Privacy Policy

CYBER RANGE SAAS TERMS & CONDITIONS

Effective date: 13 June 2026

Last updated on 26 Nov 2025

Security Impossible Pty Ltd ("Security Impossible", "we", "us" or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and protect personal information, and how we comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to our website, our Cyber Range and Training SOC platforms, and our dealings with prospective and current customers, partners, and the people who use our products.

SECURITY IMPOSSIBLE PTY LTD

 

CYBER RANGE SAAS TERMS & CONDITIONS

 

Version 1.0

 

Effective Date: [Insert Date]

 

These Terms & Conditions (“Terms”) govern the use of the Cyber Range SaaS platform (“Service”) provided by Security Impossible Pty Ltd, ABN [insert if desired], 45 Rockley Road, South Yarra, Melbourne VIC 3141 (“Security Impossible”, “we”, “us”, “our”) to the customer (“Client”, “you”, “your”).

 

By accessing or using the Service, the Client agrees to be bound by these Terms.

 

If there is a separate signed Cyber Range Service Agreement, that document prevails where there is any inconsistency. Otherwise, these Terms form the complete governing framework for access and use of the Service.


1. Definitions

 

“Service”

The hosted Cyber Range SaaS platform, virtual machines, labs, courses, modules, simulations, portals, dashboards, and associated materials provided by Security Impossible.

 

“Client Data”

All data, information, records, student details, or materials supplied by the Client or its Users.

 

“Users”

Individuals authorised by the Client to access the Service, including students, instructors, and administrators.

 

“Content”

All modules, labs, virtual machines, scenarios, exercises, instructional materials, and assessments created or supplied by Security Impossible.

 

“Professional Services”

Any custom content development, integrations, consulting, or training services provided separately.

 

“Cloud Provider”

Third-party providers (e.g., Microsoft Azure) hosting the platform, infrastructure, or components.


2. Grant of Licence

 

Security Impossible grants the Client a non-exclusive, non-transferable, time-limited licence to access and use the Service for educational, training, and instructional purposes during the Term.

 

The Client may:

  • Allow authorised Users to access the Service

  • Use, deliver, and review course content for educational purposes

  • Access reporting and management dashboards

 

The Client may not:

  • Resell, redistribute, sublicense, or commercially exploit the Service

  • Grant access to individuals outside the authorised User list

  • Use the Service to host or deliver content unrelated to the Cyber Range environment unless explicitly permitted


3. Acceptable Use

 

To protect the integrity of the Service and Security Impossible’s IP, the Client agrees that Users will not:

  1. Reverse engineer the platform, labs, simulations, or content

  2. Copy, clone, replicate, download, or export any virtual machine, scenario, image, or software

  3. Conduct penetration testing, security scanning, automated probing, or exploit testing against the platform

  4. Perform malicious or unauthorised cyber activities

  5. Share login credentials or allow credential pooling

  6. Remove, obscure, or modify branding, disclaimers, or copyright notices

  7. Circumvent security controls, rate limits, or environment boundaries

 

Security Impossible may temporarily suspend access if the Client or Users cause:

  • Threats to system stability

  • Misuse or abuse

  • Excessive load

  • Security risk

 

Access will be restored upon resolution.


4. Availability & Performance

 

Security Impossible will use reasonable efforts to ensure continuous availability of the Service.

 

The Client acknowledges:

  • The Service relies on cloud providers that maintain ISO 27001 and SOC 2 certifications

  • There may be planned maintenance windows (announced in advance where possible)

  • Occasional unplanned outages may occur beyond Security Impossible’s control

  • No guaranteed uptime level is provided unless specified in a separate SLA


5. Support

 

Security Impossible provides support during:

 

Education-Friendly Support Hours:

8:00am – 6:00pm AEST, Monday to Friday (excluding VIC public holidays)

 

Support channels:

  • Email ticketing

  • Technical troubleshooting

  • Best-effort response times based on severity

 

Critical issues will be prioritised, but no legally binding response SLA is provided unless agreed separately.


