EssentialScore (Essential Eight)·CISScore (CIS Controls)·PrivacyScore (Privacy Act)·CyberInsureReady (Cyber Insurance)

Privacy Policy

Last updated: February 2026

The short version

  • ✅ The free assessment runs entirely in your browser — your answers never reach our servers
  • ✅ We don't require your business name, ever
  • ✅ We don't sell your data. We never will.
  • ✅ We're hosted entirely in Australia
  • ✅ You can delete everything with one request

Who we are

EssentialScore (essentialscore.com.au) is an Australian cybersecurity assessment tool designed to help SMBs understand and improve their security posture against the ACSC Essential Eight framework.

Free tier — what we collect

Nothing identifiable. Your assessment runs entirely in your browser using localStorage. Your answers, scores, and results never leave your device. We cannot see them.

We collect anonymous, aggregated analytics (page views, general traffic) via privacy-respecting tools with no personal identifiers.

Paid tier — what we collect

When you purchase a report or Pro subscription, we collect:

  • Email address — to deliver your report and manage your account
  • Industry and staff count — to tailor your policies (no business name required)
  • Assessment answers — sent to our server only to generate your policies, with your explicit consent
  • Payment information — processed by Stripe (we never see your card details)

How we use your data

  • Generating your security policies and PDF report
  • Sending your report and account emails
  • Improving the assessment questions and scoring algorithm
  • Nothing else

Policy generation

Your assessment answers are sent to a third-party content generation service to produce your policies. That service does not use your inputs for model training. Your data is not retained by that service beyond the request.

Data residency

All servers and data storage are located in Australia. Your data does not leave Australia.

Data retention

  • Generated policies are retained for 90 days after creation, then deleted
  • Account data is retained until you delete your account
  • Inactive accounts are automatically deleted after 12 months

Your rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your data

To exercise these rights, email us at privacy@essentialscore.com.au

Contact

Questions about this policy? Email privacy@essentialscore.com.au