BLIP By RiskLabs
How it works The Radar Features Use cases Why Blip
Book a demo →
On this page
  1. Who we are
  2. What we collect
  3. Why we collect it
  4. Who we share it with
  5. Where data lives
  6. How long we keep it
  7. Your rights
  8. Cookies & analytics
  9. Children
  10. Changes
  11. Contact us
Privacy

Privacy.

Plain-language summary of how RiskLabs handles personal information in the Blip product. Aligned with the Australian Privacy Act 1988, the Australian Privacy Principles (APPs), and the essentials of the EU General Data Protection Regulation (GDPR).

Last updated: 2026-04-30

Who we are

Blip is a product of RiskLabs Pty Ltd ("RiskLabs", "we", "us"), an Australian company. For privacy purposes we are the data controller for personal information collected via Blip.

Registered address and ABN to be confirmed and listed here once finalised.

What we collect

The information we hold depends on which surface of Blip you use.

Marketing site (www.risklabs.io)

  • Anonymous pageviews, referrer URLs, and country, captured by Cloudflare Web Analytics. No cookies are set.
  • Standard server-side request metadata (IP address, user-agent, timestamp) retained briefly for security and abuse prevention.
  • Nothing else. The marketing site does not require an account.

Application (blip.risklabs.io) — when you have an account

  • Identity — your name, work email, and Auth0 profile claims (e.g. organisation, role).
  • Responses — answers you give to risk questions ("Pings"), associated risk areas, timestamps.
  • Membership — which organisation(s) you belong to and your role within them.
  • Audit metadata — login events, configuration changes, export actions, retained for security and compliance.
  • Operational telemetry — error reports, performance traces, captured via Azure Application Insights to keep the app reliable.

Why we collect it (lawful basis)

We collect what we need to provide and improve the service. Under GDPR our lawful bases are contractual necessity (delivering Blip to your organisation) and legitimate interests (security, fraud prevention, product improvement). Under the Privacy Act we collect under APP 3 with the purposes notified in this policy (APP 5).

Who we share it with

We use a small number of trusted sub-processors to operate Blip. We don't sell personal information.

Sub-processorRoleRegion
Amazon Web ServicesHosting (marketing site, asset storage)US (us-east-1)
Microsoft AzureApplication hosting, database, observability (Application Insights, Cosmos DB)Australia (ap-southeast-2 equivalent)
Auth0 (Okta)Identity and authenticationUS / EU
CloudflareCookieless web analyticsGlobal edge
SendGrid (Twilio)Transactional emailUS

Where a sub-processor stores or processes data outside Australia or the EEA, transfers are covered by the provider's standard contractual clauses or equivalent safeguards.

Where data lives

Primary processing of customer data happens in Australia (Microsoft Azure, ap-southeast-2 region equivalent). Some metadata — analytics, identity, transactional email — may transit US-based providers under the safeguards above.

How long we keep it

  • Account data: retained for the life of your account.
  • After account deletion: 90 days for backups and reversal-of-mistake protection, after which we delete or anonymise — unless we are required to retain it longer for legal, tax, or audit reasons.
  • Marketing-site analytics: aggregated at the source by Cloudflare; we don't store an individual-level record.

Your rights

You can:

  • Ask what personal information we hold about you (access).
  • Have it corrected if it's wrong.
  • Have it deleted, subject to the retention rules above.
  • Receive an export in a portable format.
  • Withdraw consent where consent is the basis for processing.
  • Make a complaint — to us first, and to the Office of the Australian Information Commissioner (OAIC) if we don't resolve it. EU users may complain to their national supervisory authority.

Requests go to hello@risklabs.io. We aim to respond within 30 days.

Cookies & analytics

The marketing site uses Cloudflare Web Analytics, which is cookieless and aggregates data without identifying individuals. No consent banner is required for it.

The application sets functional cookies necessary for sign-in and session management. When we add product analytics for the application (e.g. PostHog), we will request your consent before any non-essential cookies are set, and update this page accordingly.

Children

Blip is built for organisations and is not intended for users under 16. We don't knowingly collect personal information from children. If you believe we hold information about a child, contact us and we will delete it.

Changes to this policy

We update this page when our practices change. Material changes affecting how we use existing customer data will be notified to account holders via email before they take effect.

Contact us

For privacy questions, data-subject requests, or anything else covered in this policy, email hello@risklabs.io.

BLIP By RiskLabs

Crowdsourced risk management. See what your organisation sees — before anyone else does.

RiskLabs
Product
  • Radar
  • Crowdsourced Risk
  • Insights
Company
  • About
  • Contact
Trust
  • Privacy
  • Security
© 2026 RiskLabs Pty Ltd · Made in Sydney
v2.4.1 — last scan 14s ago