top of page

Privacy Policy

Table of Contents

​

  • Introduction

  • Scope and Application

  • Definitions

  • Our Role and Your Data Controller

  • Personal Information We Collect

  • How We Collect Personal Information

  • How We Use Personal Information

  • Legal Bases for Processing (International Users)

  • How We Share and Disclose Personal Information

  • International Data Transfers

  • Aggregated and De-Identified Data

  • Data Security

  • Data Retention

  • Your Privacy Rights

  • Cookies and Tracking Technologies

  • Third-Party Links and Services

  • Children's Privacy

  • Data Breach Notification

  • Changes to This Privacy Policy

  • Jurisdiction-Specific Information

  • Contact Us


1. Introduction
MoneyMind Profile Pty Ltd ACN 672 152 073 ("MoneyMind Profile," "we," "us," or "our") values the privacy of everyone who visits our website and uses our software and services. We are committed to protecting your Personal Information and being transparent about our data practices.


This Privacy Policy explains:

  • What Personal Information we collect and why

  • How we use, share, and protect that information

  • Your rights regarding your Personal Information

  • How to contact us with privacy questions or concerns

​

We operate globally, serving customers in Australia, the United Kingdom, and the United States. This Privacy Policy is designed to comply with applicable data protection laws in all jurisdictions where we operate, including:

  • Australia: Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)

  • United Kingdom: UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018

  • United States: California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and other applicable state privacy laws


2. Scope and Application


2.1 What This Policy Covers
This Privacy Policy applies to Personal Information we collect, use, and disclose when you:

  • Visit our websites (including www.moneymindprofile.com and related domains)

  • Use our MoneyMind Profile software and services ("Services")

  • Communicate with us via email, phone, chat, or other channels

  • Attend our events, webinars, or training sessions

  • Enter into a business relationship with us

 

2.2 Our Business Model
We provide MoneyMind Profile software and related support services to organizations such as financial advisory firms, wealth management companies, and individual financial advisers ("Customers" or "Subscribing Organizations"). These Customers use our Services to:

  • Conduct behaviour profiling of their clients

  • Perform risk profile analysis

  • Generate financial planning reports

  • Manage client relationships and advisory workflows

​

2.3 Important Distinction: Controller vs. Processor


When We Are a Data Processor (Service Provider):
When a Subscribing Organization (Customer) uses our Services to process Personal Information about their clients (End-Users), that organization is the data controller (under GDPR/UK GDPR) or business (under CCPA) of that Personal Information. We act as a data processor (or service provider) on their behalf.
In this capacity:

  • The Subscribing Organization determines what Personal Information is collected and how it is used

  • The Subscribing Organization's privacy policy applies to their clients

  • We process End-User Personal Information only on the Subscribing Organization's documented instructions

  • End-Users should contact the relevant Subscribing Organization regarding their Personal Information

​

When We Are a Data Controller (Business):
We act as a data controller (or business) for:

  • Personal Information of our Customers (Subscribing Organizations and their authorized users)

  • Website visitors

  • Newsletter subscribers

  • Event attendees

  • Marketing contacts

  • Prospective customers


2.4 Who This Policy Does NOT Cover
If you are a client (End-User) of a financial advisor, fund provider, or organization that uses our Services, your Personal Information is controlled by that organization, not by us. Their privacy policy governs how they collect, use, and share your Personal Information. We only process your information on their behalf according to their instructions.
Please contact your financial advisor or the relevant organization for questions about how they handle your Personal Information.

​

3. Definitions
For purposes of this Privacy Policy:


"Applicable Data Protection Laws" means all applicable data protection and privacy laws, including: (i) in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles; (ii) in the United Kingdom, the UK GDPR and the Data Protection Act 2018; (iii) in the United States, the CCPA (as amended by the CPRA), VCDPA, CPA, and other applicable state privacy laws; and (iv) any other applicable data protection or privacy laws.


"Controller" (or "Business" under US laws) means the entity that determines the purposes and means of processing Personal Information.


"Customer" or "Subscribing Organization"** means the financial advisory firm, wealth management company, or individual financial advisor that subscribes to our Services.


