Effective 4th of June 2026

MessageXchange ABN 73 076 521 161 (MessageXchange, eVision, we, or us) is committed to respecting your privacy. This Privacy Policy sets out how we collect, use, disclose and store your personal information – being information or an opinion about an individual that is reasonably identifiable.

We handle personal information in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth).

By using the services available from our website www.messagexchange.com (the Website), or which we otherwise provide to you under the name “MessageXchange”, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy, the Terms of Use, and any other arrangements that apply between us.

We may change our Privacy Policy from time to time by publishing changes to it on the Website. We encourage you to check our Website periodically to ensure that you are aware of our current Privacy Policy.

Our role as data processor

You acknowledge that we are only the controller of data that is held within our own systems used for our internal business management purposes (Internal Systems). We are not the controller of data in messages (Customer Data) sent and received by our customers (and their trading partners) using our cloud services and platform (SaaS Platform). Customer Data is within the control of our customer and is only processed transiently by us through their use of our SaaS Platform and held in automatic back-ups that we create specifically for our customer.

So our customer is the data controller and we are the data processor with respect to such Customer Data. We only handle personal information that is contained in Customer Data (processed by our SaaS Platform for our customer) in accordance with the instructions of our customer.

What personal information do we collect?

The information that we collect will depend on the specific Services that we are providing to you or our customer.

Sometimes we collect your data directly from you (where that information is held in our Internal Systems, because you are a representative of our customer (referred to in this policy as Your Business)); and sometimes we collect it indirectly (where that information is part of the Customer Data collected by our customer or its trading partner and input into the SaaS Platform). In general, though, we may collect the following types of personal information:

  • your name;
  • your location;
  • information we need to contact you, such as your telephone number, mailing address, or email address;
  • the name of the customer you represent (that is, Your Business) and your position;
  • your device ID, device-type, computer and connection information, statistics on page views, traffic to and from our site, ad data, IP address and standard web log information;
  • details of the Services that we have provided to you or that you have enquired about, including any additional information necessary to deliver the Services and respond to your enquiries;
  • information about how you access or use our website and Services (including identifiers and inferences that relate to you (like preferences, segments or usage patterns derived from your interactions with our Services);
  • any other information relating to you that you provide to us directly, including information provided through the Services or customer surveys; and
  • any other personal information that may be required in order to facilitate your dealings with us.

You should not provide us with any sensitive information (as defined in the Privacy Act), such as health information, racial or ethnic origin, political opinions, religious beliefs, or biometric data, unless it is strictly necessary for the provision of our Services or required by law.

We do not request or require government-issued identifiers or other highly sensitive information. However, such information may be included in Customer Data uploaded to the SaaS Platform by our customer. As outlined above, in that instance, our customer is the controller of that information and we process it only in accordance with the customer’s instructions.

Where any such information is included in Customer Data, we will only process it as necessary to provide the Services for our customer or to comply with legal obligations, and we will apply appropriate safeguards in accordance with the Australian Privacy Principles.

How do we collect personal information?

We may collect personal information when you:

  • register to use the Services;
  • contact our support team; or
  • interact with or use the Services (for instance, when you upload content to the Services).

We will only ask for your personal information from you directly. If you provide personal information to us about another person (for instance, personal information contained in content that you upload to the Website using the Services), you must ensure that:

  • the person to whom the personal information relates has authorised you to provide that personal information to us; and
  • you have informed that person about the contents of this Privacy Policy.

You can choose to deal with us anonymously or using a pseudonym, but it may mean that we are unable to provide the Services to you (and, possibly, to Your Business).

Why do we collect, use and disclose personal information?

We may collect, hold, use and disclose your personal information for the following purposes:

  • to enable you and/or Your Business (being our customer) to access and use the Services;
  • to respond to your queries (for instance, to verify your identity when you contact us for support);
  • to send you support and administrative messages, reminders, technical notices, updates, security alerts, and other information that you request;
  • to send you marketing and promotional information or other information that may be of interest to you, such as information about an event, special offer or services offered by our business partners – provided that you may opt out of receiving direct marketing from us by contacting us at the details noted at the end of this policy;
  • to understand your preferences, such as your language preferences;
  • to update and maintain the quality of the personal information that we have collected;
  • to improve our Services and business and to manage our operations;
  • to detect, prevent, mitigate the effects of and investigate any suspicious activities; and
  • to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.

We may also seek to identify and recover any personal information that has been leaked through a data breach, in order to assess and mitigate risk and comply with regulatory obligations (including with regard to notifying applicable regulators).

