One price. Everything covered.

1. Who we are

The Urban Network Group Pty Ltd is a managed IT and security services provider operating across Sydney, Brisbane, and Melbourne. Our contact details are:
Email: sales@theurbannetwork.tech
Phone: +61 (0) 402 338 763

2. What personal information we collect

We collect personal information that is necessary to provide our services. This may include:

• Contact information: name, email address, phone number, job title, company name and address
• Technical information: IP addresses, device identifiers, network configuration details, and system logs collected in the course of delivering managed IT services
• Financial information: billing address and payment details (processed securely through third-party payment providers; we do not store full card details)
• Communications: records of correspondence, support tickets, and service requests
• Website usage data: pages visited, time on site, browser type, and referral sources collected via cookies and analytics tools

We collect personal information only by lawful and fair means, and only where necessary for one or more of our functions or activities.

3. How we collect your information

We collect information directly from you when you:

• Submit an enquiry form or request a free IT audit on our website
• Engage us to provide managed IT or security services
• Contact us by phone, email, or chat
• Subscribe to our newsletter or download resources
• Attend an event or webinar we host or participate in

We may also collect information from third parties such as referral partners, publicly available sources, or from your systems in the course of delivering contracted services.

4. Why we collect and use your information

We use personal information to:

• Provide, manage, and improve our managed IT and security services
• Respond to enquiries and provide customer support
• Issue invoices and manage payments
• Send service-related communications, including security alerts and maintenance notifications
• Send marketing communications where you have consented or where permitted under applicable law
• Comply with our legal and regulatory obligations
• Improve our website and service offerings through analytics
• Conduct security monitoring and incident response on behalf of clients

5. Disclosure of your information

We do not sell your personal information. We may share it with:

• Service providers: third-party vendors who assist in delivering our services (e.g. Microsoft, Google, RMM and PSA platforms, cloud providers) — all bound by confidentiality obligations
• Professional advisers: accountants, lawyers, and auditors where required
• Law enforcement or regulators: where required by law, court order, or to protect our legal rights
• Business successors: in the event of a merger, acquisition, or sale of assets, with appropriate confidentiality protections

Some of our service providers may be located overseas (including the United States and European Union). Where we transfer personal information internationally, we take steps to ensure the recipient provides protections equivalent to the APPs.

6. Data retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Client records are generally retained for seven (7) years in accordance with Australian taxation law. Marketing data is held until you withdraw consent or request deletion.

7. Cookies and website analytics

Our website uses cookies and similar technologies to enhance your experience and collect analytics data. You can disable cookies in your browser settings, although this may affect site functionality. We use analytics tools to understand how visitors interact with our site — this data is aggregated and not linked to personally identifiable information.

8. Security of your information

We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These include encrypted data storage, multi-factor authentication, access controls, and regular security reviews. Despite these measures, no internet transmission is completely secure.

9. Access, correction, and complaints

You have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or out-of-date information
• Withdraw consent to marketing communications at any time by clicking "unsubscribe" or contacting us directly
• Lodge a complaint about our privacy practices

To exercise these rights, contact us at sales@theurbannetwork.tech. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

10. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on our website with the date of last update noted above. Material changes will be communicated to active clients by email.

1. Services

TUN provides managed IT services, cybersecurity solutions, physical security installation, compliance support, device endpoint management, and security training ("Services") as specified in a Statement of Work (SOW), Service Agreement, or written proposal accepted by the Client.

All Services are subject to these Terms unless a separate written agreement expressly overrides them. In the event of conflict, the signed Service Agreement takes precedence.

2. Engagement and acceptance

An engagement begins when the Client accepts a proposal, signs a Service Agreement, or instructs TUN to commence work in writing (including by email). A free IT audit does not constitute a binding engagement and carries no obligation on either party.

3. Client responsibilities

The Client agrees to:

• Provide TUN with timely access to systems, premises, credentials, and personnel necessary to deliver the Services
• Maintain appropriate authorisation and rights over all systems and data TUN is asked to work on
• Notify TUN promptly of any changes to the environment that may affect service delivery
• Keep all account credentials, access tokens, and remote access tools provided by TUN secure and confidential
• Ensure staff participate in required onboarding and security training sessions as part of managed service agreements
• Maintain appropriate cyber insurance where recommended by TUN

4. Fees, invoicing, and payment

Managed services: Billed monthly in advance via agreed method. Fees are fixed for the contracted term unless a change in scope is agreed in writing.

