SortedLegalPrivacy
Legal · Privacy

Privacy policy.

Plain English. No "we may share data with affiliates" weasel-wording. Last updated March 2026.

The TL;DR.

  • What we collect: the minimum needed to verify you (name, DOB, ID), let you transact (phone, email, transactions), and stay legal (AUSTRAC reporting).
  • What we sell: nothing. We don't sell, rent, or trade your data. Not now, not ever.
  • Who we share with: Novatti (AUDD issuer), our KYC provider, our cloud infra, and law enforcement when legally required. That's it.
  • Where it lives: Australian data centres (Sydney, AWS ap-southeast-2). Backups encrypted at rest and in transit.
  • How long we keep it: only as long as legally required (7 years for transaction records, per AUSTRAC). After that, deleted.

The longer answer.

What we collect at signup

Phone number, email, full legal name, date of birth, residential address, and one form of government photo ID (drivers licence or passport). This is the legal minimum for AUSTRAC-registered services in Australia. We use a third-party KYC provider (Frankie) to verify the ID; we keep a hash of the verification result, not the document itself.

What we collect during use

Every transaction (sender, recipient, amount, time), device info (model, OS, app version), and login activity. We use this to spot fraud, comply with regulations, and improve the product.

What we never collect

Browsing history outside the app, location beyond country-level, contacts (unless you explicitly grant access for handle search), photos, microphone, or any data not directly related to the app working.

Cookies & tracking on this website

This marketing website uses one cookie to remember whether you've dismissed the cookie banner. No analytics, no Facebook pixel, no Google Tag Manager. We use server-side privacy-first analytics (Plausible) which doesn't set cookies.

Your rights

Under the Australian Privacy Principles, you can:

  • Request a copy of all data we hold on you (export from Settings → Privacy in the app, or email privacy@sortedaud.app)
  • Correct inaccurate data
  • Request deletion (subject to AUSTRAC retention requirements for transaction records)
  • Lodge a complaint with the OAIC if we mess this up

Changes to this policy

We'll notify all users in-app and by email at least 30 days before any material change. Minor wording fixes are tracked in our public changelog.

Questions about your data?

Email privacy@sortedaud.app — a real person, usually under one business day.

Claim your handle Read terms