Website Policies

Privacy Policy · Terms of Service · Acceptable Use Policy · Cookie Policy

One combined document covering everything you need to know about using kevos.com (the "Site") and our services, including subscribing to our content.

Effective date: Jan 2026 Last updated: April 2026 Operator: KEVOS® ("KEVOS", "we", "us", "our") Contact: admin@kevos.com Site: https://kevos.com

A quick summary in plain English (the legal text below still applies — but here's the gist):We're an Australian sustainable‑home content publisher. We share articles, guides, and case studies.You can read everything for free. If you give us your email, we'll send our articles to your inbox. You can unsubscribe at any time with one click.We don't sell your personal information. Ever.We use a small number of cookies (mostly to make the site work and to understand which articles people read). You can control these.Our content is educational. It's not a substitute for professional architectural, engineering, building, legal or financial advice.We respect Australian privacy law, the EU/UK GDPR, the California CCPA/CPRA, and equivalent laws in other US states. Specific rights for each region are spelled out below.Questions, complaints, or requests about your data? Email admin@kevos.com.

1. About KEVOS® and these policies

KEVOS® is an Australian publisher of educational content focused on sustainable home design, environmentally responsible building, energy and water efficiency, materials, renewable energy, and related topics. We publish articles, guides, case studies, and curated resources on our Site, and we offer an email newsletter so readers can receive our latest posts directly in their inbox.

This combined document brings together our Privacy Policy, our Terms of Service, our Cookie Policy, and our Acceptable Use Policy in one place so you don't have to chase information across multiple pages. Each Part below stands on its own and forms a binding agreement between you and KEVOS® where applicable.

We have written this document to comply with — at minimum — the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"); the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") and the UK GDPR and Data Protection Act 2018; the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"); and the comprehensive consumer privacy laws of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida, Montana, Iowa, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Rhode Island, and any other US state with substantially similar legislation. Where a particular jurisdiction's law gives you stronger rights than what we describe in our general policy, that stronger right applies.

2. Definitions

For convenience, the following words have specific meanings throughout this document:

  • "You", "your", "user", "visitor" — any individual who accesses or uses the Site, subscribes to our newsletter, submits content, contacts us, or otherwise interacts with KEVOS®.
  • "Content" — text, images, photographs, illustrations, diagrams, audio, video, code, data, articles, guides, case studies, downloads, and any other material made available through the Site by KEVOS®.
  • "User Content" — any material you submit, post, upload, share, or otherwise transmit to or through the Site, including comments, reviews, photos, replies, and contact‑form messages.
  • "Personal Information" — has the meaning given in the Privacy Act 1988 (Cth) and is used here interchangeably with "personal data" as defined under the GDPR/UK GDPR and "personal information" as defined under the CCPA/CPRA. Broadly, it means information or an opinion about an identified or reasonably identifiable individual.
  • "Process" / "processing" — any operation performed on Personal Information, including collection, recording, organisation, storage, alteration, retrieval, use, disclosure, transmission, deletion, and destruction.
  • "Services" — the Site, the newsletter, downloadable resources, and any related services KEVOS® provides from time to time.

3. Acceptance of these policies

By accessing or using the Site, subscribing to our newsletter, submitting User Content, or otherwise engaging with our Services, you acknowledge that you have read, understood, and agree to be bound by this document. If you don't agree with any part of it, please don't use the Site or our Services.

If you are using the Site on behalf of an organisation (for example, your employer), you represent that you have authority to bind that organisation, and "you" includes that organisation.

You must be at least 16 years old (or the minimum age for valid consent to processing of personal data in your country, if higher) to subscribe to our newsletter or submit User Content. See Section 14 for more on children's privacy.

4. Terms of Service — using our Site and content

4.1 Permitted use

We grant you a limited, non‑exclusive, non‑transferable, revocable licence to access and view the Site for personal, non‑commercial purposes only. You may:

  • Read and view our Content on the Site.
  • Download or print one copy of an article for your personal, non‑commercial reference.
  • Share a link to one of our articles on social media or by email.
  • Quote a short, attributed extract from an article (with a link back to the source) for the purposes of news reporting, criticism, review, or research, in a manner consistent with the doctrine of fair dealing under the Copyright Act 1968 (Cth) or fair use under applicable foreign law.

4.2 Things you must not do

Without our prior written permission, you must not:

  • Modify, adapt, reproduce, republish, distribute, transmit, broadcast, sell, license, or otherwise commercially exploit the Site or its Content.
  • Create derivative works from, decompile, reverse‑engineer, or disassemble any software or material on the Site.
  • Remove or alter any copyright, trademark, attribution, or other proprietary notice.
  • "Mirror" any part of the Site on another server or hosting environment.
  • Use any automated system (including bots, spiders, scrapers, or AI training crawlers) to access, copy, index, or extract Content from the Site, except for legitimate search‑engine indexing in accordance with our robots.txt and meta directives.
  • Frame, embed, or otherwise present the Site or Content in a manner that obscures or misrepresents its source.
  • Use the Site or any Content to train, fine‑tune, or develop any machine‑learning model or generative AI system without our express written permission.
  • Use the Site or Content in any way that violates any applicable law or this document.

4.3 Account and contact details

You're responsible for the accuracy of the information you provide to us (for example, the email address you give us when subscribing). If your email address changes, please update us — we can't be held responsible for newsletters that bounce because we have an outdated address on file.

