Privacy Policy

Our stance on privacy in plain English: We'll protect your privacy at all costs and will not share it with anyone: unless we are absolutely legally required to do so under Australian law.

We care deeply about protecting your privacy. Here's a summary of our privacy commitments that we commit to every past, present and future customer of ours; on-top of the commitments below we also store all customer information, data and transactional data fully encrypted.

We'll never spam you:

We do not and will not send any notifications for any irrelevant services or products.

When any changes are being made to your existing services, we will send you a notification.

We don't share info:

We will never, ever, disclose your personal information without your explicit permission or share it with a 3rd party.

Unless required by law, we will never, ever, share any of your information.

We'll protect your rights:

We stand up and fight for our rights and we'll fight fearlessly for your rights.

We will never disclose any of your information or data to any 3rd party unless required by a legally tendered Australian court order.

You're in control, not us:

You can update and view all your account information and preferences at any time.

You can destructively and permanently destroy your information and data when you choose to, including backups.

How we will treat your information

We will not sell, trade or rent your personal information to anyone. Ever. Period. This includes our suppliers, service providers, consultant or any other third party including law enforcement unless legally required to do so.

Microsoft Licensees & Reporting

For customers that spend more than $1,000 per month with us on Microsoft licensing, we are required under the terms of our Microsoft licensing program to include the customer's name (i.e. business name) and postal address to Microsoft as part of our monthly licensing reporting. In the event that Microsoft require us to share this information, we will gain explicit permission from the customer.

Apple Authorised Service Providers

We are required to supply a customer name, postal address and e-mail address to Apple Authorised Service Providers for the purpose of supplying warranty and out-of-warranty repair services to our customers. In the event that a warranty or out-of-warranty repair is required, we will gain explicit permission from our customer to share this information.

Accountants & Bank Reconciliation

We utilise the services of 3rd party accountants and perform all bank reconciliation ourselves, automatically. We do not share personal information, contact information or personally identifiable information with any 3rd parties, including our accountants. The data provided to our accountants is anonymised and suitable only for them to complete Business Activity Statements, reports, and balance sheets.

All bank reconciliation and payment processing, payments and direct deposits is handled internally and via automatic methods. In the event that manual intervention is required, a company director performs such intervention and if an external accountant is required for assistance no identifiable information is shared except for amounts paid and bank reference numbers.

Our stance on law enforcement

We will co-operate with all investigations conducted by Australian law enforcement authorities only when legally required to do so.

We will attempt to notify you any time we are forced to disclose your personally identifiable information unless we are legally prevented from doing so.

The information we collect

Personal information: name, e-mail addresses, phone numbers and postal addresses

All personally identifiable information will only be accessed or used to maintain billing records, or if it's necessary to maintain our systems, or when you have specifically requested us to do so (e.g. to provide technical assistance).

Encrypted information: passwords, backup sets and file server data

All passwords and secured data (e.g. backup sets) are stored on our systems in encrypted form - not even our engineers can access this information! If you lose your password, we will generate a new one and send it to you.

Managed information: administrative & root passwords and other master passwords

Where managed support (e.g. on-site and remote support) is provided, the plain-text management passwords will be stored on a printed piece of paper inside a security sealed envelope that will be deposited at a company director's personal solicitor for storage within a safe deposit box.

In the event of a catastrophic event (e.g. company directors dying) Innovative Paska Pty Ltd T/AS TotalServe has business continuation documentation and procedures in place with solicators to ensure a secure hand-over of this sealed envelope and plain-text password information takes place to the correct entitles (i.e. to the director or business owner of our end-customer).

Transactional information: bills, loans, payments, debts

We store and work with information about money and debts. The information we store allows us to raise invoices, collect debts, provide quotes and other billing and accountant practices.

Site information & confidential documentation: set-up docs, implementation guides and specifications

We store and record site information and other confidential documentation for the purpose of supplying managed support and managed solutions to our customers. Such information, while diverse, can and does contain confidential information for example: detailed documentation to the set-up, workings and implementation of security systems and the mechanism in-place to protect such systems and the data it stores.

Such information is stored fully encrypted and is accessible only by company directors under strict conditions.

How do we store information?

Contact & personal information

Contact information is stored in an encrypted PostgreSQL database that is accessible only within our internal network and by our helpdesk system (again, only accessible internally). Occasionally, this information will be synchronised to our desktops, notebooks and mobile phones. As internal policy, we protect all notebooks and desktops with Symantec PGP Whole Disk Encryption.

Hosted Exchange 2010

E-mails, calendaring data, global address lists and all other hosted Exchange 2010 data is currently stored on fully encrypted BitLocker volumes, that is seperate to our Storage Area Network (SAN). We are currently investigating a long-term and scalable encryption pathway for our SAN storage.

Site information & confidential documentation

Site information & confidential documentation is stored in independent (i.e. an encryption vault per customer), and separated fully encrypted containers in an internally only accessible location accessibly only by management.

Transactional information

Transactional information, including payment details is stored in our own billing system that utilises an encrypted PostgreSQL database. Company directors access such systems with a master password (to unlock the encrypted database) and their own password (to authorise them access to the system).


All backups, including backup sets of customer data and internal data is stored in fully encrypted backup containers utilsing various technologies from Synmantic (PGP), TrueCrypt and Microsoft.

How do we access information?

All information can only be accessed from our internal Canberra and Sydney networks via strong two-factor authentication: password and USB hardware token. Typically access must be granted by a company director, i.e. a company director must mount the encrypted container on a staff workstation.

Critical staff do have external Virtual Private Network (VPN) connectivity to our offices, however as a multi-tiered security approach internal file servers are not accessible and the only systems that external staff can access are internal e-mail, calendaring and tasks management systems and our helpdesk system.

If access to site information & confidential documentation is required, access can only be permitted when physically inside our information and with the authorisation of a company director. All staff and directors are assigned hardware USB tokens and private/public key authentication files, and we employ strong access controls to internal systems as both policy and technical implementations.

For more information regarding internal policies and procedures, we can provide our internal Business Continuity and Business Plan documentation as part of a supervised viewing (i.e. we won't allow for you to keep a copy of this documentation) to customers and their solicators who agree to a Non-Disclosure Agreement.