Privacy Policy

1. Introduction

CDR Report Guide (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains what personal information we collect when you engage us, how we use and protect it, and what choices you have about how it’s handled.

We comply with the Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs). This policy applies to all interactions with us — visiting our website, booking a consultation, engaging us for services, or contacting us by any channel.

2. What information we collect

We collect only what we need to deliver our services. That includes:

Identification & contact details

• Full name
• Email address
• Phone number (often WhatsApp)
• Country / city of residence
• Preferred contact method and time zone

Professional information

• Engineering or ICT qualification details (degree, institution, year, country)
• Nominated ANZSCO occupation
• Employment history, employers, roles
• Project descriptions, technical work, and decisions
• Continuing Professional Development activities
• Any documents you share with us (CV, transcripts, project reports, prior CDR drafts)

Assessment-related information

• Engineers Australia, Engineering NZ, or ACS correspondence
• Outcome letters (positive or negative)
• Rejection reasons or feedback from assessing bodies

Payment information

• Billing name and address
• Payment method type (we don’t store full card numbers — these are handled by our payment processors)
• Invoice and payment history

Website information

• IP address, browser type, device type
• Pages visited, time on site, referral source
• Form submissions and consultation booking requests

3. How we collect it

We collect information directly from you in these ways:

• Website forms — consultation booking form, contact form, newsletter signup (if applicable)
• Email and phone — when you reach out via [email protected] or +61 414 269 514
• WhatsApp — when you message us at +61 414 269 514
• Intake questionnaires — structured forms we send after engagement begins
• Document uploads — when you share your CV, transcripts, project material, or prior drafts
• Cookies and analytics — automatically when you visit our site (see section 7)

We don’t buy personal information from third parties, and we don’t collect information about you from other sources without your knowledge.

4. How we use your information

We use the information we collect for these purposes:

• Delivering services — drafting your CDR, KA02, ACS RPL, or related deliverable based on your project material
• Communication — responding to enquiries, sending drafts for review, coordinating revisions
• Payment processing — invoicing, taking deposits and balances, issuing receipts
• Engagement management — internal record of your project, writer assignment, timeline tracking
• Outcome support — handling rewrites under our outcome support guarantee
• Legal and tax compliance — maintaining records as required by Australian tax and business law
• Service improvement — anonymised aggregate analysis of where engineers come from, which packages they choose, and what causes EA rejections (always in a way that doesn’t identify individuals)

We do not use your information for unrelated marketing, sell it to third parties, or share it with advertisers.

5. Who we share your information with

We share your information only when necessary to deliver our services:

• Our writers and reviewers — the discipline-matched writer assigned to your engagement, and the senior engineer reviewing the draft. All are part of our in-house Strathfield team and bound by confidentiality clauses.
• Payment processors — Stripe, PayPal, or your bank (for transfers). They handle card details directly under their own privacy policies — we never see your full card number.
• Email service providers — for sending you drafts, invoices, and consultation confirmations
• Plagiarism & AI-content scanners — Turnitin and AI-detection tools, which receive the report content (not your personal details) for similarity scanning before delivery
• Legal and accounting advisors — when required for compliance, audits, or legal advice

6. Data security

We take reasonable steps to protect your information:

• Encryption in transit — our website uses HTTPS (TLS); email is sent over secure connections
• Encrypted storage — sensitive documents are stored in encrypted cloud workspaces with password and two-factor authentication required for access
• Access control — only the writers and reviewers assigned to your engagement, plus office administration, have access to your project material
• Confidentiality clauses — every team member signs a confidentiality agreement as part of their engagement with us
• Regular reviews — we review access permissions and security practices periodically

No system is perfectly secure. If a data breach affects your information in a way that’s likely to result in serious harm, we’ll notify you and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme.