"Data Subject" (or "Consumer" under US laws) means an identified or identifiable natural person whose Personal Information is processed.


"End-User" means a client of a Subscribing Organization whose Personal Information may be processed through our Services.
"Personal Information" (or "Personal Data") means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person. This includes information defined as "personal information" under the Privacy Act 1988 (Cth), "personal data" under the UK GDPR, and "personal information" under the CCPA.


"Processing" means any operation performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, erasure, or destruction.


"Processor" (or "Service Provider" under US laws) means an entity that processes Personal Information on behalf of a Controller.


"Sensitive Personal Information" includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, sex life or sexual orientation, and in some jurisdictions, financial account information, Social Security numbers, precise geolocation, and contents of communications.


"Services" means our MoneyMind Profile software platform, applications, tools, features, and related services.

​

4. Our Role and Your Data Controller
4.1 When We Control Your Personal Information
We are the data controller (or business) for:
Customer Personnel: If you work for a Subscribing Organization and use our Services in your professional capacity (as a financial advisor, administrator, or other authorized user), we control Personal Information credentials as described in this Privacy Policy.
Direct Contacts: If you interact with us directly (as a website visitor, newsletter subscriber, event attendee, prospective customer, or business contact), we control your Personal Information.


4.2 When We Process on Behalf of Others
When Subscribing Organizations use our Services to process their clients' Personal Information, we act as a processor (or service provider).

In this role:

  • We process Personal Information only on the Subscribing Organization's documented instructions

  • We do not use End-User Personal Information for our own purposes

  • The Subscribing Organization remains responsible for compliance with privacy laws regarding their clients

  • End-Users should exercise their privacy rights through the Subscribing Organization

​

4.3 Contact Your Financial Adviser
If you are a client of a financial adviser using our Services: Your financial adviser or the organization they work for is responsible for your Personal Information. Please contact them directly regarding:

  • What Personal Information they collect about you

  • How they use your information

  • Your rights to access, correct, or delete your information

  • Their privacy practices and policies

We cannot directly respond to privacy requests from End-Users as we process this information only on behalf of the Subscribing Organization.

 

5. Personal Information We Collect
The Personal Information we collect depends on how you interact with us and the Services you use.
5.1 Information We Collect About Customer Personnel
When you register for an account, use our Services, or interact with us as a representative of a Subscribing Organization, we may collect:


Identity and Contact Information:

  • Full name

  • Email address

  • Phone number

  • Business address

  • Job title and role

  • Professional credentials and licenses

  • Organization/firm name

​

Account and Authentication Information:

  • Username and account ID

  • Password (stored in encrypted/hashed form)

  • Security questions and answers

  • Multi-factor authentication credentials

  • Professional Information:

  • Professional licenses and registrations

  • Areas of specialization

  • Years of experience

  • Professional association memberships

​

Usage and Activity Information:

  • Login history and session data

  • Features and services accessed

  • Content created, uploaded, or modified

  • Search queries and navigation patterns

  • Device information (IP address, browser type, operating system, device identifiers)

  • Time stamps and duration of use

​

Communications:

  • Support requests and help desk interactions

  • Chat messages and correspondence

  • Feedback and survey responses

  • Training and webinar participation

​

Financial and Billing Information:

  • Billing name and address

  • Payment method details (processed and stored by our third-party payment processor; we do not store full credit card numbers)

  • Purchase history and transaction records

  • Subscription plan details

​

End-User Information You Input:

  • When you use our Services to profile your clients, you input information about them (names, dates of birth, financial information, risk tolerance responses, etc.). This information is controlled by you (the Subscribing Organization), and we process it only as your processor. See Section 4.2.

