Privacy Policy
HIT Pacific Broadband — IEISI.ORG PTY LTD (ACN 695 032 314)
1. Who we are
HIT Pacific Broadband is a brand of IEISI.ORG PTY LTD (ACN 695 032 314), a Carriage Service Provider registered in Queensland, Australia. We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).
Privacy enquiries and complaints: hello@hitpacific.com.au
2. What personal information we collect
We collect only what is necessary to provide and bill for your service:
- Identity: first name, last name, date of birth
- Contact: email address, mobile number
- Service address: street address, suburb, state, postcode
- Business details (optional): business name, ABN — only if you are signing up as a business customer
- Technical identifiers: IP address, browser user agent — recorded at the time you acknowledge your Critical Information Summary and when OTP verification is completed
- Service data: your NBN service identifiers (AVC ID, NTD ID, wholesale service ID), plan, billing cycle, activation date
- Correspondence: emails and messages you send to us
We do not collect credit card numbers, bank account numbers, or other payment credentials. These are collected and held directly by our payment processors (see Section 6).
3. How we collect your information
We collect your information directly from you when you:
- Sign up for a service at hitpacific.com.au
- Contact us by email or other means
- Use our website (IP address, browser information via server logs and cookies)
We also receive information from NBN Co and our wholesale carrier in the course of qualifying and provisioning your service — for example, your address serviceability status and NTD details.
4. Why we collect it and how we use it
We use your personal information to:
- Verify your identity and eligibility for service
- Qualify your address for NBN service and determine available plans
- Place and manage your service order with our wholesale carrier
- Issue invoices and collect payment
- Send you service-related communications (order confirmation, welcome letter, invoices, outage notifications, support responses)
- Respond to complaints and enquiries
- Meet our legal and regulatory obligations as a Carriage Service Provider
- Measure the effectiveness of our advertising (see Section 9)
We do not use your personal information for any purpose that is not directly related to providing or improving our service to you.
5. We do not sell your data
We will never sell, rent, or trade your personal information to any third party for their own commercial purposes. Disclosures to third parties (Section 6) are solely for the purpose of delivering your service.
6. Third-party disclosures
To deliver your service, we share personal information with the following third parties. Each operates under its own privacy policy and applicable law.
Leaptel (wholesale carrier) — We transmit your name, service address, and contact details to Leaptel when placing your service order and for ongoing service management. Leaptel processes this data in Australia.
NBN Co (network operator) — Your service address and NBN connection identifiers (AVC ID, NTD ID) are passed to NBN Co by our wholesale carrier in the course of provisioning and maintaining your NBN service. HIT Pacific does not transmit data directly to NBN Co; this disclosure occurs through our wholesale carrier. NBN Co's privacy policy is at nbnco.com.au/privacy-policy.
Stripe (payment processing) — We pass your name and email address to Stripe to process payments. Stripe collects and stores your payment method details directly. We do not receive or store your card or bank account numbers. Stripe's privacy policy is at stripe.com/au/privacy.
GoCardless (payment processing) — Where you choose direct debit via GoCardless, your name and bank account details are held by GoCardless. GoCardless's privacy policy is at gocardless.com/legal/privacy.
Xero (billing and accounting) — Your name, email address, service address, ABN (if provided), and invoice data are held in Xero for billing and accounting purposes. Xero's privacy policy is at xero.com/au/legal/privacy.
Twilio (SMS delivery) — Your mobile number is passed to Twilio to deliver one-time verification codes during sign-up. Twilio does not retain your number beyond message delivery. Twilio's privacy policy is at twilio.com/en-us/legal/privacy.
Cloudflare (hosting, security, and data storage) — All traffic to hitpacific.com.au is routed through Cloudflare's network. Your account and service data — including sign-up sessions, service records, and support history — is stored in Cloudflare's D1 database platform. Cloudflare also processes connection metadata (IP address, request headers) for security and performance. Data centres may be within or outside Australia. Cloudflare's privacy policy is at cloudflare.com/privacypolicy.
Google Cloud Platform (phone support infrastructure) — Our support phone system operates on Google Cloud Platform (GCP) infrastructure in the Australia (Sydney) region. Call metadata — including your phone number, call duration, and timestamps — may be logged on GCP for support quality and record-keeping purposes. Google's privacy policy is at policies.google.com/privacy.
Anthropic (AI processing) — When you contact us by email, WhatsApp, or Facebook Messenger, your inbound message — including your name, email address or phone number (as applicable), and the content of your message — is transmitted to Anthropic's API for the purpose of classifying your enquiry and drafting an initial response. Anthropic processes this data in the United States under its privacy policy at anthropic.com/legal/privacy. Anthropic does not use customer data submitted via the API to train its models. Your account records, billing information, and service data held in our systems are not transmitted to Anthropic.
