At Annature, we believe privacy is a right — not a feature. We are committed to safeguarding personal information and maintaining compliance with both Australian and international privacy frameworks. Our systems, policies, and people are aligned to ensure data is handled responsibly, transparently, and securely.
Privacy leadership & Frameworks
Annature’s privacy program is led by our CEO, Corey Cacic, who serves as our designated Privacy Officer. We operate in alignment with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and meet applicable obligations under the General Data Protection Regulation (GDPR).
Our Privacy Policy outlines how we collect, use, and manage personal information, and we encourage all users to review it for full transparency.
Data we collect
Annature collects only the personal information necessary to deliver secure digital signing and identity verification services. This may include
- Full name, email address, and IP address
- Signed documents, metadata, and audit trails
- Identity verification information, including tax file numbers, driver’s licence details, and biometric scans (e.g. facial recognition during ID checks)
- Usage and performance metadata to support operational needs
All information is handled in accordance with strict privacy and data classification controls. We never use personal data for unrelated business purposes.
Data use, access & control
We only use customer data to provide our core services — digital signing and identity verification. To improve performance and reliability, we may analyse redacted or aggregated data, but never in a way that identifies individuals
Customers retain control of their data:
- Account holders can access, update, or delete personal information via their dashboard
- Any data not directly editable may be requested through our support channels
- Customers can optionally enable a data retention policy to automatically purge specific data types after a defined retention period
By default, no data is automatically deleted. Account deletion and data erasure requests are processed securely under our ISO-aligned data handling policies.
Data residency & Transfers
All personal and document data managed by Annature is stored exclusively within Australia, using Amazon Web Services (AWS) infrastructure in the ap-southeast-2 (Sydney) region. We do not replicate or permanently store personal data outside Australia.
However, like most modern cloud platforms, some operational processes — such as email delivery, SMS notifications, document rendering, or identity verification — may involve the temporary transfer of limited data to secure third-party subprocessors. These include trusted providers like Microsoft, Mandrill, Twilio, and Mindee, which may process content or metadata as part of their function.
These interactions are strictly scoped, encrypted in transit, and governed by robust vendor agreements. No data is shared beyond the technical requirements of delivering our core services. At no point is your data stored offshore — all document and personal data remains housed in Australia under Annature’s control.
We maintain full transparency around the sub processors we use and the nature of data they handle. You can review our Sub processors for more details.
Logging & Notifications
All access to personal data — whether through internal dashboards or AWS administrative tooling — is logged, monitored, and role-restricted. We enforce a strict least-privilege access policy.
In the unlikely event of a data breach, Annature follows its formal Data Breach Notification Policy, available on our Policies page, and will notify affected customers promptly and transparently, in line with the Notifiable Data Breaches (NDB) scheme.