Privacy Policy

Actis Docs is a secure document management and collection platform developed and operated by Salus Software Pty Ltd. Protecting privacy is a core principle of how the service is designed and operated.

This page explains how personal information is collected, used, stored, disclosed, protected, and otherwise processed when people use Actis Docs, including the website, web application, client upload portals, and related services that link to this policy.

By using the services, users acknowledge the practices described in this policy. Where Actis Docs processes personal information on behalf of a customer, that customer is generally responsible for the lawful basis, notices, permissions, and other processing requirements applicable to that information.

In many normal Actis Docs workflows, Salus Software acts as a processor, operator, or service provider on behalf of its customers. This means customers typically determine why personal information is collected and used, while Salus Software provides the infrastructure and workflow tools that support that processing.

Customers are responsible for ensuring that personal information submitted to or processed through Actis Docs is collected, used, disclosed, and otherwise processed lawfully, including putting in place any notices, permissions, consents, authorisations, or other lawful grounds required by applicable law.

Salus Software implements and maintains reasonable technical and organisational safeguards appropriate to its role and may provide data processing terms for business customers where needed.

The types of personal information processed through Actis Docs depend on how the service is used, but may include the following:

• Account and profile information: name, email address, phone number, login details, and optional profile information.
• Document workflow information: names, contact details, request history, document metadata, upload history, review outcomes, timestamps, and other transaction-related records.
• Payment information: billing and payment details when paid features are used, generally through secure third-party payment providers.
• Support and communications: messages, enquiries, feedback, and support requests.
• Technical and usage information: IP address, browser type, device identifiers, operating system, error reports, authentication events, system logs, page interactions, and similar telemetry.
• Information from third parties: information provided by customers, connected services, or integrations used with Actis Docs.

Personal information is used only where reasonably necessary for the operation, delivery, maintenance, security, and improvement of Actis Docs.

• To provide document request, upload, review, and export workflows.
• To create and manage user accounts and subscriptions.
• To communicate with users about service notices, billing, support, security alerts, and operational updates.
• To detect, prevent, investigate, and respond to misuse, fraud, abuse, and security incidents.
• To comply with legal obligations and establish, exercise, or defend legal claims.
• To maintain, improve, test, and develop the services, preferably using aggregated, de-identified, or anonymized information where reasonably practicable.

Actis Docs does not sell personal information and does not use personal information submitted through document workflows for third-party advertising purposes.

Depending on the jurisdiction and the nature of the relevant processing, lawful bases may include:

• performance of a contract;
• compliance with legal obligations;
• legitimate interests such as security, fraud prevention, and service reliability; and
• consent, where required for particular activities such as optional marketing communications.

Where Salus Software acts as a processor on behalf of a customer, the customer is generally the controller and determines the lawful basis for the underlying processing.

Personal information may be disclosed only where reasonably necessary for the operation of Actis Docs and related legal or operational requirements.

• Service providers: including providers that support hosting, infrastructure, databases, storage, security, analytics, support, communication delivery, and payment processing.
• Affiliates: where necessary for internal administration, support, compliance, or operational purposes.
• Customers and intended recipients: where documents or related information are meant to be shared, transmitted, reviewed, or delivered through the service.
• Legal and regulatory authorities: where disclosure is required by law, legal process, lawful request, or to protect rights, property, data, systems, or security.
• Business transfers: in connection with a merger, acquisition, restructuring, financing, or similar transaction, subject to appropriate confidentiality protections.

Third-party providers engaged to support Actis Docs are expected to be subject to confidentiality, security, and data protection obligations appropriate to their role.

Different categories of information are kept for different periods, depending on what the information is and why it is needed.

• Account data is generally retained for as long as an account remains active and for a further period reasonably necessary to complete closure, comply with legal or regulatory obligations, maintain required business records, resolve disputes, or enforce agreements.
• Document and transaction data is retained only for a limited period. Unless a shorter setting applies, documents and workflow-related submissions are generally retained for no longer than one month from submission, upload, transmission, or receipt, after which they are deleted or irreversibly anonymized, subject to legal hold, dispute preservation, or security requirements.
• Event logs and audit trail data may be retained for longer, including where needed for security, monitoring, evidentiary purposes, service history, compliance, or dispute resolution.

