Complova
Privacy Act small business exemption ends Dec 1, 20260d 0h 00m

Your company probably isn't
Privacy Act compliant.

95% of Australian businesses have never had to comply. The exemption ends in December 2026 — and the fines reach A$50 million. We fix it in 48 hours from A$499 — a fraction of what a solicitor charges.

app.complova.com/dashboard
New regulation · ADM disclosure rules — affects 2 of your workflowsReview →
Compliance score
Compliance
47
of 100
High risk · action required
Updated 2 min ago · Privacy Act 1988
Open findings
23
+4 this week
Resolved
11
On track
Days to deadline
221
Dec 2026
Recent findings
23 open
APP 5No collection notice on checkout form
2m
APP 11Customer DB lacks encryption at rest
14m
APP 1Privacy policy missing overseas disclosure
1h
APP 6Marketing consent not separately captured
3h
APP 13Correction process not documented
1d
!
23 open findings
Privacy Act 1988
Run free compliance scan See how it works
No credit card · 3 minutesAICD-aligned
Solicitor
A$15,000
4–8 weeks
Complova audit
A$499SAVE 97%
48 hours · solicitor-signed report
The problem

Compliance just stopped being optional for Australian SMBs.

For 35 years the small business exemption has shielded companies under A$3M turnover. The 2024 Privacy Act reforms removed it. By December 2026, every Australian business handling personal data must comply — that's roughly 2.4 million companies currently unprepared.

Privacy Act 1988
95%
of Australian businesses have never had to comply with the Privacy Act.
When the exemption ends, you'll need a privacy policy, a collection statement, a breach response plan, and 13 Australian Privacy Principles in place — overnight.
OAIC enforcement
A$50M
maximum fine for serious or repeated privacy breaches.
The OAIC's new penalty regime treats privacy like the ACCC treats competition — civil penalties are now in the millions, not the hundreds of thousands.
ASBFEO 2025
51%
of SMBs say compliance is actively hurting their growth.
Founders waste 12 hours a week on policies, audits and breach drills instead of building. A 12-person team can't afford an in-house DPO.
How it works

From “we have no idea” to audit-ready, in 48 hours.

No procurement, no consultants on retainers, no 90-day projects. You connect, we scan, a real solicitor signs the report.

015 minutes

Connect your systems

Read-only OAuth into Google Workspace, Microsoft 365, Stripe, Xero, your CRM and your website. We never write, never store credentials.

0212 hours

AI sweeps your business

Complova extracts every policy, contract, consent form and workflow — maps each to the 13 Australian Privacy Principles, Fair Work Act and NDB scheme.

0336 hours

Solicitor-reviewed audit

An Australian-admitted lawyer signs off every finding. You get a colour-coded report, plain English explanations, and copy-paste template fixes.

04Ongoing

Stay compliant automatically

Complova monitors the OAIC, Fair Work, and ATO for changes that affect you. New rule on Dec 1? You'll know on Nov 1, with the fix already drafted.

Provider
Timeline
Cost
Top-tier law firm
6–8 weeks
A$15,000+
Boutique solicitor
4–6 weeks
A$8,500
Big-4 consultancy
8–12 weeks
A$22,000
Complova
48 hours
A$499
Free compliance scan

Know your compliance score before you spend a dollar.

Three minutes, no credit card. We scan your public website and privacy policy against all 13 Australian Privacy Principles and show you your score instantly.

  • Public surface scan — no access to your systems
  • Mapped against APP 1–13, NDB & ADM rules
  • Estimated A$ exposure if a breach happened today
  • See your top findings immediately, no sign-in needed
Step 1 of 3
https://
Data stays in Sydney (AWS ap-southeast-2)SOC 2 Type II
Platform

Everything you need. Nothing you don't.

One workspace for audits, monitoring, policies and evidence — purpose-built for Australian law, not retrofitted from a US tool.

Real-time monitoring

Complova watches Australian law for you.

Continuous monitoring of OAIC determinations, Fair Work decisions, ATO bulletins, and your own systems. When something changes that affects you, we draft the fix.

Live regulatory feed
Active · 14 sources
OAIC: New guidance on biometric data under APP 3.32 hours ago
Fair Work Commission updates casual conversion rulesYesterday
Draft ADM disclosure exposure draft releasedMay 14
48-hour audits

Privacy Act, Fair Work, NDB.