Project work: Quoted and invoiced per project milestones or on completion, as specified in the SOW.

Ad-hoc work: Billed at our current standard hourly rates plus GST, invoiced monthly in arrears.

Payment terms: Invoices are due within 14 days of issue. Overdue amounts attract interest at 10% per annum. TUN reserves the right to suspend services for accounts more than 30 days overdue after providing written notice.

All fees are quoted in Australian Dollars (AUD) exclusive of GST unless otherwise stated.

5. Service levels (SLA)

For active managed service clients, TUN targets the following response times:

• Critical (business-wide outage): Initial response within 1 hour; resolution efforts begin immediately
• High (significant impact, workaround available): Initial response within 2 hours
• Standard (general issues): Initial response within 4 business hours
• Low (minor issues, queries): Response within 1 business day

SLAs apply during business hours (8am–6pm AEST/AEDT, Monday to Friday) unless an out-of-hours support arrangement is in place. TUN is not liable for SLA breaches caused by factors outside its reasonable control.

6. Intellectual property

All intellectual property created or developed by TUN in the course of delivering Services ("Deliverables") remains the property of TUN unless the parties agree otherwise in writing. Upon full payment, TUN grants the Client a non-exclusive, perpetual licence to use the Deliverables for their internal business purposes.

The Client retains ownership of all pre-existing intellectual property provided to TUN. The Client grants TUN a limited licence to use Client materials solely to the extent necessary to perform the Services.

7. Confidentiality

Both parties agree to keep the other party's confidential information strictly confidential and not to disclose it to third parties without prior written consent, except as required by law. This obligation survives termination of the engagement for a period of three (3) years.

TUN will not disclose Client data or system information to third parties except as necessary to deliver contracted Services or comply with applicable law.

8. Limitation of liability

To the maximum extent permitted by law:

• TUN's total liability to the Client for any claim arising out of or in connection with the Services is limited to the total fees paid by the Client in the three (3) months preceding the event giving rise to the claim
• TUN is not liable for indirect, incidental, consequential, or special damages, including loss of profits, loss of data, or business interruption
• TUN is not liable for losses arising from the Client's failure to maintain adequate backups, failure to implement recommended security measures, or actions of third parties outside TUN's control

Nothing in these Terms excludes, restricts, or modifies any consumer guarantee, right, or remedy under the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)) that cannot lawfully be excluded.

9. Termination

By the Client: Managed service agreements may be terminated with 30 days' written notice after any minimum contract term. Project work may be terminated with 14 days' notice; fees for work completed to date remain payable.

By TUN: TUN may terminate immediately if the Client materially breaches these Terms and fails to remedy the breach within 7 days of written notice, or if the Client becomes insolvent.

Upon termination, TUN will provide reasonable assistance to facilitate transition to another provider and return or securely delete Client data within 30 days, subject to any legal retention obligations.

10. Force majeure

Neither party is liable for failure or delay in performance caused by circumstances beyond their reasonable control, including natural disasters, pandemics, government actions, cyberattacks by third parties, or telecommunications failures.

11. Governing law and disputes

These Terms are governed by the laws of New South Wales, Australia. The parties agree to submit to the exclusive jurisdiction of the courts of New South Wales. Before commencing any legal proceedings, the parties agree to attempt to resolve disputes through good-faith negotiation for a period of 30 days.

12. Changes to these terms

TUN may update these Terms from time to time. Clients will be notified of material changes by email at least 30 days before they take effect. Continued use of Services after that date constitutes acceptance of the updated Terms.

1. Security governance

Security is a core organisational priority at TUN. We maintain a continuous security improvement programme that includes:

• Regular review of security controls and policies (at minimum annually)
• Risk assessments conducted prior to onboarding new services or vendors
• Clear assignment of security responsibilities within the team
• Security considerations embedded in all project and service delivery activities

2. ASD Essential Eight alignment

TUN implements and maintains controls aligned to the ASD Essential Eight Maturity Model. Our current implementation covers:

• Application control: Only approved and tested applications are permitted to execute on TUN-managed systems
• Patch applications: Critical patches are applied within 48 hours of release; all others within 14 days
• Configure Microsoft Office macro settings: Macros are disabled by default and enabled only with explicit approval
• User application hardening: Web browsers and productivity applications are configured to block untrusted content
• Restrict administrative privileges: Administrative access is granted on a least-privilege basis and reviewed quarterly
• Patch operating systems: Operating systems are patched within 48 hours for critical vulnerabilities
• Multi-factor authentication: MFA is mandatory for all staff accessing TUN systems and client environments
• Regular backups: Daily automated backups with offline/offsite copies tested quarterly

