Confidentiality Policy

SigmaSync treats the following as strictly confidential:

• Your identity as a client — your name, business name, and the fact that you engaged with us
• The details of your business — financials, structure, team, challenges, and any information shared in the course of the engagement
• The scope and nature of the engagement — what program or service you're on, what we worked on, and for how long
• Outcomes and results — what changed, what improved, what didn't
• All communications — calls, messages, documents, worksheets, and portal activity

We do not publish case studies. We do not share testimonials without explicit written consent. We do not use client outcomes as marketing material — not even in anonymised form.

Access to your information is limited to the SigmaSync practitioners directly involved in your engagement. It is not shared with other consultants, contractors, or third parties except where required by law.

If a third-party tool or platform is used (for example, for document storage or communication), it is governed by a data processing agreement. No client data is processed through tools that store or use it for purposes beyond the engagement.

Client information is stored in an encrypted, access-controlled portal. Access requires authentication and is limited to the practitioners assigned to your engagement. Physical documents, where applicable, are stored securely and not left accessible to unauthorised parties.

Client records are retained for the duration of the engagement and for seven years following the conclusion of the engagement, in compliance with Australian record-keeping requirements under the Corporations Act 2001 and the Privacy Act 1988.

After this period, records are securely deleted or anonymised. You may request earlier deletion of your personal information where this does not conflict with legal obligations — see the contact section below.

“No Kiss and Tell” is not a slogan. It is the operating principle behind every engagement. It exists because in most service industries, being seen to need business help is read as weakness by peers — and as a warning sign by clients. Discretion is not a feature. It is the foundation that makes honest, effective work possible.

In practice this means: we will never reference your business in public, in presentations, in proposals to other clients, or in conversations with third parties. We will never confirm or deny whether you are or were a client. We will never use your situation as an illustrative example — even without naming you.

Under the Australian Privacy Act 1988, you have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information (subject to legal retention obligations)
• Raise a complaint about how your information has been handled

If you have a question or concern about how your information is being handled, contact us directly:

info@sigmasync.com.au

We will acknowledge your enquiry within two business days and respond substantively within ten business days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).