Solicitor-reviewed reports against the frameworks Australian regulators actually enforce.

APP 1–13Fair WorkNDBADM
Policy generator

10 documents in 60 seconds.

Answer 8 questions. Get an APP-compliant privacy policy, collection notice, breach plan, and 7 more — version-controlled.

Evidence locker

One-click audit pack.

Every policy, training log and breach drill, organised by category and tracked for expiry.

PDF
DOCX
PDF
CSV
PDF
PDF
JPG
PDF
Plain English

Every finding, explained.

No legalese. Every flagged risk comes with a plain English explanation, the APP reference, and a copy-paste fix.

APP 5 ›
Your checkout collects email and address but doesn't tell customers why or where it goes. Add the snippet below before the submit button.
Pricing

Start free. Upgrade when an auditor signs your first report.

Every paid plan includes solicitor-signed audits and a 7-day free trial. Not subscribing? Grab a one-off audit + report from A$499.

Starter
Run a free scan. See your exposure before you spend a dollar.
Freeforever
Free scan only
Start free
  • Free compliance scan
  • Privacy Act snapshot score
  • Top 5 findings & A$ exposure
  • 12-page summary PDF
  • 1 user · no credit card
Most popular
Growth
10–25 staff. Most popular for DTC and SaaS.
A$249/month
billed A$2,990 / yr · 2 audits / yr
7-day free trial · no credit card
  • Solicitor-signed audits (2 / yr)
  • Up to 25 employees
  • Privacy Act + Fair Work + NDB monitoring
  • All 10 policy generators
  • ADM disclosure tracking
  • Slack & priority support
Scale
25–50 staff with HR and customer data complexity.
A$499/month
billed A$5,990 / yr · 4 audits / yr
7-day free trial · no credit card
  • Everything in Growth
  • Up to 50 employees
  • Dedicated CSM
  • Quarterly solicitor review
  • SOC 2 + ISO 27001 mapping
  • API & webhook access
Enterprise
White-glove. 50+ staff or regulated industries.
Custom
White-glove · Continuous
Coming soon
  • Everything in Scale
  • Unlimited employees
  • Named Australian solicitor
  • On-site breach drills
  • SSO + audit logs
  • Custom SLA & DPA
One-off
48-hour Privacy Act audit + solicitor-signed report
12-page PDF · action plan · evidence checklist · no subscription, no auto-renewal
A$1,199A$499
One-time · no subscription
Coming soon
Frameworks covered

Built for Australian law. Not bolted on.

Most compliance tools are American or European products with an “AU mode.” Complova was built in Sydney, by Australian lawyers and engineers, against the exact frameworks our regulators enforce.

Privacy Act 1988
All 13 Australian Privacy Principles
Core
APP 1 Open managementAPP 2 AnonymityAPP 3 CollectionAPP 5 NotificationAPP 6 Use & disclosureAPP 7 Direct marketing+4 more
Notifiable Data Breaches
OAIC scheme — 30-day reporting
Core
Breach playbookDecision treeOAIC notification draftIndividual notice draftDrill exercises
Fair Work Act
Employment compliance for AU employers
Core
Modern awardsCasual conversionWage theft (s.327A)Right to disconnectSexual harassment positive duty
Automated Decision-Making
New AU disclosure rules — Dec 2026
New
ADM registerPublic disclosure copySignificant effect testHuman review process
Spam Act 2003
Marketing consent & unsubscribe
Included
Consent captureUnsubscribe testingSender ID rules
SOC 2 / ISO 27001
Mapped for international procurement
Scale+
Control mappingEvidence linkingVendor questionnaire
FAQ

Questions Australian founders ask us most.

Still curious? Email hello@complova.com — usually a human replies within an hour during AEST business hours.

Probably yes. The Privacy Act small business exemption (under A$3M turnover) ends December 1, 2026. From that date, any Australian business handling personal information must comply with all 13 Australian Privacy Principles — regardless of size. The OAIC has indicated enforcement will begin within months of the deadline.
Exemption removed

Close the gap
before December.

A 48-hour audit costs less than a single hour with a top-tier law firm. Your compliance score, before lunch tomorrow.

Exemption removed inDec 1, 2026 · 00:00 AEST
00
days
00
hours
00
mins
00
secs
Average company needs ~14 weeks to close gapCutting it close