3. Access control

Access to TUN systems and client environments is governed by the principle of least privilege:

• All staff are issued individual accounts — shared credentials are not permitted
• Multi-factor authentication (MFA) is enforced for all remote access, email, and cloud services
• Privileged access is separately credentialed and subject to additional logging and monitoring
• Access rights are reviewed when staff roles change and revoked within 24 hours of departure
• Client environment access is documented, scoped to the minimum required, and logged

4. Data protection and encryption

• All data in transit is encrypted using TLS 1.2 or higher
• Data at rest is encrypted using AES-256 or equivalent standards
• Portable devices and storage media used in the delivery of services are encrypted
• Client data is logically segregated and never commingled with other client data
• Sensitive credentials are stored in enterprise-grade password management systems with zero-knowledge architecture

5. Network security

• TUN operational networks are segmented and protected by enterprise-grade firewalls and intrusion detection systems
• All remote access to client systems is conducted over encrypted VPN or Zero Trust Network Access (ZTNA) connections
• DNS filtering and web proxy controls are applied to block access to known malicious sites
• Network traffic is logged and reviewed for anomalous activity

6. Endpoint security

• All TUN-managed endpoints are protected by enterprise endpoint detection and response (EDR) software
• Endpoint agents provide real-time threat detection, behavioural analysis, and automated response
• USB and removable media usage is controlled and logged
• All endpoints are subject to the patch management controls described in Section 2

7. Vendor and third-party security

TUN assesses the security posture of all significant third-party vendors and technology partners before use. Our key service providers include enterprise-grade platforms operated by Microsoft and Google, which maintain their own comprehensive security certifications (ISO 27001, SOC 2 Type II). Vendor security assessments are reviewed annually.

8. Incident response

TUN maintains a documented Incident Response Plan (IRP) covering detection, containment, eradication, recovery, and post-incident review. In the event of a security incident affecting client data:

• The affected client will be notified within 24 hours of TUN becoming aware of the incident
• TUN will provide regular updates on the investigation and remediation progress
• Where required, TUN will assist with mandatory breach notifications under the Notifiable Data Breaches (NDB) scheme (Privacy Act 1988)
• A post-incident review will be conducted and remediation actions implemented to prevent recurrence

9. Business continuity and disaster recovery

• TUN maintains a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) reviewed annually
• Critical operational systems have documented recovery time objectives (RTO) and recovery point objectives (RPO)
• Backup restoration is tested quarterly to validate recoverability
• TUN staff are trained on emergency procedures and escalation paths

10. Staff security

• All TUN staff complete security awareness training upon commencement and annually thereafter
• Staff handling sensitive client data are subject to reference and identity verification checks
• Phishing simulation exercises are conducted periodically to maintain staff vigilance
• Acceptable use policies govern all staff use of TUN and client systems

11. Physical security

• TUN does not operate a public-facing data centre; client data is hosted in enterprise cloud environments
• Physical access to any TUN office or workspace is controlled and restricted to authorised personnel
• Screens are locked when unattended; clear desk policies are enforced
• Physical documents containing sensitive information are stored securely and disposed of via cross-cut shredding

12. Vulnerability management

TUN conducts regular vulnerability scanning of its operational systems and promptly remediates identified weaknesses. Clients engaged on managed security services receive vulnerability scanning as part of their service package. Critical vulnerabilities are escalated and remediated in accordance with the patch timelines in Section 2.

13. Reporting a security concern

If you identify a security vulnerability in our systems or services, or wish to report a security concern, please contact us immediately at sales@theurbannetwork.tech or call +61 (0) 402 338 763. We are committed to investigating all reports promptly and responsibly.

1. Purpose

TUN's managed service plans include various support entitlements — complimentary initial call time, bundled monthly support hours, included onsite visits, and response SLA commitments. This Policy defines what constitutes reasonable use of those entitlements and sets out TUN's rights where use falls outside reasonable bounds.

