Last updated: 27 March 2026

Quick links: Privacy Policy | Terms of Use | Acceptable Use Policy | Cookie Policy | Data Breach Response

Privacy Policy

Epic IT Pty Ltd (ABN 40 121 238 293) is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Who we are

Epic IT is a managed IT services provider headquartered in North Perth, Western Australia, with offices in Sydney and Brisbane. We provide managed IT support, cybersecurity, cloud services, AI governance, and strategic IT advisory to Australian businesses.

Information we collect

• Identity information: name, job title, company name
• Contact information: email address, phone number, business address
• Technical information: IP address, browser type, device information, pages visited, referral source
• Service information: IT environment details, support tickets, system configurations, and documentation necessary to deliver our managed services
• Financial information: billing address and payment details (processed securely through our payment provider — we do not store credit card numbers on our servers)
• Communication records: emails, support requests, phone call records, and meeting notes related to service delivery

We do not collect personal information from individuals under 18.

How we collect information

• Contact forms and enquiry submissions on our website
• Phone calls and emails to our team
• Service agreements and onboarding processes
• Support tickets submitted through our helpdesk
• Cookies and analytics tools on our website
• Third-party platforms including Microsoft 365, Google Analytics, and our CRM system

How we use your information

• Deliver managed IT services, cybersecurity, and support under our service agreements
• Respond to enquiries and provide quotes
• Communicate service updates, maintenance windows, and security alerts
• Improve our services through analytics and feedback
• Send marketing communications (only where you have opted in — you can unsubscribe at any time)
• Comply with legal obligations, including the Notifiable Data Breaches scheme
• Protect the security of our systems and our clients’ environments

Managed services and client data

As a managed IT services provider, we may have access to data within your IT environment as part of delivering our services. We treat all client environment data as confidential and subject to the terms of our service agreement.

Epic IT is ISO 27001 certified. Our security controls, access policies, and data handling procedures are reviewed annually by external auditors. We do not access, read, or use client business data unless specifically requested by the client for support purposes or required by law.

Data storage and security

Your personal information is stored on secure systems hosted in Australia. We implement:

• Encryption in transit (TLS) and at rest
• Multi-factor authentication for all internal systems
• Role-based access controls following the principle of least privilege
• Regular security assessments and penetration testing
• Staff security awareness training
• Incident response procedures aligned with ISO 27001

Data retention

• Client service records: duration of agreement plus 7 years
• Support tickets: 3 years after resolution
• Marketing contacts: until you unsubscribe or request deletion
• Website analytics: 26 months

You may request deletion of your personal information at any time by contacting us at info@epicit.com.au.

Sharing your information

We do not sell, trade, or rent your personal information. We may share your information with:

• Service delivery partners: third-party vendors who assist in delivering our managed services (e.g., Microsoft, ConnectWise, Datto, Fortinet), subject to confidentiality agreements
• Professional advisers: accountants, lawyers, and auditors as required
• Regulatory authorities: where required by law, regulation, court order, or government request

Your rights

Under the Australian Privacy Principles, you have the right to access, correct, or request deletion of your personal information, opt out of marketing communications, and complain to the Office of the Australian Information Commissioner. Contact us at info@epicit.com.au and we will respond within 30 days.

Terms of Use

These terms govern your access to and use of the website at www.epicit.com.au. By using this website, you agree to these terms.

Use of this website

You may use this website for lawful purposes only. You agree not to:

• Use the website in any way that breaches applicable Australian laws
• Transmit unsolicited advertising or promotional material
• Attempt to gain unauthorised access to any part of the website or connected systems
• Transmit any data containing viruses, trojan horses, or other harmful programmes
• Reproduce or resell any part of the website except as expressly permitted

Intellectual property

This website and its content — including text, graphics, logos, images, software, and design — are the copyright of Epic IT Pty Ltd. All rights reserved. You may print or download content for personal, non-commercial use. You may not reproduce, redistribute, or republish content without our written consent.

Information accuracy

The information on this website is provided for general informational purposes. We make no representations or warranties about the completeness, accuracy, or suitability of any information. Content on this website does not constitute professional IT advice.

Service agreements

Our managed IT services, cybersecurity services, and consulting engagements are governed by separate service agreements. These terms apply to the website only.

Limitation of liability

To the maximum extent permitted by Australian law, Epic IT will not be liable for any loss or damage arising from your use of this website, including indirect, consequential, or incidental loss. Nothing in these terms excludes liability that cannot be excluded under Australian Consumer Law.

Governing law

These terms are governed by the laws of Western Australia.