5. Educational content — important disclaimer

Our Content is general educational and informational material. It is not, and is not intended to be, professional advice — including (without limitation) architectural, engineering, structural, building, planning, surveying, environmental, legal, financial, taxation, energy‑rating, electrical, plumbing, or trade advice.

Sustainable building and home renovation involve complex technical, legal, regulatory, and safety considerations that vary by jurisdiction, climate zone, site conditions, building code, and personal circumstances. Information that is appropriate for one project may be unsuitable, unsafe, non‑compliant, or unlawful in another context.

Before acting on anything you read on this Site, you must independently verify the information with appropriately qualified professionals licensed in your jurisdiction. This includes — depending on the project — registered architects, structural engineers, licensed builders, electrical contractors, plumbers, building certifiers, energy assessors, town planners, and lawyers.

We make no representation or warranty that any technique, product, system, or material described on the Site is suitable for your project, will achieve a particular outcome (such as a specific energy rating, comfort level, or cost saving), or complies with the building code, planning rules, or safety standards applicable to your site. Any reliance you place on Content from the Site is at your own risk.

References to third‑party products, brands, suppliers, software, or service providers are for informational purposes only and do not constitute endorsement.

6. User‑generated content (comments, submissions)

6.1 Your ownership, our licence

You retain ownership of any User Content you submit. By submitting User Content, you grant KEVOS® a worldwide, non‑exclusive, royalty‑free, sub‑licensable, transferable licence to host, store, reproduce, modify, adapt, publish, translate, create derivative works from, communicate, perform, display, distribute, and otherwise use that User Content in connection with operating, promoting, and improving the Site and our Services, across any current or future media. This licence continues for as long as we use the User Content (for example, in articles or social posts) and survives the deletion of your User Content where we have already incorporated it into other material.

6.2 Your warranties

By submitting User Content, you represent and warrant that:

  • You own the User Content or have all rights, licences, consents, and permissions necessary to grant the licence in clause 6.1.
  • The User Content does not infringe any third‑party intellectual property right, privacy right, publicity right, or contractual obligation.
  • The User Content is not unlawful, defamatory, obscene, threatening, harassing, hateful, deceptive, or otherwise in breach of Section 7 below.
  • Where the User Content depicts identifiable people (other than yourself), you have those people's consent to submit it to us.
  • Where the User Content depicts a building, dwelling, or interior, you have the right of the property owner to do so.

6.3 Moderation

We may — but are not obliged to — review, edit, refuse, or remove any User Content at our discretion, with or without notice. We are not responsible for User Content submitted by other users.

6.4 Withdrawing content

You may request the removal of your User Content at any time by emailing admin@kevos.com. We will remove it from the Site within a reasonable time, except where we are required to retain it by law or where it has been incorporated into other works in a manner that makes removal impractical (in which case we will discontinue further use of those works as soon as commercially reasonable).

7. Acceptable Use Policy

This Acceptable Use Policy ("AUP") sets out activities that are prohibited on the Site. It exists to protect the Site, our community, and the wider internet from harmful, illegal, and unethical conduct.

7.1 You must not use the Site or our Services to

  • Send spam, unsolicited bulk messages, chain letters, or marketing communications of any kind.
  • Operate, host, or build mailing lists that are not "confirmed opt‑in".
  • Distribute, post, host, or transmit any material that:
    • is unlawful, defamatory, libellous, obscene, pornographic, indecent, or sexually explicit;
    • infringes any copyright, trademark, patent, trade secret, moral right, right of publicity, or other intellectual‑property right;
    • constitutes hate speech, incites violence, advocates terrorism, promotes self‑harm, or sexualises or endangers minors;
    • is fraudulent, deceptive, or misleading (including investment scams and phishing material);
    • contains personal information of another person obtained or shared without their consent;
    • is intended to harass, threaten, intimidate, stalk, or discriminate against any person or group.
  • Engage in unauthorised access to, or interference with, any account, server, network, computer system, or data — including hacking, cracking, phreaking, security probing, password cracking, vulnerability scanning, or social‑engineering attacks.
  • Introduce viruses, worms, trojans, ransomware, spyware, keyloggers, rootkits, or any other malicious code.
  • Conduct denial‑of‑service or distributed denial‑of‑service attacks, mail‑bombing, packet flooding, packet sniffing, packet spoofing, or similar disruptive activity.
  • Use the Site to facilitate, advertise, or carry out illegal gambling; the trafficking of narcotics, weapons, or persons; the financing of terrorism; the proliferation of weapons of mass destruction; the laundering of money; or any breach of sanctions or export‑control laws.
  • Impersonate KEVOS®, any KEVOS® employee or contractor, or any other person or organisation, or misrepresent your affiliation with anyone.
  • Misuse the KEVOS® brand, name, or trade marks (including the registered "KEVOS®" mark) or any of our Content to fraudulently obtain custom, sponsorship, advertising revenue, search‑engine ranking, or user trust.
  • Circumvent, disable, or interfere with any security‑related, access‑control, rate‑limiting, or content‑integrity feature of the Site.
  • Engage in commercial scraping, data harvesting, content republishing, or AI‑training data collection.
  • Take any other action that, in our reasonable opinion, harms or threatens to harm KEVOS®, our users, or the public.