We only keep your personal information for as long as it is required for the purposes above. Under some circumstances, we may be required to keep some of your personal information for a specified period of time as required by law, including legal obligations relating to corporations, money laundering, and financial reporting legislation.

Fair and reasonable handling

We are committed to handling personal information in a manner that is fair and reasonable in the circumstances, taking into account your rights and expectations and the nature of our Services.

To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this Privacy Policy to:

  • our employees and related bodies corporate;
  • third party suppliers and service providers (including providers for the operation of the Services or in connection with providing the Services to you);
  • professional advisers, insurers and auditors;
  • our existing or potential agents, business partners or partners;
  • our sponsors or promoters of any competition that we conduct via our services;
  • anyone to whom our assets or businesses (or any part of them) are transferred;
  • specific third parties authorised by you to receive information held by us; and/or
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Acceptable Use

You must not use our Websites or Services to make available, publish or distribute personal data of any person in a manner that a reasonable person would regard, in all the circumstances, as menacing or harassing (including encouraging others to menace or harass). This includes names, photographs, telephone numbers, email addresses, online account identifiers, residential or business addresses and similar personal data. We will be entitled to suspend or remove content and accounts engaged in such conduct and may refer matters to law enforcement.

Targeting a person or group based on protected attributes (e.g. race, religion, sex, sexual orientation, gender identity, intersex status, disability, nationality, national or ethnic origin) may constitute an aggravated offence under the Criminal Code Act 1995 (Cth, Aust). We apply zero tolerance and will, to the extent within our control, act immediately to remove or block such content and report offending conduct.

If you believe personal data has been published in a menacing or harassing manner using our Services, please:

  • report it immediately to support@messagexchange.com with URLs, screenshots and timestamps; and
  • if it has been published as part of Customer Data, contact our relevant customer that owns that Customer Data (we will assist you to do so by directing you to that customer, where we are able).

We will acknowledge within 24 hours, assess promptly, and (except where we are unable to do so, in respect of Customer Data) remove or restrict access where appropriate. If we are unable to delete or redact the offending content (for example, because the relevant message processed through the SaaS Platform contains data of a number of parties), we will use reasonable commercial efforts to ensure that our relevant customer who owns that Customer Data does so. We may notify affected individuals and will cooperate with the OAIC/eSafety Commissioner and police as applicable.

You must use the Services in accordance with our Terms of Use of our Services, which prohibit doxxing and other harmful conduct. We may suspend or terminate access for violations.

Security of your personal information

Protecting your personal information: We hold your personal information in electronic and/ or hard copy form. We engage a third party cloud provider to store your information securely.

We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. We use a number of physical, administrative, personnel and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information. In particular, any electronic communications over the internet (including email, information that you provide to us using the Website, or content that you upload to the Services) are vulnerable to interception by third parties.

Technical and organisational measures: Our safeguards may include, as appropriate to the data type, encryption in transit and at rest (the latter in some cases being controlled by our service provider), access controls, logging and monitoring, multi-factor authentication, secure software development practices, third-party risk management, staff training, and incident response. We periodically assess and update these measures.

When personal information is no longer needed, we will take reasonable steps to destroy it (irretrievably) or de‑identify it (including ‘putting beyond use’ for electronic records), except where retention is required by law or court order.

Data breach notification: If we become aware of an eligible data breach likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under the Privacy Act, including notifying the OAIC and affected individuals in accordance with applicable law.

Website navigational information

MessageXchange uses information collected from cookies and other technologies to improve your user experience and the overall quality and security of our Services. For example, by saving your language preferences, we’ll be able to have our Services appear in the language you prefer. We may record certain information about your use of our Services, such as which pages you visit on our Website, the time and date of your visit and the internet protocol address assigned to your computer. Our automated systems analyse your content to provide you personally relevant product features, such as customized search results and tailored advertising.

Some cookies are essential for functionality, while others support analytics and marketing.

MessageXchange also uses third party service providers (such as Google reCAPTCHA) to help us operate our Website. Third party providers may collect information about your device, such as the type of device and its operating system, your IP address, and the actions you take on our site. Where third party providers use cookies, their use of cookies and the collection of data, is governed by their own privacy policy.

We use Google reCAPTCHA to help protect our Website from bot attacks and when you use reCAPTCHA on our Website, certain information is collected and processed by Google in accordance with the reCAPTCHA Terms of Service and its privacy policy. You can view the reCAPTCHA Terms of Service at https://policies.google.com/terms/recaptcha and Google’s privacy policy at https://policies.google.com/privacy.