Acceptable Use Policy

This policy applies to all users of Epic IT’s managed services, including hosted systems, email platforms, cloud environments, and network infrastructure managed under a service agreement.

Permitted use

Systems managed by Epic IT must be used for legitimate business purposes in accordance with your service agreement. Users must:

• Comply with all applicable Australian laws and regulations
• Use systems in accordance with their organisation’s internal policies
• Maintain the confidentiality of their login credentials and report any suspected compromise immediately
• Follow reasonable security practices including not sharing passwords and locking unattended devices

Prohibited use

You must not use systems managed by Epic IT to:

• Engage in any unlawful activity, including fraud, harassment, or distribution of illegal content
• Transmit malware, viruses, or any code designed to disrupt or damage systems
• Attempt to gain unauthorised access to systems, accounts, or data belonging to others
• Circumvent security controls, monitoring tools, or access restrictions implemented by Epic IT
• Send unsolicited bulk email (spam) or conduct phishing attacks
• Store or distribute pirated software, media, or other copyrighted material without authorisation
• Use systems in a way that degrades performance or availability for other users

Monitoring and enforcement

As part of our managed services, Epic IT monitors systems for security threats, performance issues, and policy compliance. Monitoring is conducted for the purpose of service delivery and security — not surveillance of individual user activity. If a violation of this policy is detected, we will notify the client’s designated contact. Repeated or serious violations may result in suspension of access pending resolution with the client.

Reporting

If you become aware of a security incident, policy violation, or suspicious activity, report it immediately to our helpdesk at info@epicit.com.au or call 1300 EPIC IT.

Cookie Policy

This website uses cookies and similar tracking technologies. This policy explains what cookies we use, why we use them, and how you can control them.

What are cookies?

Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and understand how you interact with the site.

Cookies we use

Essential cookies

Required for the website to function. These handle session management, security, and basic functionality. They cannot be disabled without affecting your experience.

Analytics cookies (Google Analytics 4)

We use Google Analytics 4 to understand how visitors use our website — which pages are visited, how long users stay, and where traffic comes from. IP addresses are anonymised. Data is retained for 26 months. Google’s privacy policy applies to data they process on our behalf.

Marketing cookies

We use Google Ads and Meta (Facebook) pixels to measure the effectiveness of our advertising and serve relevant ads to visitors who have previously interacted with our website. These cookies track conversions and build audience segments for remarketing.

Managing cookies

You can manage or disable cookies through your browser settings:

• Chrome: Settings > Privacy and security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Cookies and site permissions

Disabling cookies may affect your experience on this website. Essential cookies cannot be disabled without breaking core functionality.

Third-party cookies

Third-party services (Google, Meta) may set their own cookies when you visit our website. We do not control these cookies. Refer to their respective privacy policies for information on how they handle your data.

Data Breach Response

Epic IT maintains a formal data breach response plan aligned with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth) and our ISO 27001 information security management system.

What constitutes a data breach?

A data breach occurs when personal information held by Epic IT is accessed, disclosed, or lost without authorisation. This includes breaches affecting our own systems and breaches affecting client environments under our management.

Our response process

1. Containment: Immediately isolate affected systems to prevent further unauthorised access or data loss.
2. Assessment: Investigate the nature and scope of the breach, determine what data was affected, and assess whether the breach is likely to result in serious harm.
3. Notification: If the breach meets the NDB threshold (likely to result in serious harm), we notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and no later than 30 days after becoming aware of the breach.
4. Remediation: Implement measures to prevent recurrence, including security control updates, access reviews, and process improvements.
5. Documentation: Maintain a complete record of the breach, our response, and any notifications made.

Client environment breaches

If a breach affects a client’s environment under our management, we will notify the client’s designated security contact immediately. The client remains the data controller and is responsible for determining notification obligations to their own customers and regulators. Epic IT will support the client through the response process, provide technical investigation findings, and assist with remediation.

Reporting a suspected breach

If you suspect a data breach involving Epic IT or systems we manage, report it immediately:

• Phone: 1300 EPIC IT (1300 374 248) — select the urgent/security option
• Email: info@epicit.com.au with subject line “Security Incident”

Contact us

For questions about any of these policies:

Epic IT Pty Ltd (ABN 40 121 238 293)
Unit 2, 62 Angove Street, North Perth WA 6006
Phone: 1300 EPIC IT (1300 374 248)
Email: info@epicit.com.au
Website: www.epicit.com.au

If you are not satisfied with our response to a privacy matter, you may lodge a complaint with the Office of the Australian Information Commissioner.