Privacy Policy

Records enter our environment through three distinct channels. First, direct submissions occur when you establish accounts, configure preferences, or transmit inquiries through our platforms. This encompasses identification details, correspondence addresses, authentication credentials, and any commentary you choose to provide.

Second, automated capture happens as you navigate our digital properties. Server logs document access patterns, browser characteristics, timestamp data, and the pathways you follow through our content. Device identifiers and network parameters fall into this category.

Your records enable core functionality. Account authentication, transaction processing, and service personalization depend on specific data elements. When you request financial analysis tools, we process relevant account information to generate insights. Communication preferences dictate how and when we reach out.

Fraud detection systems analyze behavioral patterns to identify anomalous activity. This protective layer operates continuously, comparing current actions against historical baselines. Suspicious deviations trigger verification protocols before any sensitive operations proceed.

Australian financial regulations mandate retention of certain transaction records. Anti-money laundering provisions require identity verification documentation. Tax reporting obligations necessitate maintaining financial activity summaries. We process only what regulatory frameworks demand, for durations those same frameworks specify.

Records leave our direct control in specific situations. Service providers handling infrastructure operations—payment processors, cloud hosting vendors, security monitoring firms—receive limited access under strict contractual terms. These entities function as extensions of our own operations, bound by confidentiality agreements and prohibited from independent use.

Legal compulsion occasionally forces disclosure. Valid court orders, regulatory investigations, and statutory reporting requirements can mandate release of specific records. We examine such demands carefully, providing only what legal authority explicitly requires and notifying affected individuals unless prohibited.

Information protection relies on layered defenses rather than single mechanisms. Encryption shields data during transmission between your devices and our servers. Storage systems employ separate encryption at rest, ensuring files remain unreadable even if physical media were compromised.

Access controls operate on necessity principles. Personnel see only information relevant to their specific functions. Financial data lives in segregated environments with enhanced protections. Regular security audits test our defenses against evolving threat patterns.

Information persists for varying periods depending on category and purpose. Active account data remains accessible throughout your relationship with our services. Transaction histories must stay available for tax and financial reporting obligations—typically seven years under Australian requirements.

Support correspondence gets archived for three years to maintain service continuity and resolve follow-up inquiries. Technical logs expire after 18 months absent specific security investigations requiring longer preservation.

Our primary operations occur within Australia, and most information stays on Australian-based infrastructure. Certain service providers operate internationally, potentially involving data transfers to facilities in Singapore, Japan, or the United States where major cloud platforms maintain regional centers.

Such international transfers occur under contractual safeguards aligning foreign handling practices with Australian Privacy Principles. We select providers committed to equivalent protections regardless of their operational geography.

Our services target adult users managing personal or business finances. We don't knowingly gather information from individuals under 18 without parental involvement. Discovering underage account creation triggers immediate contact with guardians and potential account suspension pending proper authorization.

Financial services carry legal responsibilities incompatible with independent minor participation. This isn't age discrimination but recognition of capacity requirements embedded in Australian financial regulations.

This document adapts as our practices develop or regulations change. Material modifications—those affecting your rights or how we handle sensitive categories—trigger direct notification to active account holders. Minor clarifications or organizational changes might appear without individual alerts, though we maintain public change logs showing modification history.

Continuing service use after notification periods constitutes acceptance of updated terms. Disagreement with modifications entitles you to close your account and request data deletion subject to legal retention obligations.