​

5.2 Information We Collect From Website Visitors
When you visit our website, we may collect:

 

Automatically Collected Information:

  • IP address and approximate geolocation

  • Browser type and version

  • Operating system

  • Referring website

  • Pages visited and time spent

  • Links clicked

  • Device identifiers

​

Information You Provide:

  • Contact form submissions

  • Newsletter subscriptions

  • Demo or trial requests

  • Event registrations

  • Cookie preferences

​

5.3 Information From Third Parties
We may receive Personal Information from:


Service Providers and Integration Partners:

  • Payment processors (billing information)

  • Analytics providers (usage data)

  • Customer relationship management platforms

  • Marketing and communication platforms

  • Financial advice platforms

  • Identity verification services

​

Publicly Available Sources:

  • Professional licensing databases

  • Business directories

  • LinkedIn and other professional networks

  • Regulatory registers

​

Subscribing Organizations:

  • If your employer or firm subscribes to our Services, they may provide your information to set up your account

​

5.4 Sensitive Personal Information
Important: Our Services are designed to minimize the collection of Sensitive Personal Information. However, we acknowledge that:

  • Financial advisors using our Services may input Sensitive Personal Information about their clients (financial information, questionnaire information, information revealing racial or ethnic origin in demographic data, etc.)

  • When Subscribing Organizations input such information, they remain the controller and are responsible for obtaining appropriate consents and complying with applicable laws

  • We process this information only as a processor on their behalf

 

We do not require or request Sensitive Personal Information from Customer personnel. If you choose to provide Sensitive Personal Information to us, you consent to our processing of that information for the purposes described in this Privacy Policy and in accordance with Applicable Data Protection Laws.

​

6. How We Collect Personal Information
We collect Personal Information through the following methods:


6.1 Direct Collection
When You Provide It to Us:

  • Registration and account creation

  • Using our Services and entering data

  • Completing forms, questionnaires, or surveys

  • Communicating with our support team

  • Subscribing to newsletters or marketing

  • Attending events or webinars

  • Applying for employment or contractor positions

 

6.2 Automatic Collection
Through Technologies:

  • Cookies and similar tracking technologies (see Section 15)

  • Web server logs

  • Analytics tools

  • Session recording for quality assurance and training (with notice)

​

6.3 Third-Party Sources
From Service Providers:

  • Payment processors

  • Analytics and monitoring services

  • Marketing platforms

  • CRM systems

  • Identity verification providers

 

From Subscribing Organizations:

  • When they set up user accounts for their personnel

  • When they provide contact information for billing or support

​

From Publicly Available Sources:

  • Professional licensing registers

  • Business contact databases

  • Company websites and directories

 

6.4 Anonymous and Pseudonymous Use
Website: You may visit our website anonymously. However, certain features and interactive elements may not be available without providing some Personal Information.


Services: Due to the nature of our Services (which require secure authentication and personalized functionality), anonymous use is not practical. You may use a pseudonym for certain communications, where lawful and practicable.

​

7. How We Use Personal Information
We use Personal Information for the purposes described below and only where we have a lawful basis to do so (see Section 8).

 

7.1 To Provide and Maintain the Services

  • Creating and managing user accounts

  • Authenticating users and preventing unauthorized access

  • Providing access to features and functionality

  • Processing and storing data you input

  • Generating reports and outputs

  • Providing customer support and technical assistance

  • Troubleshooting and resolving issues

  • Performing backups and ensuring business continuity

​

7.2 To Improve and Develop the Services

  • Understanding how users interact with our Services

  • Analyzing usage patterns and trends

  • Identifying areas for improvement

  • Developing new features and functionality

  • Conducting research and analytics

  • Testing new products and beta features

  • Benchmarking performance and reliability

 

7.3 For Business Operations

  • Processing payments and managing subscriptions

  • Maintaining internal records

  • Performing accounting, auditing, and financial analysis

  • Managing vendor and service provider relationships

  • Conducting due diligence for business transactions

  • Protecting our business interests and enforcing our rights

​

7.4 For Communication and Marketing

  • Sending transactional emails (account notifications, service/feature updates, billing statements)

  • Providing customer support via email, phone, or chat

  • Sending newsletters and marketing communications (with consent where required)

  • Inviting you to events, webinars, and training sessions

  • Conducting surveys and requesting feedback

  • Sharing product updates and feature announcements

  • You may opt out of marketing communications at any time using the unsubscribe link in emails or by contacting us.