Meta (Facebook) — We use Meta's Conversions API for advertising measurement. When you use our address checker or sign-up flow, a pseudonymised event is sent to Meta containing your IP address, browser user agent, and (where available) your email address in SHA-256 hashed form — not in plain text. This is used to measure how well our advertising reaches people who become customers. No plain-text personal information is transmitted to Meta. Meta's data policy is at facebook.com/privacy/policy.
7. Storage and security
Your personal information is stored across two platforms:
- Cloudflare D1 — account data, sign-up sessions, service records, and support history. Data centres may be within or outside Australia. Cloudflare maintains ISO 27001 certification.
- Google Cloud Platform (Sydney region) — phone system call logs and metadata. Data is stored in Australia. GCP maintains ISO 27001 certification and SOC 2 Type II compliance.
Billing and invoice data is additionally held by Xero (see Section 6). Payment credentials are held solely by Stripe or GoCardless and are never stored by HIT Pacific.
We take reasonable steps to protect your information from misuse, loss, unauthorised access, modification, or disclosure. These include access controls, encrypted connections (HTTPS), and limiting access to personal data to personnel who need it to perform their role.
No internet-based system is completely secure. If you have concerns about the security of information you have provided, contact us at hello@hitpacific.com.au.
8. Data retention
We retain your personal information for as long as necessary to provide your service and meet our legal obligations:
- Active customers: for the duration of your service
- Former customers: for a minimum of 7 years after your service ends, to comply with financial record-keeping obligations under the Corporations Act 2001 and tax law
- Sign-up sessions that did not convert: up to 24 hours, then purged automatically
- Support correspondence: retained for a minimum of 2 years after the matter is resolved
Where retention beyond these periods is required by law or regulation, we will retain the data for that required period only.
9. Law enforcement and regulatory obligations
As a Carriage Service Provider, we are subject to the Telecommunications (Interception and Access) Act 1979 (Cth), which imposes obligations around lawful interception and data retention on certain telecommunications providers.
In our current operating model (wholesale resale), these obligations — including the Interception Capability Plan (ICP) and Data Retention Implementation Plan (DRIP) — are the responsibility of our wholesale carrier as the network operator. We rely on our wholesale carrier to meet these obligations on our behalf at this stage of our operations.
We may be required by law to disclose your personal information to law enforcement agencies, government authorities, or courts in response to a lawful warrant, court order, or other legal process. We will not disclose personal information to any authority without a lawful basis for doing so. Where we are legally permitted to notify you that a disclosure has occurred, we will do so.
10. Website analytics and advertising measurement
Our website uses cookies and tracking tools for the following purposes. Third-party scripts are loaded via Cloudflare Zaraz, which manages them server-side to reduce client-side data exposure.
- Functional cookies: session management for the sign-up flow. These are essential and cannot be disabled without breaking the service.
- Google Analytics 4 (GA4): We use GA4 to understand how visitors use our website — pages visited, time on site, referral source, and general geographic region. GA4 collects pseudonymised identifiers (a client ID stored in a cookie) and IP addresses, which Google truncates before storage. Google's privacy policy is at policies.google.com/privacy. You can opt out of GA4 tracking using the Google Analytics opt-out browser add-on.
- Google Search Console: We use Google Search Console to monitor how our website appears in Google Search results — including search queries that lead to our site, page rankings, and indexing status. Search Console provides aggregated, non-personal data about search performance. It is linked to our GA4 property, giving Google a combined view of search and on-site behaviour at an aggregate level. Individual visitor data is not shared with us through Search Console.
- Advertising measurement (Meta): Meta's Conversions API and the Meta Pixel measure whether people who see our advertising go on to become customers. Data sent to Meta is pseudonymised — email addresses are SHA-256 hashed before transmission; IP addresses and browser user agents are also included. No plain-text personal information is sent. See Section 6 for detail.
11. Your rights
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Correct personal information that is inaccurate, out of date, incomplete, or misleading
- Complain about how we have handled your personal information
To exercise any of these rights, contact us at hello@hitpacific.com.au with your account number and a description of your request. We will respond within 30 days.
There is no charge for making an access or correction request. In some limited circumstances the APPs permit us to decline a request — if we do, we will tell you why.
12. Notifiable Data Breaches
We are subject to the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. If a data breach occurs that is likely to result in serious harm to any individual whose information is involved, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.
13. Privacy complaints
Step 1 — Contact us. Email hello@hitpacific.com.au with a description of your concern. We will acknowledge within 5 business days and aim to resolve within 30 days.
Step 2 — OAIC. If we cannot resolve your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner:
- Website: oaic.gov.au
- Phone: 1300 363 992
14. Changes to this policy
We may update this policy from time to time. Material changes will be notified to current customers by email. The current version is always published at hitpacific.com.au/privacy with its effective date.
15. Contact
Privacy Officer
HIT Pacific Broadband — IEISI.ORG PTY LTD (ACN 695 032 314)
Email: hello@hitpacific.com.au