7.2 Consequences of breach

If you breach the AUP we may, without notice and without liability to you: remove or moderate offending User Content; restrict, suspend, or terminate your access to the Site or newsletter; report you to law enforcement or to your internet service provider; and take any other action available to us at law or in equity, including seeking damages and injunctive relief. To the extent permitted by law, no refund will be available for service interruptions resulting from a breach of the AUP.

7.3 Reporting abuse

If you become aware of any breach of this AUP — whether by another user, a third party, or anyone purporting to act for KEVOS® — please report it to admin@kevos.com with the subject line "AUP report".

8. Privacy Policy — what we collect and why

KEVOS® is the data controller (under GDPR/UK GDPR) and business (under CCPA/CPRA) responsible for Personal Information collected through the Site and our Services. We are committed to handling your information lawfully, fairly, and transparently.

8.1 Information you give us voluntarily

You give us Personal Information when you:

What you do What we collect
Subscribe to our newsletter Email address; optionally first name and country/region
Post a comment or reply Display name, email address (not published), comment content, optionally a website URL
Contact us via email or contact form Name, email address, the contents of your message and any attachments
Submit a case study, photo, or guest contribution Name, email, contact details, and any information contained in the submission
Respond to a survey or reader poll Your responses, plus any identifying detail you choose to include
Engage with us on social media Your social profile name, comments, mentions, direct messages, and any other information your platform settings make available to us

8.2 Information we collect automatically

When you visit the Site, our hosting infrastructure and analytics tools automatically receive:

  • Log and device data — IP address, browser type and version, operating system, device type, language settings, referring URL, exit URL, screen resolution, and time‑zone.
  • Usage data — pages visited, content viewed, time spent on each page, click‑through paths, scroll depth, search terms used on the Site, and date and time of access.
  • Approximate location data — derived from your IP address (typically accurate only to city or region level). We do not collect precise geo‑location from your device unless you specifically grant browser permission.
  • Error and diagnostic data — automatically generated when something goes wrong, to help us diagnose and fix issues.
  • Cookie and similar‑technology data — see Section 15.

We treat this information as Personal Information whenever it is, or could reasonably be combined to become, identifiable.

8.3 Information we receive from third parties

We may receive information about you from:

  • Email and analytics providers — for example, deliverability data and aggregate engagement metrics from our newsletter platform; aggregate site analytics from our analytics provider.
  • Social media platforms — if you mention, tag, or interact with us publicly, or if you click a "share" button.
  • Service providers and hosting partners — diagnostic and security data.
  • Publicly available sources — for example, if you operate a publicly listed business and we look up your details to respond to a media or partnership enquiry.

8.4 Why we collect and use your information

We use Personal Information for the following purposes only:

  1. To deliver our newsletter — to send articles, updates, and occasional announcements to subscribers.
  2. To respond to enquiries — to read, triage, and reply to messages you send us.
  3. To publish and moderate User Content — including comments and contributed material.
  4. To operate, secure, and improve the Site — including hosting, error logging, fraud prevention, abuse detection, content delivery, and bug fixing.
  5. To understand our audience — through aggregate analytics that tell us which articles are read most, where readers come from, and how the Site performs.
  6. To comply with our legal obligations — including responding to lawful requests from regulators, courts, and law‑enforcement agencies; record‑keeping obligations; and tax obligations.
  7. To protect our rights and the rights of others — including investigating suspected breaches of this document, defending or bringing legal claims, and protecting the safety of users and the public.
  8. To run reader surveys and research — on a strictly opt‑in basis.

We will not use your Personal Information for any new purpose that is incompatible with these purposes without first telling you and, where required, obtaining your consent.

We do not use your Personal Information for automated decision‑making that produces legal or similarly significant effects on you, and we do not engage in profiling of the kind regulated by Article 22 GDPR.

If you are in the European Economic Area, the United Kingdom, or another jurisdiction whose law follows the GDPR model, the following legal bases apply to our processing:

Purpose Legal basis
Sending the newsletter Consent (Art. 6(1)(a)) — given when you subscribe and confirm via the double opt‑in email
Responding to enquiries you initiate Performance of pre‑contractual steps at your request / our legitimate interests in being responsive to readers (Art. 6(1)(b) and (f))
Publishing User Content you submit Consent and performance of the user‑content licence (Art. 6(1)(a) and (b))
Site security, fraud prevention, abuse handling Legitimate interests (Art. 6(1)(f)) — to keep the Site secure and running
Aggregate analytics and performance measurement Legitimate interests (Art. 6(1)(f)) where carried out in a privacy‑respecting way; otherwise consent (Art. 6(1)(a)) — see Cookie Policy
Compliance with legal obligations Legal obligation (Art. 6(1)(c))
Establishing, exercising, or defending legal claims Legitimate interests (Art. 6(1)(f)) and, where relevant, Art. 9(2)(f)

Where we rely on legitimate interests, we have carried out a balancing test and concluded that our interests are not overridden by your fundamental rights and freedoms in the relevant context. You can ask us for more information about that assessment using the contact details in Section 30.

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

We do not knowingly process special‑category data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade‑union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation) and we ask that you do not submit such data through comments, contact forms, or User Content.

