products or services, or if you provide it directly to us. The type of data collected is described below.

Account and Profile Information

When you register for an account, we collect information including email address, name, and phone number. You may also have the option of adding a profile photo, role, team, and organisation. We keep track of your preferences when you select settings within our products.

Content you provide through our products or services

We collect and store the content that you input into our products or send to us in relation to a service we are providing you. This content may include injects within an exercise you've created, emails sent by participants to be captured within an exercise, responses to tasks presented to participants within an exercise, or observation notes of a team's performance against objectives within an exercise. Content may also include files and links that you upload to our products or send to us via email or chat platforms. In addition, we collect feedback that you provide directly to us through our products or services.

Information you provide through our support channels

Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with our products.  Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with us, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.

Information we collect automatically when you use our products

We collect information about you when you use our products, including metadata such as number of users, frequency of exercises, and taking certain actions. As part of our services, we may also collect and process certain device data, including your IP address and location information. This data is collected to enhance your user experience, provide relevant content, and improve our services. 

Retrospect Labs’ Partners

We work with international partners who provide consulting, implementation, training and other services around our products.  Some of these partners also help us to market and promote our products and services, generate leads for us, and perform reselling services.  We receive information from these partners, such as technical contact information, company name, what Retrospect Labs’ products or services you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.

How we use information we collect

We use the information we collect about you to deliver thefollowing.

Provide the service and personalise your experience

We use information about you so we can deliver the intended services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate, maintain, and improve our products and services.  

Our services also include tailored features that personalise your experience, enhance the value you receive from using our products, and improve your ability to see insights by automatically analysing the activities of you and your team.

We may disclose information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy. Personal information is only supplied to a third party when it is required for the delivery of our services.

For research and development

We are always looking for ways to make our products smarter, faster, secure, integrated, and useful.  We use information and collective learnings (including feedback) about how people use our products to improve our products and services. We also test and analyse certain new features with some users before rolling the feature out to all users. 

To communicate with you about the products and services

We use your contact information to send transactional communications via email and within our products. For example, we may send a monthly email providing updates to the products, and tips on how to leverage new features.

To market, promote and drive engagement with our products and services

We use your contact information and information about how you use the products to send promotional communications that may be of specific interest to you, including by email and directly over the phone. Contact or your Business Success contact if you want to opt out of these communications.

Customer support

We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyse crash information, and to repair and improve our product and services. Where you give us express permission to do so, we share information with a third-party expert for the purpose of responding to support-related requests.

For safety and security

To ensure the security and integrity of our products and services, we may use information about you and your product usage to verify accounts and activity, detect and prevent potential or actual security incidents, and monitor and protect against other malicious, deceptive, fraudulent, or illegal activity. This may include violations of our policies. We take these measures to ensure the safety and security of our products and services for all users.

To protect our legitimate business interests and legal rights

In certain situations, we may use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures related to the acquisition, merger, or sale of a business. This may be necessary to protect our legal rights, interests, and the interests of others, as required by law. We take care to ensure that any use of your information in these circumstances follows all relevant laws and regulations.

With your consent

With your consent, we may use information about you for purposes not listed above. For example, we may ask for your permission to publish testimonials or feature you in customer stories to promote our services. We will only use your information for these purposes if you have provided us with explicit consent to do so.

How we store and secure information we collect

We use industry standard technical and organisational measures to secure the information we store from unauthorised access, use, or disclosure.

Only authorised employees and contractors who need access to your personal information in order to perform their job duties are granted access to your personal information.

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

How to access and control your information

You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth). A small administrative fee may be payable for the provision of information. If you would like a copy of the information, which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at

We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act.

When you visit our website

When you come to our website (, we may collect certain information such as browser type, operating system, and the website visited immediately before coming to our site. We use this information in an aggregated manner to analyse how people use our site, so that we can improve our service.

We may use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. You can choose to reject cookies by changing your browser settings. Our website may use cookies to analyse website traffic and help us provide a better website visitor experience.

Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or approval of these websites. Please be aware that Retrospect Labs Pty Ltd is not responsible for the privacy practices of other websites.

Complaints about privacy

If you have any complaints about our privacy practices, please feel free to send in details of your complaints to We take complaints very seriously and will respond shortly after receiving written notice of your complaint.

Changes to Privacy Policy

Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.