7.5 For Security and Fraud Prevention

  • Detecting and preventing fraud, abuse, and unauthorized access

  • Investigating security incidents and policy violations

  • Monitoring for malicious activity and threats

  • Maintaining the security and integrity of our systems

  • Enforcing our Terms of Use and Acceptable Use Policy

  • Protecting against legal liability

​

7.6 For Compliance and Legal Obligations

  • Complying with applicable laws, regulations, and legal process

  • Responding to lawful requests from authorities

  • Defending legal claims and protecting legal rights

  • Maintaining records as required by law

  • Conducting internal audits and compliance reviews

  • Meeting regulatory reporting obligations

​

7.7 With Your Consent
Where required by applicable law, we will obtain your consent before using Personal Information for purposes not covered above.

​

8. Legal Bases for Processing (International Users)
For users in jurisdictions requiring a legal basis for processing (such as the UK and EU under GDPR), we rely on the following legal bases:


8.1 Contract Performance

  • We process Personal Information to perform our contract with you or the Subscribing Organization, including:

  • Providing access to the Services

  • Delivering customer support

  • Processing payments

​

8.2 Legitimate Interests
We process Personal Information for our legitimate business interests, including:

  • Improving and developing the Services

  • Conducting marketing and business development

  • Preventing fraud and enhancing security

  • Analyzing usage and performance

  • Managing business operations

  • We conduct balancing tests to ensure our legitimate interests do not override your rights and interests.

 

8.3 Legal Obligations

We process Personal Information to comply with legal and regulatory obligations, including:

  • Responding to lawful requests

  • Meeting record-keeping requirements

  • Complying with tax and financial regulations

​

8.4 Consent
Where required or appropriate, we process Personal Information based on your consent, including:

  • Marketing communications (where consent is required)

  • Certain cookie uses

  • Processing Sensitive Personal Information (where applicable)

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.


8.5 Vital Interests
In rare circumstances, we may process Personal Information to protect vital interests (yours or another person's), such as in emergency situations.

​

9. How We Share and Disclose Personal Information
We do not sell, rent, or lease Personal Information to third parties. We share Personal Information only as described below.


9.1 Service Providers and Subprocessors
We engage trusted third-party service providers to perform functions on our behalf, including:

 

Infrastructure and Hosting:

  • Cloud hosting providers (data centers and servers)

  • Content delivery networks

  • Data backup and disaster recovery services

  • Payment Processing:

  • Payment gateways and processors

  • Billing and invoicing platforms

​

Communication and Support:

  • Email delivery services

  • Chat and messaging platforms

  • Customer relationship management systems

  • Help desk and ticketing systems

​

Analytics and Performance:

  • Website and application analytics

  • Performance monitoring and error tracking

  • User behavior analysis

 

Security and Fraud Prevention:

  • Identity verification services

  • Fraud detection and prevention tools

  • Security monitoring services

  • Marketing and Outreach:

  • Email marketing platforms

  • Event management systems

  • Webinar and video conferencing tools

​

All service providers are bound by contractual obligations to:

  • Use Personal Information only for the specified purposes

  • Implement appropriate security measures

  • Comply with Applicable Data Protection Laws

  • Not use Personal Information for their own purposes

A list of our key subprocessors is available on our website at www.moneymindprofile.com.


9.2 Within the MoneyMind Profile Organization
We may share Personal Information among MoneyMind Profile entities and affiliates for:

  • Internal administration and reporting

  • Customer support and service delivery

  • Business operations and management

  • Product development and improvement

All internal sharing is subject to appropriate data protection safeguards.

 

9.3 Business Transfers
If we are involved in a merger, acquisition, asset sale, reorganization, bankruptcy, or similar transaction, Personal Information may be transferred as part of that transaction.