10. How long we keep your information

We keep Personal Information only for as long as we need it for the purposes described in this document, or for as long as the law requires us to keep it — whichever is longer. As a guide:

Category Typical retention period
Newsletter subscriber records (email, sign‑up source, consent log) For as long as you remain subscribed, plus up to 24 months after unsubscribe so we can demonstrate compliance and avoid re‑adding you in error
Contact‑form correspondence Up to 36 months after the last interaction, then deleted or anonymised
Comments and other published User Content Until you ask us to remove it, or until we close comments on the relevant article, or as required to maintain the integrity of the comment thread
Server access logs Up to 12 months, then deleted or aggregated
Analytics data As described in our Cookie Policy and the documentation of the relevant analytics provider — typically aggregated within 14–26 months
Records required by law (e.g. tax records, legal hold) For the period required by the applicable law

When the retention period ends, we either securely delete the information or irreversibly anonymise it so it can no longer identify you.

11. Sharing your information with third parties

We do not sell Personal Information, and we do not "share" it for cross‑context behavioural advertising as those terms are defined under California law. We do, however, disclose Personal Information to a limited set of trusted recipients who help us run the Site and our Services.

11.1 Categories of recipients

  • Hosting and infrastructure providers — to host the Site and store data.
  • Email marketing platform — to deliver our newsletter, manage subscriptions, log consents, and provide deliverability and engagement metrics.
  • Analytics providers — to help us understand aggregate Site usage.
  • Security, anti‑spam, and content delivery providers — to keep the Site fast, available, and free of malicious traffic.
  • Comment‑system / forum provider (if applicable) — to host and moderate user comments.
  • IT support, developers, and professional advisers — including lawyers, accountants, auditors, and insurers, where required.
  • Law‑enforcement, regulators, and courts — where we are legally compelled to disclose, or where disclosure is necessary to protect our rights or the safety of others.
  • A successor entity — in the event of a sale, merger, restructure, or insolvency, in which case the successor will be required to respect this document for any data transferred.

Each service provider is engaged under a written contract that limits their use of Personal Information to providing services to us, requires them to keep it confidential and secure, and (where relevant) includes the data‑processing terms required by Article 28 GDPR.

11.2 What we never do

We never trade, rent, or sell our subscriber list, comment data, or any other Personal Information to third parties for their own marketing purposes.

12. International data transfers

KEVOS® is based in Australia. Some of our service providers (including hosting, email, and analytics) operate in or transfer data to other countries — typically Australia, the United Kingdom, the European Union, the United States, and other locations where our providers maintain infrastructure. These countries may have data protection laws different from, or weaker than, the laws of your country.

Whenever we transfer Personal Information outside its country of origin, we put in place appropriate safeguards. Specifically:

  • From the EU/EEA and the UK — we rely on (a) European Commission or UK adequacy decisions where they exist; (b) Standard Contractual Clauses approved by the European Commission and/or the UK International Data Transfer Addendum; or (c) other legally recognised transfer mechanisms, supplemented by additional technical and organisational measures where appropriate.
  • From Australia — we take reasonable steps under APP 8 to ensure overseas recipients do not breach the APPs, typically through contractual obligations.
  • From California and other US states — recipients of Personal Information are bound by contracts that meet the relevant statutory requirements (including the CCPA/CPRA service‑provider terms).

You can request a copy of our standard transfer mechanisms by emailing admin@kevos.com.

13. Security of your information

We take reasonable technical and organisational measures to protect Personal Information against loss, misuse, unauthorised access, disclosure, alteration, and destruction. These measures include encryption in transit (HTTPS/TLS), access controls, least‑privilege administrative access, regular software patching, secure backups, and the use of reputable hosting and SaaS providers with their own established security programmes.

You also play a role: please use a strong, unique email password and don't share credentials. We will never ask for a password to your email account or any other service.

No system connected to the internet is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security and you accept this risk when you provide Personal Information to us. If we ever experience a personal‑data breach that is likely to result in serious harm to affected individuals, we will notify the relevant regulator (for example, the OAIC in Australia under the Notifiable Data Breaches scheme, or your supervisory authority in the EU/UK) and affected individuals as required by law.

14. Children's privacy

The Site is intended for a general adult audience. We do not knowingly direct our Services at, or knowingly collect Personal Information from:

  • children under 13 years of age (United States, in line with the Children's Online Privacy Protection Act);
  • children under 16 years of age (European Economic Area and the United Kingdom, unless a member state law sets a lower minimum age, which can be as low as 13);
  • minors under 18 years of age in jurisdictions where the law treats minors specially for privacy purposes.

If you believe a child has provided us with Personal Information, please contact admin@kevos.com so we can promptly delete it.

If you are a parent or guardian in a jurisdiction whose law gives you specific rights over your child's information, you may exercise those rights by contacting us as set out in Section 30.

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, to remember your preferences, and to provide information to site operators. Similar technologies — such as web beacons, pixels, local storage, and mobile SDKs — perform comparable functions.