6. Client Responsibilities

 

Client agrees to:

  • Maintain accurate User details

  • Ensure devices and networks meet technical requirements

  • Ensure Users behave safely and ethically in the cyber labs

  • Notify Security Impossible of any security concerns promptly

  • Not attempt to copy or replicate the Service in any form

  • Ensure all activities comply with applicable laws

  • Maintain administrative control of User provisioning and access


7. Data Protection & Privacy

 

7.1 Ownership

 

The Client retains ownership of all Client Data.

 

7.2 Processing

 

Security Impossible processes Client Data solely for:

  • Providing the Service

  • Support, troubleshooting, and performance

  • Usage analytics (non-PII where possible)

  • Security monitoring

 

7.3 Data Storage

 

Data is stored and processed within Australia, unless otherwise agreed in writing.

 

7.4 Protection

 

Security Impossible implements:

  • Secure hosting

  • Encryption at rest and in transit (where supported by the cloud provider)

  • Access controls

  • Audit logging

  • Regular patching and updates

 

7.5 No External Sharing

 

Security Impossible does not share Client Data with third parties except:

  • Cloud infrastructure providers

  • Contracted support vendors (under confidentiality obligations)

  • Where required by law


8. Intellectual Property

 

All IP rights in:

  • The Cyber Range platform

  • Labs, modules, scenarios

  • Virtual machines, images, and configurations

  • Documentation, guides, and assessments

  • Software, code, and systems

remain exclusively owned by Security Impossible.

 

Client obtains only a limited licence to access and use them during the Term.

 

8.1 Custom Content

 

Where Security Impossible creates custom labs or content for the Client:

  • Security Impossible retains ownership unless an SOW explicitly transfers IP

  • Client receives a licence to use the custom content for the duration of its subscription


9. Professional Services

 

Any request for:

  • Custom lab development

  • Additional scenarios

  • Integration work

  • Advanced workshops

  • Extended onboarding or training

 

will be quoted separately and governed by a Statement of Work (SOW).


10. Fees & Payment

  • Fees are as stated in the executed Service Agreement

  • Payment is due within the specified payment period

  • Failure to pay may result in suspension after notice

  • No refunds are provided for early termination

  • Taxes, GST, or levies are the responsibility of the Client


11. Suspension

 

Security Impossible may suspend access (with notice where possible) for:

  • Non-payment

  • Security threats

  • Misuse or violation of these Terms

  • Platform integrity risks

  • Maintenance or updates

 

Access will be restored once the issue is resolved.


12. Term & Termination

 

12.1 Term

 

As defined in the Service Agreement.

 

12.2 Termination for Breach

 

Either party may terminate if the other fails to remedy a material breach within 30 days of written notice.

 

12.3 Termination for Non-Payment

 

Security Impossible may suspend or terminate access after 7 days’ notice.

 

12.4 Post-Termination

 

Upon termination:

  • Access ends

  • Data may be exported upon request (within 30 days)

  • Fees remain payable


13. Liability & Disclaimers

 

13.1 Liability Cap

 

To the maximum extent permitted by law, Security Impossible’s total liability is limited to the total fees paid by the Client in the preceding 12 months.

 

13.2 Exclusions

 

Security Impossible is not liable for:

  • Indirect, incidental, special, or consequential losses

  • Loss of use, data, revenue, or academic outcomes

  • Actions or misuse by Users

  • Cloud provider outages or failures

  • Internet disruptions outside Security Impossible’s control

  • Unauthorised access resulting from Client negligence

 

13.3 No Warranties

 

The Service is provided on an “as-is” and “as-available” basis.

No warranties, express or implied (including merchantability or fitness for purpose), are provided.


14. Governing Law

 

These Terms are governed by the laws of Victoria, Australia, and subject to the exclusive jurisdiction of its courts.


15. Entire Agreement

 

These Terms, together with the Cyber Range Service Agreement and any SOWs, constitute the entire agreement between the Parties.


16. Amendments

 

Security Impossible may update these Terms from time to time.

