We collect information that helps us provide and improve our financial technology services. This includes data you provide directly and information we gather through your use of our platform.

We only collect information that's necessary for providing our services or required by Australian financial regulations. You can review and update your personal information through your account settings at any time.

Your information helps us deliver personalized financial insights and maintain the security of your accounts. We use this data responsibly and only for legitimate business purposes.

We analyze transaction patterns to provide spending insights and budgeting recommendations. This analysis happens automatically but you can opt out of personalized recommendations while still accessing basic account features.

For security purposes, we monitor account activity to detect unusual patterns that might indicate unauthorized access. This monitoring is essential for protecting your financial information and is required under Australian banking regulations.

We don't sell your personal information to third parties. However, we may share information in specific circumstances that are necessary for our services or required by law.

Service Providers: We work with trusted third-party companies that help us operate our platform. These include payment processors, cloud storage providers, and security services. All partners must meet strict data protection standards and can only use your information for specified purposes.

Financial Institutions: To provide account aggregation and transaction services, we securely connect with your banks and financial institutions. This connection is encrypted and follows open banking standards where available.

Legal Requirements: We may disclose information when required by Australian law, court orders, or to protect against fraud and security threats. We'll notify you of such disclosures unless prohibited by law.

Under Australian privacy law, you have several rights regarding your personal information. We've made it easy to exercise these rights through your account dashboard or by contacting our support team.

• Access Your Data: Request a copy of all personal information we hold about you, including how it's being used.
• Correct Information: Update or correct any inaccurate or incomplete personal details in your account.
• Delete Your Data: Request deletion of your personal information, subject to legal and regulatory requirements.
• Restrict Processing: Limit how we use your information while maintaining essential account functions.
• Data Portability: Export your financial data in a standard format for use with other services.
• Withdraw Consent: Opt out of optional data uses like marketing communications or personalized recommendations.

Most of these actions can be completed instantly through your account settings. For more complex requests, we'll respond within 30 days and keep you updated on our progress.

Protecting your financial information is our highest priority. We use bank-level security measures and follow industry best practices to keep your data safe.

We conduct regular security audits and penetration testing to identify and address potential vulnerabilities. Our security measures are reviewed annually by independent cybersecurity experts.

We keep your personal information only as long as necessary to provide our services and meet legal obligations. Different types of data have different retention periods based on their purpose and regulatory requirements.

Account Information: Retained while your account is active and for seven years after closure, as required by Australian financial record-keeping laws.

Transaction Data: Kept for seven years to comply with tax and financial reporting requirements, then securely deleted.

Marketing Communications: Removed immediately when you unsubscribe, though we'll keep a record of your opt-out preference.

Technical Logs: Automatically deleted after 12 months unless needed for ongoing security investigations.

When data reaches its retention limit, we securely delete it using methods that make recovery impossible. You can request early deletion of certain information, though some data must be kept for legal compliance.

While we primarily store and process your data within Australia, some of our service providers operate internationally. When we transfer data overseas, we ensure it receives the same level of protection as it would in Australia.

We only transfer data to countries with adequate privacy protections or use specific safeguards like standard contractual clauses approved by the Australian Privacy Commissioner. All international partners must demonstrate compliance with privacy standards equivalent to Australian law.

We review and update this privacy policy regularly to reflect changes in our services, technology, and legal requirements. When we make significant changes, we'll notify you through your account email and provide a summary of what's changed.

Minor updates, like clarifying existing practices or updating contact information, won't require notification but will be reflected in the effective date at the top of this policy.

You'll always have 30 days to review any changes before they take effect. If you don't agree with updated terms, you can close your account during this period without penalty.