2. Free 10-minute support call

All plans include a complimentary first 10 minutes on each support call, applied per separate call event. This is intended to cover straightforward, single-issue queries such as a password reset, a software error, a connectivity question, or a brief how-to enquiry. The following conditions apply:

• The 10-minute complimentary period applies once per call, not per issue raised within a single call
• If a call is reasonably expected to exceed 10 minutes, TUN will advise the client before proceeding and agree on whether to continue at the applicable hourly rate
• Multiple calls placed on the same day for the same underlying issue may be treated as a single incident for billing purposes at TUN's discretion
• The complimentary period does not carry over or accumulate if unused
• TUN reserves the right to suspend the complimentary period where a client's average call volume exceeds a reasonable threshold — defined as more than 10 calls per month for Foundation, 15 for Shield, and 20 for Command. TUN will provide written notice before any suspension takes effect
• The free 10-minute entitlement applies to remote support only. Onsite support is subject to the minimum charge schedule in Section 4

3. Included monthly support hours

Shield (2 hrs/mo) and Command (5 hrs/mo) plans include a monthly block of support hours. These are subject to the following conditions:

• Included hours cover remote and onsite support for issues within scope of the client's plan
• Hours do not roll over to the following month and are forfeited if unused
• Included hours may not be used for project work, new deployments, or tasks outside standard managed service operations — these are quoted and billed separately
• Where a single incident is likely to exhaust included hours, TUN will notify the client before continuing beyond the included entitlement
• Included hours are consumed in minimum 15-minute increments for remote support
• For onsite support, included hours are consumed subject to the 1-hour minimum per visit described in Section 4
• After-hours support (outside Mon–Fri 8am–6pm AEST) is not covered by included hours and is billed at the applicable after-hours rate unless a separate after-hours agreement is in place

4. Onsite support — minimum charges

A minimum charge of 1 hour applies to all onsite support visits, regardless of the time actually spent on site. This applies across all tiers. For plans with included waived visits, the first hour and travel are waived for those included visits — additional time beyond the first hour is billed at the applicable rate.

The table below shows the minimum cost per onsite visit by tier. All amounts shown include GST.

All onsite travel rates are for metro areas (Sydney, Brisbane, Melbourne CBD and inner suburbs). Regional and interstate travel is quoted separately prior to visit confirmation.

5. Included onsite visits — conditions

• "Metro" refers to Sydney, Brisbane, or Melbourne CBD and inner-suburban areas as defined by TUN at time of service
• Waived visits must be used within the calendar month — unused visits do not carry over
• Each visit is defined as a single site attendance for a single primary purpose. Multiple sites in one attendance may be treated as separate visit entitlements at TUN's discretion
• Visits requested outside business hours (Mon–Fri 8am–6pm AEST) are subject to after-hours rates regardless of plan inclusions

6. Response SLA entitlements

Guaranteed response SLAs (4-hr for Shield, 2-hr for Command) apply to incidents logged during business hours (Mon–Fri 8am–6pm AEST) via TUN's standard support channels. The SLA clock starts from the time of first contact by the client. The following conditions apply:

• SLA commitments apply to P1 (critical — service down) and P2 (high — significant degradation) incidents. Lower-priority requests are addressed on a best-effort same-business-day basis
• SLAs are suspended where TUN requires information or access from the client that has not been provided
• SLAs do not apply to incidents caused by third-party outages, ISP failures, or factors outside TUN's reasonable control
• Foundation clients receive same-day best-effort response — this is not a contractual guarantee

7. Plan band limits and overage

Each plan includes a defined band of staff and devices. Where usage exceeds the band, overage charges apply automatically at the published rates. TUN will notify the client when usage consistently exceeds the band. Clients are responsible for notifying TUN of staff or device count changes that affect plan band eligibility.

8. Acceptable use

Managed service entitlements are provided for standard business IT operations. They may not be used to support infrastructure not disclosed to TUN at onboarding, workloads outside the agreed scope, third-party clients, or any activities that are unlawful or violate TUN's Terms of Service.

9. Misuse and remediation

Where TUN reasonably determines that plan entitlements are being used contrary to this Policy, TUN will issue written notice identifying the concern and allow a 14-day remedy period. If unresolved, TUN may apply additional charges at the applicable rate, adjust the client's plan to better reflect actual usage, or — in cases of persistent or deliberate misuse — terminate the service agreement with 30 days written notice.

10. Policy updates

TUN may update this Policy from time to time. Changes will be communicated via email to the primary account contact at least 14 days before taking effect. Continued use of the service after that date constitutes acceptance of the updated Policy.

11. Contact

Questions about this Policy can be directed to sales@theurbannetwork.tech or +61 (0) 402 338 763.