15.1 Categories of cookies and similar technologies we use

Category Purpose Examples Default state
Strictly necessary Make the Site work — security, load balancing, accessibility, remembering you've already accepted the cookie banner Session cookies, CSRF tokens, cookie‑consent record Always on (you cannot disable these without breaking the Site)
Functional Remember preferences such as language, dark mode, font size, or "do not show this banner again" Preference cookies On if you choose them
Performance / analytics Help us count visits and understand which articles are popular, in aggregate Analytics cookies (for example, those set by our analytics provider) Off until you consent (in regions where consent is required)
Marketing / targeting We currently do not run third‑party advertising on the Site. If this changes, we will update this Cookie Policy and obtain consent before placing such cookies in regions where required. Off

15.2 How you control cookies

  • Cookie banner — when required by law (for example, in the EU/UK), you'll see a banner that lets you accept all, reject all, or choose which categories to allow. You can change your choices at any time via the "Cookie preferences" link in our footer.
  • Browser controls — most browsers let you block, delete, or get notified about cookies. See your browser's help documentation. Blocking strictly necessary cookies will break parts of the Site.
  • "Do Not Track" and Global Privacy Control — we treat a recognised Global Privacy Control (GPC) signal from your browser as a valid opt‑out request from the sale or sharing of Personal Information for cross‑context behavioural advertising under California, Colorado, Connecticut, and other state laws that recognise such signals. We currently do not respond to legacy "Do Not Track" headers because there is no agreed industry standard for them.

15.3 Third‑party cookies

Where third parties (such as our analytics provider or a video‑embed provider) set cookies through the Site, they do so under their own privacy policies. We list our current providers in Section 11; you can read each provider's policy on its website.

16. Newsletter & marketing communications

If you subscribe to our newsletter, you are giving us your express, double‑opt‑in consent to send you our articles, updates, and occasional related communications by email. Specifically:

  • We send you a confirmation email after you subscribe; your subscription only takes effect after you click the confirmation link.
  • We log the date, time, IP address, and source of your subscription so we can demonstrate consent under Australian, EU/UK, and US law (including the Spam Act 2003 (Cth), Article 7 GDPR, and the CAN‑SPAM Act).
  • Every email we send contains a working unsubscribe link. One click is enough — no questions asked, no login required.
  • You can also unsubscribe at any time by emailing admin@kevos.com with "Unsubscribe" in the subject line.
  • We will action unsubscribe requests promptly, in any event within five business days, as required by the Spam Act 2003 (Cth), and within ten business days as required by the CAN‑SPAM Act.

We will never sell, rent, or trade your email address. We will never use your email address to send advertising for unrelated third‑party products. The only commercial messages you should receive from us are our own newsletter and, where you have opted in separately, occasional partner content explicitly identified as such.

17. Your privacy rights — general

Wherever you live, you have the right to:

  • Access the Personal Information we hold about you.
  • Correct Personal Information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
  • Withdraw consent at any time where our processing is based on consent.
  • Unsubscribe from marketing communications.
  • Make a complaint if you believe we have mishandled your information.

To exercise any of these rights, email admin@kevos.com with enough information to identify you (typically the email address you subscribed with) and a clear description of your request. We will respond as soon as reasonably possible, and in any case within the time required by the law that applies to you (typically 30 days under Australian law, one month under GDPR/UK GDPR — extendable by two further months for complex requests — and 45 days under most US state laws, extendable by a further 45 days).

We do not charge a fee for responding to a privacy request unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable cost‑recovery fee or refuse the request, as permitted by law.

We may need to verify your identity before actioning a request — typically by confirming you can receive email at the address on file, or by asking you to confirm specific information we already hold. We will not use information you give us for verification for any other purpose.

You may use an authorised agent to make a request on your behalf where the law allows. We will need written proof that the agent is authorised, and we may contact you to verify the request directly.

We will not discriminate or retaliate against you for exercising any privacy right.

18. Australia — Privacy Act & Australian Privacy Principles

This section applies to individuals whose Personal Information we handle subject to the Privacy Act 1988 (Cth) ("the Privacy Act") and the Australian Privacy Principles ("APPs").

18.1 Open and transparent management of Personal Information (APP 1)

This document is our APP Privacy Policy. It is freely available on our Site, and we will provide it in another reasonable form on request.

18.2 Anonymity and pseudonymity (APP 2)

Wherever practicable, you can interact with us anonymously or under a pseudonym — for example, you can read the Site without identifying yourself. We require an email address for newsletter subscriptions because the service inherently requires one.

18.3 Collection (APP 3, APP 4, APP 5)

We collect Personal Information only by lawful and fair means and only where it is reasonably necessary for one of our functions or activities. We do not solicit sensitive information. If we receive Personal Information we did not solicit and we determine we could not lawfully have collected it, we will destroy or de‑identify it as soon as practicable. We notify you of collection through this document at the point of collection.

18.4 Use and disclosure (APP 6)

We use and disclose Personal Information only for the primary purpose for which it was collected, or for a related secondary purpose you would reasonably expect, or with your consent, or as otherwise permitted by the Privacy Act.

18.5 Direct marketing (APP 7)

We use Personal Information for direct marketing only with your consent (newsletter subscribers) and we provide a simple unsubscribe mechanism in every marketing communication.

18.6 Cross‑border disclosure (APP 8)

See Section 12. We take reasonable steps to ensure overseas recipients do not breach the APPs.

18.7 Government identifiers (APP 9)

We do not use or disclose government‑related identifiers (such as a Tax File Number, Medicare number, or driver's licence number). Please do not send us such identifiers.

18.8 Quality and security (APP 10, APP 11)

See Sections 13 and 17 above.

