CashedUp
Legal & Trust Center

Privacy Policy

Version 1.1.0Last Updated: 2026-05-28

Welcome to CashedUp. We are committed to protecting your privacy and managing your personal information ethically, transparently, and in strict accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the CashedUp website, cloud application, and desktop application.

1. Important Context & Our Commitment

CashedUp is designed from the ground up with a security-first architecture. Our core mission is to help Aussie households build wealth with confidence, which requires absolute respect for your data.

  • We Never Sell Data: We do not, and will never, sell, rent, or trade your personal or financial data.
  • Privacy by Choice: We support multiple ways to use CashedUp. If you use the CashedUp Local Desktop Application without enabling cloud synchronization, your financial data is stored 100% locally on your machine and is never transmitted to our servers.

2. Information We Collect

We only collect personal information that is reasonably necessary to provide you with our financial tools and analytics.

A. Account Information

When you register for a cloud account or subscribe to our service, we collect:

  • Your email address and secure authentication credentials.
  • Profile details you choose to add (e.g., household name, preferred currency).

B. Read-Only Open Banking Data

To support automated transaction tracking, you may choose to link your bank accounts.

  • Accredited Ecosystem Partner: This process is facilitated entirely through our trusted third-party integration partner, Basiq Pty Ltd, which is an accredited data recipient operating securely under the Consumer Data Right (CDR) regulatory framework in Australia.
  • Strictly Read-Only: Through Basiq, we receive read-only transaction details, balances, and account names.
  • Credentials are Secure: CashedUp never sees, collects, or stores your bank login credentials or passwords.

C. Manually Entered Financial Data

If you enter your regular bills, income items, liabilities, or entity names (e.g., trusts, companies) manually, this information is stored securely in our database to generate your calendar and projections.

D. Analytics & Technical Data

We may collect non-identifying technical data (such as browser type, operating system, and anonymous interaction stats) using lightweight analytics tools to help us identify bugs and improve user experience.

3. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain the CashedUp application.
  • Generate your visual budget calendar, wealth projections, and secure household dashboards.
  • Process subscription payments securely via our third-party billing provider (Stripe).
  • Send critical account alerts, verification codes, and security updates (e.g., Two-Factor Authentication codes).
  • Comply with our legal and regulatory obligations in Australia.

4. Disclosure of Personal Information

We only share data with trusted third parties necessary to provide our service, and only under strict confidentiality agreements:

  • Supabase (an AWS partner): For encrypted database hosting and secure authentication services.
  • Stripe: To process credit card payments and subscription billing. We do not store credit card numbers on our servers.
  • Basiq: To facilitate read-only bank feeds if you choose to link your accounts.
  • Postmark/Resend: To transmit secure transactional and verification emails.

We do not transfer your personal information to overseas recipients unless strictly necessary, and only to providers that meet equivalent or higher data security standards.

5. Security & Data Protection

We employ industry-standard technical and organizational security measures to protect your information:

  • Encryption in Transit: All traffic is encrypted using modern Transport Layer Security (TLS 1.3/1.2).
  • Encryption at Rest: Sensitive database records and backups are encrypted at rest using Advanced Encryption Standard (AES-256).
  • Multi-Factor Authentication (MFA/2FA): We strongly encourage and support secure authentication to safeguard your account against unauthorized entry.

While no method of digital storage or transmission is 100% secure, we continuously monitor and update our controls to meet modern security standards.

6. Data Retention & Deletion

We believe you own your data. We retain your personal information only as long as your account remains active or as required by law.

A. Account & Data Deletion Process

If you wish to delete your account and all associated personal data, you have two clear options:

  1. Self-Service Deletion: Navigate to Settings > Account in the CashedUp dashboard and click Delete Account. This will instantly queue your account and all linked personal and financial records for permanent removal.
  2. Support-Assisted Deletion: You can email us at support@cashedup.com.au with your request. We will verify your identity and process the deletion within 5 business days.

B. Retention after Deletion

Once your account deletion is processed:

  • All personal financial records, linked bank credentials mappings, and entity details are permanently deleted from our active databases.
  • Backups containing encrypted records are retained for a maximum of 30 days before being completely overwritten.
  • We may retain minimal aggregate, non-identifying transaction metadata for internal statistical purposes, or basic billing records (such as tax invoices) for up to 7 years as strictly required under Australian taxation law (Income Tax Assessment Act 1997).

7. Access and Correction

Under the APPs, you have the right to request access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, incomplete, or out of date.

Most of this data is fully editable directly by you inside the CashedUp application. For formal access requests, please contact our Privacy Officer using the details below.

8. Contact Us & Complaints

If you have any questions, concerns, or wish to lodge a complaint about how we handle your personal information, please contact us:

  • Email: privacy@cashedup.com.au
  • Address: CashedUp Privacy Officer, CashedUp Finance Pty Ltd, Sydney, NSW, Australia

We will respond to all queries and complaints within 30 days. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.