Last reviewed: 16 July 2026
This notice applies specifically to information submitted through the FIRCY Sense trial application form. It explains how FIRCY handles that information and should be read before you submit an application.
Who we are
FIRCY provides the FIRCY Sense cyber deception and active defence platform. For questions about this notice or our handling of your personal information, contact us using the details on the contact page.
What we collect
The form asks for:
- your organisation’s name;
- the primary contact’s name, organisational email address and phone number;
- unique keywords relevant to the proposed trial; and
- domain names owned or controlled by the organisation.
We also create a submission reference and record the submission time. Cloudflare may process limited network and security information, such as your IP address, browser characteristics and the result of its Turnstile security check, to deliver the form and prevent abuse. FIRCY does not include your IP address, user agent, Turnstile token or hidden anti-spam field in the queued trial application.
Do not submit passwords, API keys, authentication tokens, private infrastructure details, security findings, customer data, health information or other sensitive information through this form.
Why we collect it
We use the information to:
- assess whether a FIRCY Sense trial is suitable for your organisation;
- contact you about the application and plan a possible trial;
- understand the public-facing scope and security workflows relevant to the proposed trial;
- protect the form and FIRCY’s services from spam, fraud and misuse; and
- comply with applicable legal obligations and resolve disputes.
We do not use trial application information for unrelated third-party advertising.
If you do not provide the information
The marked fields are needed to assess and respond to a trial application. The form accepts official organisational email addresses only. If you do not provide the required information, FIRCY will not be able to accept the application through this form. You can contact FIRCY separately if you need an accessible alternative.
How we collect and handle it
We collect the information directly from you when you submit the form. The form sends an encrypted request to our system, which validates the submission and places the accepted application in a restricted system. Automated checks may reject malformed, suspicious, high-volume or consumer-email submissions, but they do not make decisions about your eligibility for a trial.
Who may receive it
Access is limited to FIRCY personnel and contractors who need the information to assess or support the application. We may also disclose it to:
- Cloudflare, which provides form delivery, security verification, abuse prevention, Worker and Queue services on FIRCY’s instructions;
- service providers that FIRCY later uses to process applications, such as an approved customer relationship, ticketing or email system, subject to appropriate access and data-handling controls; and
- regulators, courts, law enforcement or other parties where disclosure is required or authorised by law.
FIRCY does not sell trial application information.
Overseas processing
Cloudflare operates a global network and may process or store information outside Australia, including in the United States and other locations where Cloudflare and its service providers operate. The location used for later application processing will depend on the approved systems FIRCY connects to the queue. FIRCY will review those systems and apply appropriate contractual, access and security controls before using them.
Security
FIRCY uses layered technical and organisational safeguards, including encryption in transit, bot verification, request and field validation, rate limiting, restricted Cloudflare bindings, minimal queue messages and access controls. No internet transmission or storage system can be guaranteed completely secure.
Retention and deletion
The Cloudflare Queue is a short-lived processing buffer, not permanent lead storage. An unprocessed message remains there for no longer than the queue’s configured retention period, which is capped at 14 days. After processing, FIRCY retains application information only for as long as it is reasonably needed to assess the application, communicate with you, manage any resulting business relationship, meet legal obligations or resolve disputes. When the information is no longer required, FIRCY will delete or de-identify it where reasonably practicable.
Access and correction
You may ask for access to personal information FIRCY holds about you or ask us to correct it. Contact us using the details on the contact page and describe the information and request. FIRCY may need to verify your identity before responding. If an exception prevents access or correction, FIRCY will explain the reason where required by law.
Privacy complaints
To make a privacy complaint, contact us using the details on the contact page and include enough information for FIRCY to investigate. We will acknowledge and investigate the complaint and explain the outcome. If you are not satisfied, you may contact the Office of the Australian Information Commissioner.
Changes to this notice
FIRCY may update this notice when the form, processing systems or legal requirements change. The latest version will show its review date on this page.