18.9 Access and correction (APP 12, APP 13)

You may request access to or correction of the Personal Information we hold about you. We will respond within 30 days. If we decline a request (for example, because an exception in the Privacy Act applies), we will give written reasons and tell you how to complain.

18.10 Notifiable Data Breaches scheme

We comply with Part IIIC of the Privacy Act. If we have reasonable grounds to believe an eligible data breach has occurred, we will notify the Office of the Australian Information Commissioner ("OAIC") and affected individuals as soon as practicable.

18.11 Complaints

You may complain to us using the contact details in Section 30. If you are unsatisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Mail: GPO Box 5288, Sydney NSW 2001

18.12 Spam Act

Our newsletter complies with the Spam Act 2003 (Cth): we obtain consent, identify ourselves clearly, and provide a functional unsubscribe facility.

19. European Union & United Kingdom — GDPR / UK GDPR

This section applies if you are in the European Economic Area, the United Kingdom, or Switzerland.

19.1 Controller

KEVOS® is the controller of your Personal Information. Our contact details are in Section 30. We do not currently meet the threshold for being required to appoint an EU representative under Article 27 GDPR; if that changes, we will update this document.

19.2 Your rights under the GDPR / UK GDPR

In addition to the general rights in Section 17, you have the right to:

  • Erasure ("right to be forgotten") — to ask us to delete your Personal Information where one of the grounds in Article 17 applies (for example, the data is no longer needed for the purpose collected, or you have withdrawn consent and there is no other legal basis).
  • Restriction of processing — to ask us to limit how we use your Personal Information in certain circumstances.
  • Data portability — to receive a copy of the Personal Information you provided to us, in a structured, commonly used, machine‑readable format (we typically provide CSV or JSON), and to have it transmitted to another controller where technically feasible.
  • Object to processing — to object to processing carried out on the basis of legitimate interests, including profiling, and to object at any time to processing for direct‑marketing purposes.
  • Not be subject to solely automated decisions with legal or similarly significant effects (we do not carry out such decision‑making).
  • Withdraw consent at any time where consent is the legal basis.

19.3 Lodging a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

  • United Kingdom — Information Commissioner's Office (ICO), ico.org.uk, 0303 123 1113.
  • Ireland — Data Protection Commission, dataprotection.ie.
  • Other EU/EEA states — see edpb.europa.eu for the full list.

We would, however, appreciate the chance to address your concerns first — please email admin@kevos.com.

19.4 ePrivacy / cookies

In the EU and UK we obtain consent for non‑essential cookies and similar technologies through our cookie banner, in line with the ePrivacy Directive (and PECR in the UK).

20. California — CCPA / CPRA

This section provides the disclosures required by the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA").

20.1 Categories of Personal Information collected

In the past 12 months we have collected the following categories of Personal Information (terms used here have the meaning given in Cal. Civ. Code § 1798.140):

  • Identifiers — name, email address, IP address, online identifiers.
  • Customer records information (Cal. Civ. Code § 1798.80(e)) — name and email where supplied with a comment or message.
  • Internet or other electronic network activity information — browsing history on the Site, interactions with content and ads (none currently), search history within the Site.
  • Geolocation data — approximate, IP‑derived location only.
  • Inferences — drawn from the above to build a general picture of audience interests in aggregate (not individual profiles).

We do not collect: biometric information; precise geolocation; protected‑classification characteristics; commercial information about purchases; professional or employment information; education information; or content of mail/email/text messages where we are not the intended recipient.

20.2 Sources

See Section 8 (directly from you, automatically through the Site, from third‑party service providers).

20.3 Purposes

See Section 8.4.

20.4 Disclosures for a business purpose

In the past 12 months we have disclosed the categories listed in 20.1 to: hosting providers, email marketing platform, analytics providers, security and anti‑abuse providers, professional advisers, and (when legally required) regulators and courts. See Section 11.

20.5 Sale and sharing

We do not sell Personal Information and we do not share Personal Information for cross‑context behavioural advertising. We have not done so in the preceding 12 months and do not have any actual knowledge of selling or sharing the Personal Information of any consumer under 16 years of age.

20.6 Sensitive Personal Information

We do not collect or use sensitive Personal Information (as defined in the CPRA) for purposes other than those permitted by Cal. Civ. Code § 1798.121, so the right to limit the use of sensitive Personal Information does not currently arise.

20.7 Your CCPA/CPRA rights

If you are a California resident you have the right to:

  • Know what Personal Information we have collected, used, disclosed, sold, or shared.
  • Access the specific pieces of Personal Information we hold about you.
  • Delete Personal Information we have collected from you (subject to statutory exceptions).
  • Correct inaccurate Personal Information.
  • Opt out of any sale or sharing of Personal Information (not applicable, because we do neither).
  • Limit the use and disclosure of sensitive Personal Information (not applicable, because we do not use it for purposes that trigger this right).
  • Non‑discrimination — we will not deny goods or services, charge different prices, or provide a different level or quality of service because you exercised a right.

To make a request, email admin@kevos.com with the subject line "California Privacy Request". We will verify your identity by matching the details you provide against information we already hold (typically the email address). You may use an authorised agent, who must provide written proof of authority signed by you.