Where information is no longer required and no legal or operational basis for retention applies, it will be deleted or irreversibly anonymized within a commercially reasonable time.

Salus Software implements reasonable administrative, technical, and organisational measures designed to protect personal information processed through Actis Docs against unauthorized access, disclosure, alteration, misuse, loss, or destruction.

• encryption in transit and, where applicable, at rest;
• role-based access controls and least-privilege principles;
• authentication and credential security measures;
• logging, monitoring, and audit mechanisms;
• vulnerability management, patching, and testing;
• incident detection, response, containment, and remediation.

No method of transmission, storage, or processing is completely secure or error-free. Users remain responsible for maintaining the confidentiality of their credentials and for using appropriate account security practices.

If a suspected or actual personal information breach affecting Actis Docs is identified, Salus Software will investigate and take reasonable steps to contain, assess, mitigate, and remediate the issue. Where required by law or contract, relevant customers will be notified within a reasonable time.

Depending on the laws that apply, individuals may have rights to:

• access, review, or obtain a copy of personal information;
• correct inaccurate or incomplete personal information;
• request deletion of personal information;
• restrict or object to certain processing;
• withdraw consent where processing is based on consent.

Requests may be sent to legal@salus-software.com. Where Actis Docs processes information on behalf of a customer, the relevant customer may need to handle or authorize the request.

Actis Docs is intended for business and professional use and is not directed to children. Salus Software does not knowingly collect personal information directly from children or minors in circumstances where valid authorization is required and has not been obtained.

If Salus Software becomes aware that information has been collected in breach of this principle, reasonable steps will be taken to delete the information or otherwise restrict its processing unless retention is required by law.

Actis Docs may process, host, store, or transfer personal information in or to countries other than the country in which the information was originally collected, where reasonably necessary for the operation of the services.

Where personal information is transferred across borders, Salus Software will implement reasonable and appropriate safeguards as required by applicable law. These may include contractual protections, data processing agreements, standard contractual clauses where applicable, and other recognized lawful transfer mechanisms.

Aggregated, de-identified, or anonymized information may be used to maintain, improve, secure, and develop Actis Docs, including service automation and system functionality.

Personal information and document content submitted through Actis Docs for customer workflows is not used to train artificial intelligence models unless the relevant customer or user has expressly consented to that use.

Actis Docs does not use personal information for automated decision-making that produces legal or similarly significant effects.

Actis Docs follows a privacy-minimisation approach. Cookies and similar technologies are used mainly to support secure, reliable, and proper operation of the services rather than advertising or behavioural profiling.

What may be used

Technologies may include cookies, local storage, session storage, server-side identifiers, security tokens, and limited telemetry. These tools help with authentication, session continuity, request routing, fraud prevention, error diagnosis, and service reliability.

Categories used

• Strictly necessary technologies: required for authentication, secure sessions, CSRF protection, routing, fraud prevention, tenant-safe access, and similar core functions.
• Functional technologies: used to remember preferences, maintain login persistence, and keep the interface consistent.
• Performance and diagnostic technologies: used in a limited way to understand errors, uptime, system stability, and service reliability. Where reasonably practicable, this information is aggregated or anonymized.

What is not used

Actis Docs does not use advertising cookies, retargeting technologies, behavioural advertising trackers, or third-party ad network profiling on the platform.

Third-party infrastructure providers

Certain third-party infrastructure, security, hosting, uptime, or monitoring providers may rely on technical cookies or similar technologies where necessary to deliver the service securely and reliably. These providers are used to support the operation of Actis Docs, not for unrelated advertising purposes.

Client upload portals

Secure upload portals may use short-lived session-based technologies to maintain upload sessions, prevent abuse, and ensure that files are associated with the correct customer workspace and request flow.

Cookie duration and control

Some technologies are session-based and expire when a browser closes. Others may persist for a limited period where necessary to remember settings or improve continuity. Users can manage cookies through their browser controls, but blocking essential technologies may affect login, uploads, or other core features.

Consent where required

Where applicable law requires consent for non-essential cookies or similar technologies, those technologies will only be used after the required consent has been obtained.

This policy may be updated from time to time to reflect changes in legal requirements, service functionality, or privacy practices.

Updated versions will be published with a revised version date, and where required users may also be notified through the services or by email.

Questions, concerns, or rights requests relating to privacy may be directed to: