Privacy Policy

Last updated: 12 April 2026

AustracCheck (“we”, “us”) is operated by Jordan Fleming (ABN 30 842 969 692), 5 Yowie Ave, Caringbah NSW 2229. This policy explains how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

1. What we collect

We collect three broad categories of information:

• Agency details — business name, ABN, address, contact email, licence details, staff numbers, and information you provide in the onboarding questionnaire used to generate your compliance documents.
• Customer due diligence (CDD) data — when you use our platform to verify your customers, we store identification details, licence or passport images, and sanctions/PEP screening results against names you submit.
• Usage data — log-in timestamps, page views, IP address, and device information used to keep the platform secure and improve it.

2. How we use it

• To generate, deliver, and update your compliance documents.
• To operate CDD, sanctions screening, and audit trail features.
• To communicate with you about your account, product updates, and regulatory changes.
• To comply with our own legal obligations.

3. Who we share it with

• Service providers — Supabase (database and storage, hosted in Sydney), Vercel (application hosting), Resend (email delivery), Anthropic (document generation), OpenSanctions (sanctions and PEP screening), and the Australian Business Register (ABN lookup). These providers only process personal information on our instructions.
• Regulators — we may disclose information to AUSTRAC or other regulators if required by law, a court order, or a lawful request.
• Never sold. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Where we store it

Primary data storage is hosted in Australia (Supabase ap-southeast-2, Sydney). Application servers run on Vercel in Sydney or, if Sydney is unavailable, the next-closest region. We use encryption at rest and in transit (TLS 1.2+) for all data we store or move.

5. How long we keep it

We retain your account and compliance records while you are a customer, and for 7 years after your final interaction with the platform, to align with your AML/CTF record-keeping obligations under Part 10 of the AML/CTF Act 2006. Customer due diligence records (including verification images) are also retained for 7 years from the date the transaction was completed or the customer relationship ended, whichever is later.

6. Your rights

You can request access to, correction of, or deletion of your personal information by emailing privacy@austraccheck.com. We will respond within 30 days. Where deletion would conflict with our legal record-keeping obligations, we will explain why and continue to hold the affected records only for as long as required by law.

7. Complaints

If you believe we have breached your privacy, contact us first at privacy@austraccheck.com. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

8. Cookies and analytics

We use strictly necessary cookies for authentication and session management. We use privacy-first analytics (Vercel Analytics and Google Analytics) that measure aggregate usage without tracking individuals across sites.

9. Changes

We may update this policy. Material changes will be notified to customers at least 14 days before they take effect. The latest version is always available at austraccheck.com/legal/privacy.

10. Contact

AustracCheck · ABN 30 842 969 692 · 5 Yowie Ave, Caringbah NSW 2229, Australia
privacy@austraccheck.com