Skip to content

Palo Alto PAN-OS Critical RCE Vulnerability CVE-2026-0300
1300 24 Cyber
Get in touch
Search icon
Get in touch

Customer Privacy Policy

Last update: May 2026

Triskele Labs is an Australian-owned and operated cyber security company. Our customers trust us to detect and respond to threats inside their environments, and that work depends on us handling their data with care and discipline.

This statement summarises how we handle the data of our customers. Our practices are governed by the Triskele Labs Information Security Management System, which is independently certified to ISO 27001 and ISO 20000.

This statement covers customer data only. Personal information we collect from website visitors, applicants, and employees is covered by our separate Privacy Policy.

What we hold

In the course of delivering our services, we hold the data required to detect and respond to threats in your environment, to manage our engagement with you, and to produce the reports and records you have engaged us to provide. We do not collect or hold customer data beyond what is required to deliver the services contracted with you.

Where is it stored

Customer data is held in Australia. We do not store, replicate, or transfer customer data offshore. The platforms and environments we use are subject to contractual residency commitments, the Triskele Labs Information Security Management System, and recognised industry certifications.

Who can access it

Access to customer data is restricted to Triskele Labs personnel who require it to deliver the contracted service. Specifically:

All personnel with access to customer data are based in Australia.

  • All personnel are background-checked, with additional vetting where required for specific engagements.
  • There is no offshore Security Operations Centre and no offshore reach-back into our delivery workflow.
  • Access is granted on the principles of least privilege and need-to-know, with role-based controls, just-in-time elevation, and full session logging.
  • Each customer environment is logically segregated, and access is auditable.
How it is protected

Customer data is protected in line with our Information Security Policy and the controls maintained within our certified Information Security Management System. This includes encryption of data at rest and in transit, controlled cryptographic key management, recurring access reviews, and ongoing monitoring of the environments in which customer data resides.

How long we keep it

Retention periods for customer data are agreed with you in your contract and recorded in your service schedule. Default retention positions are aligned to common Australian regulatory and sector obligations and are adjustable to your specific requirements.

At the end of your contract, your data is destroyed in line with the terms of our agreement. A certificate of destruction is available on request.

Sub-processors

Where we engage third parties to support service delivery, those third parties are bound by contractual obligations consistent with this statement and our Information Security Policy. The current sub-processor list is provided to customers on contract execution and is available on request.

Data breach notification

Triskele Labs is a notifiable entity under the Privacy Act 1988 (Cth) and the Notifiable Data Breaches scheme. In the event of a confirmed data breach involving your data, we will notify you in line with the obligations set out in our agreement with you.

Your rights as a Triskele Labs customer

As a Triskele Labs customer, you can at any time request:

  • A copy of our Customer Data Handling Policy and our Information Security Policy.
  • A current sub-processor list.
  • Copies of our ISO 27001 and ISO 20000 certificates of registration.
  • Confirmation of how your data is handled under your specific engagement.
  • Destruction of your data at the end of contract and a certificate of destruction.

Further detail beyond what is set out in this statement is available to customers and prospective customers under appropriate non-disclosure terms.

Contact

Questions about this statement, or about how we handle customer data, should be directed to your Triskele Labs account contact, or to security@triskelelabs.com.