Material changes will be communicated to the Client.


17. Contact

 

Security Impossible Pty Ltd

45 Rockley Road, South Yarra, Melbourne VIC 3141

Email: contact@securityimpossible.com

Website: https://securityimpossible.com

 

1. Information we collect
Website visitors and enquiries: when you book a demo, contact us, request a case study or otherwise get in touch, we may collect your name, work email address, phone number, organisation or institution, role, and the content of your message.
Platform users (students, instructors and administrators): when an institution or organisation deploys our Cyber Range or Training SOC to its users, we may collect account and usage information such as name, institutional email, the cohort or class you belong to, lab and course progress, scores and assessment results, and activity logs. In most cases this information is provided to us by, and processed on behalf of, that institution (see section 3).
Technical information: when you visit our website or use our platforms we automatically collect information such as IP address, device and browser type, pages viewed, and the dates and times of access.
We do not seek to collect sensitive information through our website. Please do not send us sensitive information unless we specifically request it.

2. How we use your information
We use personal information to: respond to your enquiries and provide demonstrations; provide, operate, maintain, secure and improve the Cyber Range and Training SOC; deliver labs and learning content and make analytics and reporting available to instructors and administrators; manage our relationship with customers and partners, including billing and account administration; send service-related communications and, where permitted, relevant marketing (you can opt out at any time); and meet our legal, regulatory and security obligations.
Where we rely on consent for a particular use, you may withdraw that consent at any time.

3. When we act on behalf of an institution
When we provide the Cyber Range or Training SOC to an institution or organisation, the personal information of that organisation's students and staff is generally handled by us on the organisation's behalf and in line with our agreement with them. In those cases the organisation is responsible for how that information is collected and used, and for the privacy notices given to its users. If you are a student or staff member with questions about your data, please contact your institution first, or contact us and we will assist.

4. Disclosure of your information
We do not sell your personal information. We may disclose it to: service providers and contractors who help us operate our business and deliver our platforms (such as cloud hosting, support tooling, email delivery and analytics), under confidentiality and data-protection obligations; the institution on whose behalf we process platform data; professional advisers, and parties involved in a corporate transaction such as a merger or sale; and law enforcement, regulators or others where required or authorised by law.

5. Data hosting and overseas disclosure
We host customer and platform data on Australian-based infrastructure, keeping student and institution data in-country. We do not routinely disclose personal information to overseas recipients. If, in limited circumstances, a service provider operates or stores data outside Australia, we take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles.

6. Cookies and analytics
Our website uses cookies and similar technologies to make the site work, remember your preferences, and understand how the site is used so we can improve it. We use Google Analytics to collect aggregated, statistical information about website usage; it may set cookies and process usage data on our behalf. You can control or disable cookies through your browser settings (though some parts of the site may not work as intended), and you can opt out of Google Analytics using Google's browser opt-out tools.

7. Security and data retention
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure — including access controls, isolation and sandboxing of lab environments, encryption in transit, monitoring, and staff policies and training. No method of transmission or storage is completely secure, but we work continually to strengthen our safeguards.
We keep personal information only for as long as it is needed for the purposes set out in this policy, or as required by law or our agreements with institutions. When it is no longer required, we take reasonable steps to securely delete or de-identify it.

8. Your rights: access, correction and complaints
You may request access to the personal information we hold about you, and ask us to correct it if it is inaccurate, out of date, incomplete or misleading (Australian Privacy Principles 12 and 13). To make a request, contact us using the details below; we will respond within a reasonable period. If you have a complaint about how we have handled your personal information, please contact us first so we can investigate. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

9. Children's privacy, changes and contact
Our website is not directed to individuals under 18. If you believe a child has provided us with personal information, please contact us and we will take steps to remove it.
We may update this Privacy Policy from time to time. The current version will always be available on our website, and the effective date above shows when it was last revised.
Questions, requests or complaints: Security Impossible Pty Ltd — contact@securityimpossible.com, +61 435 743 699.