We will:

  • Provide notice before Personal Information is transferred

  • Ensure the receiving party maintains protections at least as protective as this Privacy Policy

  • Provide you with choices regarding the use of your Personal Information

 

9.4 Legal and Regulatory Requirements
We may disclose Personal Information when required or permitted by law, including:

 

To Comply with Legal Obligations:

  • Court orders, subpoenas, or other legal process

  • Regulatory investigations and examinations

  • Tax authorities and financial regulators

  • Law enforcement requests (where lawful)

 

To Protect Rights and Interests:

  • Defending legal claims

  • Enforcing our Terms of Use and policies

  • Protecting against fraud, abuse, or illegal activity

  • Safeguarding the security and integrity of our Services

  • Protecting the safety of individuals

​

With Your Consent or Direction:

  • When you authorize us to share your information

  • When you direct us to integrate with third-party services

  • When you participate in co-sponsored events or programs

  • We will notify you of legal requests for your Personal Information unless prohibited by law or where notice would be counterproductive.


9.5 Aggregated and De-Identified Information
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify a "Customer" or "Subscribing Organization", or "End-User" including:

  • Questionnaire data

  • Statistical data and research findings

  • Industry benchmarks and trends

  • Usage analytics and performance metrics

Such information is not Personal Information and is not subject to this Privacy Policy.


9.6 No Sale of Personal Information
Important: We do not sell Personal Information. Under California law (CCPA), "sale" has a broad meaning that includes sharing for monetary or other valuable consideration. We do not engage in such activities.

​

10. International Data Transfers
10.1 Global Operations
MoneyMind Profile operates globally and may transfer Personal Information to countries other than where you are located, including:

  • Australia (where our primary operations are based)

  • United States (where our cloud hosting infrastructure is located)

  • United Kingdom (where we maintain offices)

  • Other countries where our service providers operate

 

10.2 Adequacy Decisions
Where possible, we transfer Personal Information to countries recognized as providing adequate protection:

  • The European Commission has recognized certain countries (including the UK, post-Brexit) as providing adequate protection for personal data

  • Australia is recognized under the EU-Australia adequacy decision

​

10.3 Safeguards for International Transfers
When transferring Personal Information to countries not recognized as providing adequate protection, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs):

  • We use the European Commission's Standard Contractual Clauses for transfers from the EU/EEA

  • We use the UK International Data Transfer Agreement (IDTA) or Addendum for transfers from the UK

  • These clauses provide contractual protections for your Personal Information

​

Binding Corporate Rules:

As we expand, we may implement Binding Corporate Rules for intra-group transfers

Supplementary Measures:

  • Encryption in transit and at rest

  • Strict access controls and authentication

  • Regular security assessments

  • Data minimization practices

​

10.4 Your Consent
By using our Services or providing Personal Information, you acknowledge and consent (where required by law) to the transfer of your Personal Information to countries that may have different data protection laws than your country of residence.


10.5 Data Localization
For some Subscribing Organizations, particularly those in highly regulated industries or jurisdictions, we may offer options to:

  • Store data in specific geographic regions

  • Limit cross-border transfers

  • Implement additional security and access controls

Please contact us to discuss data localization options.

​

11. Aggregated and De-Identified Data
11.1 Our Use of Aggregated Data
We create aggregated, anonymized, and de-identified data from "Customer" or "Subscribing Organization", or "End-User" Information to:

  • Improve the Services and develop new features

  • Conduct research and analytics

  • Generate industry insights and benchmarks

  • Produce statistical reports and trends

  • Enhance our algorithms and risk assessment models

​

11.2 De-Identification Process
When we aggregate and de-identify data:

  • We remove all direct identifiers (names, email addresses, account IDs)

  • We apply statistical techniques to prevent re-identification

  • We ensure the data cannot reasonably be linked back to individuals

  • We combine data from multiple users to prevent identification

  • We apply our Data Aggregation and De-Identification Policy (available on request)

​

11.3 Ownership and Use
Aggregated Data created from End-User information (clients of Subscribing Organizations):

  • We may create aggregated data in accordance with our Data Processing Agreement (available on request)

  • Such data is fully de-identified and cannot identify individual End-Users

  • We may use and license this aggregated data for our business purposes

  • This use is disclosed to Subscribing Organizations in our Terms of Use

​

Aggregated Data created from Customer personnel information:

  • We may create aggregated usage analytics and benchmarks

  • Such data helps us improve the Services and identify trends

  • This data is fully anonymized and cannot identify individuals or organizations

​

11.4 No Re-Identification

  • We commit to not attempting to re-identify aggregated or de-identified data and to implementing measures to prevent others from doing so.

