Privacy Policy

Effective date: March 6, 2026  ·  Last updated: March 24, 2026

Overview

Corvat ("we," "us," or "our") is an online exposure reporting service. We help individuals understand what personal information about them is publicly available online — so you can take back control of your digital footprint.

This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using our website or services, you agree to this policy.

Corvat Security is bound by the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). This policy has been written to comply with those obligations. Our service is available to individuals aged 18 and over only, and reports are generated solely about the person making the request — never about third parties.

Your personal report data is deleted within 30 days of delivery. We never sell or share your information with third-party marketers — ever.

What We Collect

We collect only the information reasonably necessary to generate and deliver your personal exposure report, in accordance with APP 3 of the Australian Privacy Act 1988. All information is collected by lawful and fair means, as required by APP 3.5. This includes:

  • Identity information you provide to initiate a report — such as your name and an email address for report delivery.
  • Payment information processed securely through our third-party payment processor (Stripe). We never store full card numbers or payment credentials on our servers.
  • Usage data collected automatically when you visit our site, including IP address, browser type, referring URL, and pages visited — used solely for security and analytics.
  • Communications you send us via email or contact forms, retained only to respond to your inquiry.

In generating your report, we also collect publicly available information about you from publicly accessible online sources — such as data broker sites, people-search databases, social media profiles, and public records. This collection is reasonably necessary for our core function of producing your exposure report (APP 3.2). Because it is by definition unreasonable or impracticable to collect a record of your own publicly accessible internet footprint directly from you, we collect this information from third-party public sources as permitted under APP 3.6.

Publicly available sources may occasionally contain sensitive information as defined under the Privacy Act — such as health information, racial or ethnic origin, political opinions, religious beliefs, or sexual orientation. Because Corvat only generates reports about the person making the request, you are always the subject of your own report. By ticking the confirmation checkbox at checkout — confirming that the report is about you — you provide express consent to the collection of any such sensitive information that appears in publicly accessible sources, solely for the purpose of compiling and delivering your report (APP 3.3). This information is used only to demonstrate your exposure, is not stored beyond the report delivery period, and is never profiled or used for any other purpose.

How We Use Your Information

We use your information only for the primary purpose for which it was collected, or a directly related secondary purpose, in accordance with APP 6 of the Australian Privacy Act 1988. Specifically:

  • To generate your personal online exposure report.
  • To deliver your report via email or our secure platform.
  • To process your payment and manage your account.
  • To respond to customer support requests.
  • To maintain security and prevent fraud.
  • To improve our service through anonymized, aggregated analytics.

We do not use your personal information for advertising, profiling, or any purpose unrelated to providing your report.

Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

  • Service providers: Trusted vendors (e.g., Stripe for payments, cloud hosting providers) who process data on our behalf under strict data processing agreements.
  • Legal compliance: If required by law, court order, or government authority, we may disclose information as legally compelled.
  • Safety enforcement: If we reasonably suspect a user is misusing our service to stalk, harass, intimidate, or harm another individual, we reserve the right to cancel their order, issue a full refund, revoke access to any report, and share relevant information with law enforcement or other appropriate authorities.
  • Business transfer: In the event of a merger or acquisition, your information may be transferred — subject to the same privacy protections described here.
We will never sell your data to data brokers, advertisers, or any third party for commercial purposes.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purpose for which it was collected.

  • Report input data (name, email) is deleted within 30 days of report delivery.
  • Payment records are retained for up to 7 years for legal and accounting compliance.
  • Support communications are retained for 12 months then deleted.
  • Anonymized analytics data may be retained indefinitely.

Security

We take the protection of your data seriously. Our security practices include:

  • TLS/HTTPS encryption for all data in transit.
  • Encryption at rest for all stored personal data.
  • Access controls limiting data access to authorized personnel only.
  • Regular security reviews and vulnerability assessments.

No system can guarantee 100% security. If you believe your information has been compromised, please contact us immediately at [email protected].

Your Rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the following rights regarding your personal data held by Corvat Security:

  • Access (APP 12): Request a copy of the personal data we hold about you. We will respond within 30 days. We may decline access only in circumstances permitted by the Privacy Act.
  • Correction (APP 13): Request correction of personal data we hold that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will take reasonable steps to correct it within 30 days.
  • Deletion: Request deletion of your personal data where it is no longer required for the purpose for which it was collected, subject to our legal retention obligations.
  • Complaints: Lodge a complaint with us if you believe we have breached the Australian Privacy Principles. We will acknowledge your complaint within 5 business days and respond substantively within 30 days.

To exercise any of these rights, email us at [email protected] with the subject line "Privacy Request".

If you are not satisfied with our response to a complaint, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

Cookies & Tracking

We use a minimal number of cookies strictly necessary for the site to function (e.g., session management). We do not use advertising cookies or third-party tracking pixels.

You can disable cookies in your browser settings. Doing so may affect some functionality of our site, but will not prevent you from accessing your report.

Children's Privacy

Our service is strictly limited to individuals aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18, and we do not generate reports about individuals who are minors. If we become aware that a person under 18 has submitted a request or provided personal information, we will delete that information immediately and cancel any associated order with a full refund.

If you believe a minor has used our service, please contact us immediately at [email protected].