7. Cookies & tracking

Our website uses cookies and similar technologies for these purposes:

• Essential cookies — for site functionality (e.g. remembering form input, session management)
• Analytics cookies — Google Analytics, to understand which pages get visited and how users navigate. Analytics data is aggregated and anonymised — we can’t identify individual visitors from it.
• No advertising cookies — we don’t run retargeting ads or share visitor data with ad networks

You can disable cookies in your browser settings. Disabling essential cookies may affect site functionality (forms may not submit correctly, for example).

8. Third-party services

We use the following third-party services to operate. Each handles your data under their own privacy policy:

• Google Analytics — website usage analytics
• Stripe / PayPal — payment processing
• WhatsApp Business (Meta) — for our WhatsApp communication channel
• Google Workspace — for email and document storage
• Turnitin — for plagiarism similarity reports
• AI-content detection tools — for verifying drafts are engineer-authored, not AI-generated

We choose third-party providers that maintain industry-standard security practices. Where third parties may transfer data overseas (see section 10), we ensure they operate under privacy frameworks comparable to Australian standards.

9. Data retention

We keep your information for as long as needed to deliver our services and meet legal obligations:

• Active engagement — all relevant data is kept during the engagement and revision window
• Post-delivery — we retain a copy of your delivered report and project file for 2 years after delivery, in case you need a copy or invoke the outcome support guarantee
• Tax and accounting records — kept for 7 years as required by Australian tax law (this is generally just invoice records, not project material)
• Marketing list (if you opt in) — until you unsubscribe

After these periods, we securely delete or anonymise the data.

If you want us to delete your data earlier, you can request that under section 11. We’ll delete what we can, with the exception of records we’re legally required to keep.

10. International transfers

Some of the third-party services we use (Google Analytics, Stripe, PayPal, Google Workspace) may process data in countries outside Australia, primarily the United States and the European Union. These providers operate under recognised data protection frameworks (such as the EU-US Data Privacy Framework) and comply with global privacy standards.

Your project material itself is stored and processed within our Australian Google Workspace. We don’t transfer your CDR drafts, project material, or sensitive documents to overseas third parties for processing.

11. Your rights

Under the Australian Privacy Act, you have the right to:

• Access the personal information we hold about you
• Correct any inaccurate or out-of-date information we hold
• Request deletion of your information (subject to our legal record-keeping obligations)
• Withdraw consent for marketing communications at any time
• Lodge a complaint with us, and if unresolved, with the OAIC
• Be informed if a data breach affects your information

To exercise any of these rights, email us at [email protected]. We’ll respond within 30 days — usually sooner.

12. Marketing communications

We don’t send marketing emails by default. If you opt in to our newsletter or marketing list, we may send you:

• Updates to MSA Booklet specifications or assessment body policy changes
• Articles relevant to engineering migration
• Occasional service announcements

You can unsubscribe at any time using the link at the bottom of any marketing email, or by emailing us. Service emails (draft delivery, revision coordination, invoices) are not marketing and continue regardless.

13. Children’s privacy

Our services are intended for adult engineers and ICT professionals — typically aged 22 and above with completed tertiary qualifications and work experience. We don’t knowingly collect information from anyone under 18.

If you believe we’ve inadvertently collected information from a minor, contact us and we’ll delete it promptly.

14. Complaints

If you think we’ve breached the Australian Privacy Principles or mishandled your information:

1. Contact us first at [email protected] with details of your concern. We’ll investigate and respond within 30 days.
2. If you’re not satisfied with our response, you can escalate to the Office of the Australian Information Commissioner (OAIC):

Phone: 1300 363 992
Website: www.oaic.gov.au

15. Updates to this policy

We may update this policy from time to time to reflect changes in our practices or in the law. When we make material changes, we’ll update the “Effective from” date at the top and notify active clients by email.

The most current version is always available on this page.

16. Contact us

For any privacy-related questions or requests:

CDR Report Guide — Privacy Officer
Suite 105/30-34 Churchill Avenue
Strathfield NSW 2135, Australia

Phone / WhatsApp: +61 414 269 514
Email: [email protected]
Hours: Mon–Sat 9am–7pm AEDT