 

12. Data Security
12.1 Our Commitment to Security

  • We take data security seriously and implement comprehensive administrative, technical, and physical safeguards to protect Personal Information against unauthorized access, use, disclosure, alteration, or destruction.


12.2 Technical Safeguards
Encryption:

  • Data in transit is encrypted using Transport Layer Security (TLS 1.2 or higher)

  • Data at rest is encrypted using industry-standard encryption algorithms

  • Database encryption protects stored information

  • Password storage uses strong cryptographic hashing

​

Access Controls:

  • Multi-factor authentication (MFA) for user access

  • Role-based access controls (RBAC) limiting access to authorized personnel

  • Least privilege principle (users have only necessary access)

  • Regular access reviews and revocations

  • Secure API authentication and authorization

​

Network Security:

  • Firewalls and intrusion detection/prevention systems

  • Network segmentation and isolation

  • DDoS protection and mitigation

  • Regular security patching and updates

  • Vulnerability scanning and penetration testing

​

Application Security:

  • Secure software development lifecycle (SDLC)

  • Code reviews and security testing

  • Input validation and sanitization

  • Protection against common vulnerabilities (OWASP Top 10)

  • Security headers and configurations

​

12.3 Administrative Safeguards
Policies and Procedures:

  • Comprehensive information security policies

  • Data classification and handling procedures

  • Incident response and disaster recovery plans

  • Vendor management and due diligence

  • Regular policy reviews and updates

 

Personnel:

  • Background checks for employees with access to Personal Information

  • Confidentiality and non-disclosure agreements

  • Security awareness training and education

  • Clear roles and responsibilities

  • Separation of duties

​

Monitoring and Auditing:

  • Security information and event management (SIEM)

  • Log monitoring and analysis

  • Regular security assessments and audits

  • Third-party security certifications (SOC 2, ISO 27001 in progress)

  • Continuous compliance monitoring

​

12.4 Physical Safeguards
Data Centers:

  • Our infrastructure is hosted in secure, certified data centers

  • Physical access controls and monitoring

  • Environmental controls (fire suppression, climate control)

  • Redundant power and network connectivity

  • 24/7 security monitoring

​

Office Security:

  • Secured office facilities with access controls

  • Visitor management and escort policies

  • Secure disposal of physical media

  • Clean desk and screen lock policies

​

12.5 Your Responsibilities
While we implement robust security measures, security is a shared responsibility. We encourage you to:

  • Use strong, unique passwords

  • Enable multi-factor authentication

  • Keep login credentials confidential

  • Log out when finished using the Services

  • Report suspicious activity immediately

  • Keep your devices and software up to date

  • Use secure networks when accessing the Services

  • Be cautious of phishing attempts

​

12.6 No Absolute Security
Despite our efforts, no security measures are perfect or impenetrable. We cannot guarantee absolute security of Personal Information. Internet transmissions are never completely private or secure, and any information you transmit may be intercepted by others.


12.7 Security Incidents
In the event of a data breach or security incident affecting Personal Information, we will:

  • Promptly investigate and contain the incident

  • Notify affected individuals as required by applicable law

  • Notify relevant regulatory authorities

  • Take steps to prevent recurrence

  • Cooperate with investigations

See Section 18 for more details on data breach notification.

​

13. Data Retention
13.1 Retention Principles
We retain Personal Information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.