20.8 "Shine the Light" (Cal. Civ. Code § 1798.83)

California residents may request information about our disclosures, if any, of Personal Information to third parties for those third parties' direct‑marketing purposes. We do not currently disclose Personal Information for that purpose. Send a request titled "California Shine the Light Request" to admin@kevos.com.

20.9 Notice of financial incentive

We do not currently offer any financial incentives in exchange for Personal Information. If we do in the future, we will publish a notice of financial incentive that complies with Cal. Civ. Code § 1798.125(b).

21. Other US states

If you reside in one of the US states listed below, you are entitled to the rights granted by your state's comprehensive privacy law. The mechanics of these rights are broadly similar to the CCPA/CPRA and to the GDPR; the table below summarises the key statutes. To exercise any of these rights, email admin@kevos.com.

State Statute Effective Headline rights granted
Virginia Consumer Data Protection Act (VCDPA) 1 Jan 2023 Access, correct, delete, portability, opt out of targeted advertising / sale / profiling
Colorado Colorado Privacy Act (CPA) 1 Jul 2023 Same as above; recognises universal opt‑out signals (GPC)
Connecticut Connecticut Data Privacy Act (CTDPA) 1 Jul 2023 Same; recognises GPC
Utah Utah Consumer Privacy Act (UCPA) 31 Dec 2023 Access, delete, portability, opt out of targeted advertising / sale
Texas Texas Data Privacy and Security Act (TDPSA) 1 Jul 2024 Access, correct, delete, portability, opt out of targeted advertising / sale / profiling
Oregon Oregon Consumer Privacy Act (OCPA) 1 Jul 2024 Same; recognises GPC
Florida Florida Digital Bill of Rights (FDBR) 1 Jul 2024 Access, correct, delete, portability, opt out — applies to large controllers
Montana Montana Consumer Data Privacy Act 1 Oct 2024 Same as Connecticut model
Iowa Iowa Consumer Data Protection Act 1 Jan 2025 Access, delete, portability, opt out of sale
Delaware Delaware Personal Data Privacy Act 1 Jan 2025 Connecticut‑style
New Hampshire NH Privacy Act (SB 255) 1 Jan 2025 Connecticut‑style
New Jersey NJ Data Privacy Act 15 Jan 2025 Connecticut‑style; recognises GPC
Minnesota Minnesota Consumer Data Privacy Act 31 Jul 2025 Connecticut‑style; right to question profiling decisions
Maryland Maryland Online Data Privacy Act 1 Oct 2025 Connecticut‑style with stricter data‑minimisation
Tennessee Tennessee Information Protection Act 1 Jul 2025 Connecticut‑style
Indiana Indiana Consumer Data Protection Act 1 Jan 2026 Connecticut‑style
Kentucky Kentucky Consumer Data Protection Act 1 Jan 2026 Connecticut‑style
Rhode Island Rhode Island Data Transparency and Privacy Protection Act 1 Jan 2026 Notice and opt‑out focused
Verify the current effective date and exact requirements of your state's law against the official statute or regulator's guidance — these laws are evolving.

In each state, you also have the right to appeal if we decline to act on your request. The appeal procedure is described in our response to your initial request and you may, in addition, complain to your state's Attorney General.

22. Intellectual property

Unless otherwise indicated, all Content on the Site — including text, articles, photographs, illustrations, infographics, downloadable PDFs, layout, code, logos, and the KEVOS® registered trade mark — is owned by KEVOS® or used under licence. It is protected by Australian and international copyright, trade‑mark, and other intellectual‑property laws.

The licence we grant you in Section 4.1 is the only right you receive in our Content. All other rights are reserved.

If you believe Content on the Site infringes your copyright, please send a notice to admin@kevos.com that includes:

  1. Your contact details and electronic signature.
  2. Identification of the copyrighted work you claim has been infringed.
  3. The URL or other location of the allegedly infringing material.
  4. A statement that you have a good‑faith belief the use is not authorised.
  5. A statement, made under penalty of perjury (where applicable), that the information in your notice is accurate and that you are the rights‑holder or authorised to act on the rights‑holder's behalf.

We will respond to valid notices in accordance with applicable law (including the Copyright Act 1968 (Cth) and, where relevant, the US Digital Millennium Copyright Act).

23. Disclaimers & warranties

To the maximum extent permitted by law, the Site and all Content are provided "as is" and "as available", without warranty of any kind, express or implied, including (without limitation) implied warranties of merchantability, fitness for a particular purpose, title, non‑infringement, accuracy, completeness, currency, and uninterrupted availability.

Without limiting the above, KEVOS® does not warrant that:

  • the Site will be available, secure, error‑free, or free of viruses or other harmful components;
  • defects will be corrected;
  • any information on the Site is accurate, complete, current, or appropriate for your circumstances;
  • any product, service, supplier, technique, or material referenced on the Site is suitable, safe, or compliant with the laws and codes that apply to your project.

Australian Consumer Law: Nothing in this document excludes, restricts, or modifies any consumer guarantee, right, or remedy conferred by the Competition and Consumer Act 2010 (Cth) (including the Australian Consumer Law) or any other legislation that cannot lawfully be excluded or limited. Where a guarantee, right, or remedy applies and cannot lawfully be excluded but can be limited, our liability is limited, at our option, to: re‑supplying the Services; or paying the cost of having the Services re‑supplied.

