The purpose of this Policy is to establish the security, governance and operational standards that protect the confidentiality, integrity and availability of all information processed through the Pushworth Marketplace™.
This Policy applies to every person granted access to any Pushworth digital platform including Employees, Contractors, Venue Clients, Suppliers, Administrators and authorised third-party service providers.
It supports compliance with:
Privacy Act 1988 (Cth)
Australian Privacy Principles
Notifiable Data Breaches Scheme
Copyright Act 1968
Spam Act 2003
Electronic Transactions legislation
other applicable Australian legislation.
This Policy applies to every Pushworth digital platform including:
Pushworth Marketplace™
Pushworth Live™Super.Live™
WebsiteClient Portal
Supplier Portal
Mobile Applications
API Integrations
Google Workspace
Xero
ClickUp
Slack
Canva
Pushworth WikiCloud
Storage
Backup Systems
Pushworth is committed to:
Confidentiality
Integrity
Availability
Accountability
Least Privilege Access
Defence in Depth
Continuous Improvement
Introduce four classifications:
Restricted
Examples:
TFNs
Super Fund Details
Banking
Contracts
Identity Verification
Payment Files
Confidential
Customer Information
Supplier Information
Calendar
Data
Reports
Internal
Policies
Procedures
Training
Public
Marketing Assets
Websites
Social Media
Every account must:
have an individual login
use a strong password
never be shared
be removed immediately upon termination
Recommend MFA.
Role Based Access Control.
Examples:
Venue Administrator
Venue User
Booker
Accounts
Marketing
Supplier
Director
Developer
Support
Every permission documented.
Much stronger than 2025.Include:
HTTPS
TLS
Encrypted Passwords
Secure Cookies
Session Timeouts
Automatic Logout
Password Reset
Account Lockout
Audit Logging
New section.State that Pushworth stores:
Super FundMembership
USI
TFN (where required)
Payment HistoryE
xplain:only used for Super.Live administration.
Include the threat model you prepared.
Protect against:
Credential stuffing
SQL
Injection
Cross Site Scripting
IDOR
Phishing
Session Hijacking
Bot Scraping
Malware
Social Engineering
Ransomware
Virus scanning
File validation
Maximum file size
Allowed formats
Secure storage
Authentication logs
Download logs
Audit trail
Rate limiting
Intrusion monitoring
Immediate reporting.
Contain.
Investigate.
Recover.
Review.
Notify OAIC where required.
Financial
Contracts
Insurance
Super.Live Audit
Portal Accounts
Archived Users
Deletion schedule.
List:
Google
Xero
ClickUp
Cloudflare (if used)
HostingPayment gateways
State:
Pushworth only uses providers that maintain appropriate security standards.
AI assists
Humans decide.
No automated legal decisions.
No automated financial decisions.
No automated contract approvals.
Venues.
Artists.
Bookers.
Employees.
Directors.
Developers.
Annual review.
Penetration testing.
Access review.
Incident review.
Continuous improvement.
All users acknowledge this Policy by accepting the Pushworth Portal Terms of Use and, where applicable, through employment, contractor or onboarding agreements.