13.2 Retention Periods
Customer Account Information:

  • Active accounts: For the duration of your subscription plus up to 30 days after termination (to allow for reactivation)

  • Terminated accounts: Deleted or anonymized within 30 days of subscription termination, unless longer retention is required by law

  • Backup copies: Retained for an additional 90 days in backup systems, then permanently deleted

​

End-User Information (Processed as Processor):

  • Controlled by the Subscribing Organization

  • Retained according to the Subscribing Organization's instructions

  • Deleted or returned upon subscription termination as directed by the Subscribing Organization

  • Subscribing Organizations are responsible for their own retention policies and legal obligations

​

Financial and Transaction Records:

  • Billing and payment information: Retained for 7 years to comply with tax and accounting requirements

  • Invoice records: Retained for 7 years

​

Communications and Support:

  • Support tickets and correspondence: Retained for 3 years

  • Chat logs: Retained for 1 year

  • Marketing communications: Until you unsubscribe, then deleted within 30 days

​

Website Analytics and Logs:

  • Server logs: Retained for 90 days

  • Analytics data: Aggregated and anonymized data may be retained indefinitely

 

Legal and Compliance:

  • Records required by law: Retained for the period required by applicable law

  • Litigation hold: Personal Information relevant to legal proceedings retained until matter resolution

 

13.3 Secure Deletion
When Personal Information is no longer needed:

  • We delete it from production systems

  • We overwrite or degauss physical media

  • We ensure backups are purged according to retention schedules

  • We use secure deletion methods to prevent recovery

​

13.4 Requesting Deletion
You may request deletion of your Personal Information at any time (see Section 14). We will honor such requests subject to:

  • Legal obligations requiring retention

  • Legitimate business needs (e.g., fraud prevention)

  • Technical limitations (e.g., backup retention cycles)

 

13.5 Exceptions
We may retain Personal Information longer than standard retention periods when:

  • Required by applicable law or regulation

  • Necessary for legal claims or disputes

  • Needed for audit or compliance purposes

  • Subject to a litigation hold or investigation

  • Required to protect rights, property, or safety


14. Your Privacy Rights
Depending on your jurisdiction, you may have various rights regarding your Personal Information. We respect these rights and provide mechanisms to exercise them.


14.1 Rights Under Australian Privacy Law
If you are in Australia, you have the right to:

  • Access: Request access to the Personal Information we hold about you. We will provide access unless an exception applies under the Privacy Act.

  • Correction: Request correction of inaccurate, outdated, incomplete, or misleading Personal Information.

  • Complaints: Lodge a complaint with us about our handling of your Personal Information. We will investigate and respond to complaints in accordance with the APPs.


14.2 Rights Under UK GDPR
If you are in the UK or EU, you have the right to:

  • Access: Request a copy of the Personal Data we process about you (subject access request).

  • Rectification: Request correction of inaccurate or incomplete Personal Data.

  • Erasure: Request deletion of your Personal Data in certain circumstances (right to be forgotten).

  • Restriction: Request that we restrict processing of your Personal Data in certain circumstances.

  • Portability: Request to receive your Personal Data in a structured, commonly used, machine-readable format and transmit it to another controller.

  • Object: Object to processing based on legitimate interests or for direct marketing purposes.

  • Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects (our Services do not make fully automated decisions with such effects).

  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

  • Complain: Lodge a complaint with a supervisory authority (Information Commissioner's Office in the UK).

 

14.3 Rights Under US Privacy Laws (CCPA, VCDPA, CPA, etc.)
If you are in California, Virginia, Colorado, or another state with consumer privacy rights, you have the right to:

  • Know: Request information about the categories and specific pieces of Personal Information we collect, use, disclose, and sell (if applicable) about you.

  • Delete: Request deletion of your Personal Information, subject to certain exceptions.

  • Correct: Request correction of inaccurate Personal Information (in some states).

  • Opt-Out: Opt out of the "sale" or "sharing" of Personal Information (note: we do not sell or share Personal Information as defined by these laws).

  • Limit Use of Sensitive Personal Information: Limit the use of Sensitive Personal Information to certain permitted purposes (in some states).

  • Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights.

  • Authorized Agent: Designate an authorized agent to make requests on your behalf.

  • Appeal: Appeal our decision regarding your privacy request (in some states).

 

14.4 How to Exercise Your Rights
To exercise any of these rights, please contact us using:

Email: support@moneymindprofile.com


Document Version: 2.0
Effective Date: 20 January 2026

​

bottom of page