Standing alone, cookies do not personally identify you, they merely recognize your Web browser and its activities. Information we collect when you are signed into the Website may be associated with your MessageXchange’s Account. When information is associated with your MessageXchange’s Account, we treat it as personal information, and it is covered by this Privacy Policy.

You may set your browser to block all cookies and manage your preferences through our cookie settings panel. However, it is important to note that certain features of our Website may be limited or not available if some or all of your cookies are disabled. We may not, for example, remember your language preferences if you disable certain types of cookies.

Third-party plug-ins may collect information about your use of the Website. For example, when you load a page on the Website that has a social plug-in from a third-party site or service, such as a “Follow Us” button, you are also loading content from that third-party site. That site may request cookies directly from your browser. These interactions are subject to the privacy policy of the third-party site. In addition, certain cookies and other tracking mechanisms on our Website are used by third parties for targeted online marketing and other purposes. These technologies allow a third party to recognize your computer or mobile device each time you visit the Website, but do not allow access to personal information from your MessageXchange’s Account. We do not have access or control over these third-party technologies, and they are not covered by our Privacy Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block cookies.

We also use Google Analytics and you can find out more about this at “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/.

Automated decision making, analytics and profiling

Our Services and Websites do not use automated decision making, analytics and profiling in any manner that would significantly affect individuals’ rights/interests.

Disclosure of personal information outside Australia

The MessageXchange operations team is based in Australia. To assist us in providing our service, we use third parties, such as Google, Salesforce, Pardot and Freshworks, whose services are provided, supported and hosted in Australia and overseas. When you provide your personal information to us, you consent to the disclosure of your information outside of Australia. We will make sure that any such overseas recipients have in place appropriate privacy, data handling and security measures to protect your information, consistently with the Australian Privacy Principles.

We will comply with Australian cross-border transfer requirements, including any approved country frameworks introduced under law, and continue to take reasonable steps to protect personal information transferred outside Australia in accordance with the Privacy Act.

Links to other websites

Our Website contains links to websites operated by third parties. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that

apply to those other websites may differ substantially from our Privacy Policy, so we encourage you to read them before using those websites.

Accessing, correcting and deleting your personal information

Access and correction requests: If you think that any personal information we hold about you in our Internal Systems is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

If you register for the Services and have set up an online account, you are able to access and update some of your personal information on our Internal Systems by visiting the “Profile” page after you successfully logon to the Website. You can also request that we update or correct any personal information that we hold about you on our Internal Systems by contacting our Help Desk. We will process Your request as soon as possible, provided we are not otherwise prevented from doing so on legal grounds. In some circumstances, we may need to arrange access to Your personal information through a person whom Your employer authorises. We may also need to verify your identity when you request your personal information.

Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. In particular, if you think any personal information held in Customer Data is inaccurate, our relevant customer is responsible for responding to your requests to access or correct such personal information. We will provide assistance to our customer to enable compliance to the extent reasonably required and technically practicable using our standard systems – but we cannot provide direct access to our infrastructure or databases, or respond directly to individuals except where required by law.

It is your responsibility to ensure that the personal information you provide to us is accurate, complete and up-to-date.

Subscribing and Unsubscribing from mailing lists

In connection with your use of the Services, we may send you notifications, promotional material, service announcements, administrative messages, and other information. You may opt out of some of those communications by contacting our Help Desk.

Notifying us of a Privacy Breach

If you wish to report a privacy breach, suspect there is a privacy breach, or wish to make a complaint about the way we have handled your personal information, please contact our Help Desk. Please include your name, email address and/or telephone number and clearly describe your complaint. We will respond to your complaint within 30 business days and endeavour in good faith to resolve any issues as soon as possible.

You should notify us as soon as possible if you become aware of any misuse of your password, and immediately change your password within the Services or via the “Forgotten Password” link on our Website.

Privacy policy updates and enquiries

We review this policy at least every 12 months and after material changes to our Services, this party suppliers, or legal requirements.

If you have any queries about our Privacy Policy, to access or correct your personal information or to make a complaint, please contact our Help Desk.

Contacting us

If you have any queries about this Privacy Policy, wish to exercise your rights, or make a complaint, please contact our Help Desk:

Email: support@messagexchange.com

The Office of the Australian Information Commissioner also provides information about privacy rights and complaint processes.