Notice of Collection (APP 5)

In accordance with Australian Privacy Principle 5, we notify you of the following at or before the time we collect your personal information:

  • Who we are: Corvat Security, an online exposure reporting service operating under Australian law.
  • What we collect: Name, email address, payment details, and usage data you provide — plus publicly available information about you gathered from online sources to compile your report. Corvat only generates reports about the person making the request. Where publicly available sources contain sensitive information, your checkout confirmation that the report is about you constitutes express consent to its collection for that purpose only (APP 3.3).
  • Why we collect from third-party sources: It is by nature unreasonable or impracticable to collect a record of your publicly accessible internet footprint directly from you. We therefore collect this information from public third-party sources as permitted under APP 3.6.
  • Why we collect it: To generate and deliver your personal online exposure report, process payment, and provide customer support.
  • Who we may share it with: Only trusted service providers (e.g., Stripe, cloud hosting) under data processing agreements, or as required by law. We never sell your data.
  • Overseas disclosure: Some service providers (including Stripe and cloud infrastructure providers) may store or process data outside Australia. We take reasonable steps to ensure they handle your data consistently with the Australian Privacy Principles.
  • How to access or correct your information: By contacting us at [email protected].
  • How to complain: See the Your Rights section below, or contact the OAIC at oaic.gov.au.

Contact Us

If you have questions or concerns about this Privacy Policy, please reach out:

We are committed to resolving any concerns promptly and transparently.

Terms of Service

Effective date: March 6, 2026  ·  Last updated: March 24, 2026

Overview

These Terms of Service ("Terms") govern your use of the Corvat website and services. By accessing or using Corvat, you agree to be bound by these Terms. Please read them carefully.

If you do not agree to these Terms, do not use our service.

Corvat provides personal online exposure reports for informational purposes. Reports describe what is publicly findable about you — they do not constitute legal, security, or professional advice.

Eligibility

You must be at least 18 years old to use Corvat. Corvat generates reports about the person making the request only. We do not accept requests for reports about third parties under any circumstances.

Before completing a purchase, you are required to confirm both of the following by ticking the corresponding checkboxes at checkout:

  • That the report being requested is about you — the person submitting the request.
  • That you are 18 years of age or older.

These confirmations are recorded at the time of purchase and form part of your agreement to these Terms. By making these confirmations, you also represent that you have the legal capacity to enter into a binding agreement. Providing a false confirmation is a material breach of these Terms, voids any obligation on Corvat's part, and may result in immediate cancellation of your order without refund.

Our Service

Corvat scans publicly available online sources to compile a report of what information about you is accessible on the internet. Reports are generated solely about the individual who purchases and submits the request. This includes, but is not limited to, data broker sites, social media profiles, public records, and people-search databases.

  • Reports are delivered within approximately 24 hours of purchase.
  • Report content reflects publicly available information at the time of the scan — results may change over time.
  • We do not guarantee the completeness or accuracy of third-party data sources.
  • Corvat does not remove your data from external sources — reports are informational only.

Acceptable Use

You agree not to use Corvat for any unlawful or prohibited purpose. Prohibited uses include:

  • Using reports to stalk, harass, intimidate, or harm any individual.
  • Using reports for employment screening, tenant screening, credit decisions, or any purpose regulated by the Australian Privacy Act 1988 or, where applicable, the Fair Credit Reporting Act (FCRA).
  • Requesting a report about any person other than yourself.
  • Providing false confirmations at checkout, including falsely stating that the report is about you or that you are 18 or over.
  • Reselling, redistributing, or publicly publishing report contents.
  • Attempting to reverse-engineer, scrape, or exploit our platform.
Violation of these terms may result in immediate account termination and, where applicable, referral to law enforcement. If we reasonably suspect that a purchase was made with the intent to stalk, harass, intimidate, or harm another individual, we reserve the right to cancel the order and issue a full refund — and to report the activity to the relevant authorities.

Payment & Refunds

All payments are processed securely through Stripe. Prices are listed in USD and are subject to change with reasonable notice.

  • One-time reports: Payment is due at time of purchase. Reports are non-refundable once generation has begun, unless we suspect a violation of our terms of service.
  • Refund requests: If you believe you were charged in error, contact [email protected] within 7 days of the charge.
  • Safety-related refunds: We reserve the right to cancel any order and issue a full refund, at our sole discretion, if we reasonably believe the service is being used — or was purchased with the intent — to stalk, harass, intimidate, coerce, or otherwise harm any individual. In such cases, access to any report will be revoked immediately.

Intellectual Property

All content, design, code, and branding on the Corvat platform — including the Corvat name, logo, and report format — are the intellectual property of Corvat Security and protected by applicable copyright and trademark laws.

You may not copy, reproduce, or use any of our proprietary content without express written permission.

Your report is licensed to you for personal use only and may not be redistributed or commercially exploited.

Disclaimers

Corvat is provided "as is" and "as available" without warranties of any kind, express or implied. We do not warrant that:

  • Reports will be complete, error-free, or up-to-date at all times.
  • The service will be uninterrupted or free from technical issues.
  • All publicly available data sources will be covered in every report.

Reports are for informational purposes only and do not constitute legal, financial, or professional advice.

Limitation of Liability

To the maximum extent permitted by law, Corvat shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the service, including but not limited to loss of data, revenue, or reputation.

In no event shall Corvat's total liability to you exceed the amount you paid for the service in the 12 months preceding the claim.

Termination

We reserve the right to suspend or terminate your access to Corvat at any time, with or without notice, if we believe you have violated these Terms or pose a risk to other users or our platform.

You may stop using Corvat at any time. Sections relating to intellectual property, disclaimers, limitation of liability, and governing law survive any termination.

Changes to These Terms

We may update these Terms from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide reasonable notice via email or a prominent notice on our website.

Your continued use of Corvat after changes take effect constitutes acceptance of the revised Terms.

Contact Us

Questions about these Terms? We're here to help.

These Terms are governed by the laws of the State of South Australia, Australia, without regard to conflict of law principles. Where applicable, the parties also acknowledge obligations under the Australian Privacy Act 1988 (Cth).