Acceptable Use Policy — Trust Centre — Compass IoT
Security

Trust Centre

Acceptable Use Policy

The rules governing how employees and contractors use Compass IoT systems, devices, data, and network resources — and what constitutes unacceptable use.

Last updated May 2026 · Compass IoT Pty Ltd

Our commitment

Compass IoT systems and assets exist to support our work. Using them responsibly protects everyone.

This policy applies to all employees, contractors, and anyone else granted access to Compass IoT systems, networks, devices, or data. It must be read and agreed to as a condition of access, and applies wherever and however work is carried out — in the office, remotely, or on personal devices.

Acceptable use

What you may do

Policy in place

Compass IoT systems and resources are provided for business purposes. Incidental personal use is permitted where it does not interfere with work, consume significant resources, or create security risk. Covered persons may:

  • Use company systems for legitimate business activities related to their role.
  • Access the internet for work purposes, including research, communication, and collaboration tools.
  • Use company-approved software, platforms, and communication tools.
  • Store work-related files on company-approved storage systems.

Unacceptable use

What you may not do

The following are prohibited on any Compass IoT system, network, or device — including personal devices used to access Compass IoT resources:

  • Accessing, storing, or transmitting content that is illegal, offensive, discriminatory, or in breach of any applicable law.
  • Installing unauthorised software or tools without approval from the engineering or IT team.
  • Sharing credentials, access keys, or passwords with any other person — including colleagues.
  • Attempting to access systems, data, or accounts beyond your authorised scope.
  • Disabling, bypassing, or interfering with security controls, monitoring tools, or access management systems.
  • Using company systems for personal commercial activity, cryptocurrency mining, or any activity unrelated to Compass IoT's business.
  • Transmitting or storing confidential Compass IoT or customer data on unauthorised third-party services or personal storage.
  • Connecting untrusted or unmanaged devices to the Compass IoT network without authorisation.

Data handling

Handling company and customer data

All covered persons are responsible for handling data in accordance with our Data Classification and Retention Policy. In particular:

  • Confidential and Restricted data must not be stored on personal devices or unauthorised cloud storage services.
  • Customer data must not be shared externally without explicit authorisation and appropriate contractual protections.
  • Data must not be retained beyond its defined retention period or after the end of employment or engagement.
  • Any accidental disclosure of data — however minor — must be reported to the security team immediately.

Reporting and consequences

Breaches and reporting

Suspected breaches of this policy — whether by yourself or others — should be reported to the security team as soon as possible. Reports made in good faith will not result in retaliation.

Breaches of this policy may result in disciplinary action up to and including termination of employment or engagement, and may be referred to relevant authorities where the breach constitutes a criminal offence.

Policy review

Ownership and review

This policy is owned by the Compass IoT leadership team and reviewed annually, or when material changes occur to our systems, ways of working, or applicable law.

Questions

Get in touch

Questions about acceptable use or reporting a concern.