24. Limitation of liability

To the maximum extent permitted by law, in no event will KEVOS®, its directors, officers, employees, contractors, agents, suppliers, or licensors be liable to you or any third party for any:

  • indirect, incidental, special, consequential, exemplary, or punitive damages;
  • loss of profits, revenue, business, goodwill, opportunity, savings, anticipated savings, contracts, customers, or reputation;
  • loss of, corruption of, or unauthorised access to data;
  • loss arising out of or relating to your use of, or inability to use, the Site or any Content,

whether based in contract, tort (including negligence), statute, equity, indemnity, or otherwise, and even if KEVOS® has been advised of the possibility of such damage.

To the maximum extent permitted by law, our total aggregate liability to you for all claims arising out of or relating to the Site, the Content, or this document is limited to AUD 100.

Some jurisdictions do not allow the exclusion or limitation of certain damages or warranties, so some of the above exclusions and limitations may not apply to you. In such jurisdictions, our liability is limited to the minimum permitted by law.

25. Indemnity

You agree to indemnify, defend, and hold harmless KEVOS® and its directors, officers, employees, contractors, agents, suppliers, and licensors from and against any and all claims, demands, actions, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable legal fees) arising out of or in connection with:

  • your User Content;
  • your use of the Site or Services in breach of this document;
  • your breach of any law or any third‑party right (including intellectual‑property and privacy rights);
  • any misrepresentation made by you.

We reserve the right to assume the exclusive defence and control of any matter for which you are required to indemnify us, in which case you agree to cooperate with our defence.

26. Suspension and termination

We may, at our sole discretion and without prior notice, suspend, restrict, or terminate your access to the Site (including unsubscribing you from the newsletter or removing your User Content) if:

  • we reasonably believe you have breached this document;
  • we reasonably believe your access poses a security or legal risk to KEVOS®, our users, or any third party;
  • we are required to do so by law or by a regulator or court; or
  • we cease to operate the Site or the relevant Service.

Sections 4.2 (Things you must not do), 5 (Educational disclaimer), 6.1–6.2 (User‑content licence and warranties), 22 (IP), 23–25 (Disclaimers, liability, indemnity), 28 (Governing law), and any rights or obligations that by their nature should survive will survive any termination.

27. Changes to these policies

We may update this document from time to time to reflect changes in our practices, services, technologies, legal requirements, or for other operational reasons. When we do, we will:

  • post the updated version at the same URL;
  • update the "Last updated" date at the top;
  • where the change is material — for example, a change in the categories of recipients of your Personal Information, a new purpose of processing, or a change to your rights — notify you at least 30 days before the change takes effect, by email (if we have your address) and/or by a prominent notice on the Site.

If a change requires your consent under applicable law, we will ask for it before the change applies to you.

Continuing to use the Site after the effective date of an update means you accept the updated document. If you do not accept it, you should stop using the Site and unsubscribe from any communications.

28. Governing law and jurisdiction

This document and any non‑contractual obligations arising out of or in connection with it are governed by the laws of New South Wales, Australia, without regard to conflict‑of‑laws principles.

You submit to the exclusive jurisdiction of the courts of New South Wales and the Commonwealth of Australia and the courts of appeal from them, except that:

  • nothing prevents you from bringing a claim in a court of competent jurisdiction in your country of residence where mandatory consumer‑protection law in that country gives you that right; and
  • nothing prevents either party from seeking urgent injunctive or equitable relief in any court of competent jurisdiction.

29. Severance and miscellaneous

  • Severance — if any term of this document is, or becomes, illegal, invalid, or unenforceable in any jurisdiction, that term is severed in that jurisdiction to the minimum extent necessary, and the rest of the document remains in full force.
  • No waiver — our failure to enforce a right or provision is not a waiver of that right or provision.
  • Assignment — you may not assign or transfer your rights under this document. We may assign our rights and obligations to an affiliate or successor in connection with a merger, acquisition, restructure, or sale of assets, on notice to you.
  • Entire agreement — this document is the entire agreement between you and KEVOS® concerning the Site and the Services and supersedes any prior agreement.
  • No partnership — nothing in this document creates a partnership, joint venture, agency, employment, or fiduciary relationship between you and KEVOS®.
  • Force majeure — KEVOS® is not liable for any failure or delay in performance caused by events beyond its reasonable control, including acts of God, war, civil unrest, pandemic, government action, internet or telecommunications failure, or supplier outage.
  • Headings and language — headings are for convenience only and do not affect interpretation. The English version of this document prevails over any translation.

30. How to contact us & make a complaint

We welcome questions, feedback, and complaints — they help us improve.

KEVOS® Email: admin@kevos.com

When you contact us about a privacy matter, please include:

  • your full name and the email address you use with us;
  • the right you want to exercise or the issue you are raising;
  • enough detail for us to locate your information and respond meaningfully.

We aim to acknowledge privacy enquiries within 5 business days and to give a substantive response within the time required by the law that applies to you (see Section 17).

If you are not satisfied with our response, you may refer your complaint to:

  • the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au — for matters under the Privacy Act;
  • your EU/EEA supervisory authority or the UK Information Commissioner's Office (ICO) — ico.org.uk — for matters under the GDPR / UK GDPR;
  • your state Attorney General — for matters under US state privacy laws.

KEVOS® is a registered trade mark. All rights reserved. © KEVOS® 2026.