Privacy Policy
Last updated: 18 February 2026
Finance Frank ABN 20 530 863 914 ("we", "us", "our") operates the Finance Frank platform at financefrank.ai and app.financefrank.ai. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Information we collect
We collect the following types of personal information:
- Account information — name, email address, password (hashed), date of birth, state of residence.
- Financial information — assets, liabilities, income sources, transactions, budgets, goals, insurance policies, superannuation details, tax information (including Tax File Number if provided), ABN/ACN.
- Entity information — details of companies, trusts, SMSFs, and partnerships you manage.
- Usage data — pages visited, features used, API requests, IP address, browser type, device information.
- AI conversation data — messages you send to Frank (our AI advisor) and the responses generated.
- Payment information — processed by Stripe. We store your Stripe customer ID and subscription status but do not store credit card numbers.
- Documents — files you upload (e.g. loan agreements, policy schedules, valuations).
2. How we collect information
We collect personal information:
- Directly from you when you create an account, enter financial data, upload documents, or interact with Frank.
- Automatically through server logs and usage analytics when you use the platform.
- From third-party services: Stripe (payment processing), Supabase (authentication), and market data providers.
3. Why we collect and use your information
We use your personal information to:
- Provide and improve the Finance Frank platform and its features.
- Generate personalised financial insights, health scores, and AI-powered recommendations.
- Process subscription payments and manage your account.
- Send service-related notifications (e.g. bill reminders, compliance alerts).
- Maintain audit logs for security and compliance purposes.
- Comply with legal obligations under Australian law.
We will not use your personal information for purposes unrelated to the above without your consent.
4. Third-party service providers
We share personal information with the following third parties, solely for the purpose of providing our services:
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase | Database & authentication | All user data (encrypted at rest) | Australia / US |
| Stripe | Payment processing | Email, subscription status | US (PCI-DSS compliant) |
| Anthropic (Claude) | AI advisor (Frank) | Conversation messages, financial context | US |
| Vercel | Website hosting | IP address, usage data | Global CDN |
We do not sell, rent, or trade your personal information to any third party.
5. Data security
We take reasonable steps to protect your personal information, including:
- Encryption of data in transit (TLS/HTTPS) and at rest (database-level encryption).
- Application-level encryption of sensitive fields (e.g. Tax File Number).
- Row-level security (RLS) ensuring users can only access their own data.
- JWT-based authentication with token expiry and verification.
- Rate limiting and input sanitisation to prevent abuse.
- Audit logging of API access for security monitoring.
- Security headers (X-Frame-Options, CSP, etc.) to prevent common web attacks.
6. Data retention
- Active accounts — we retain your data for as long as your account is active.
- Deleted accounts — upon account deletion, we delete or anonymise your personal data within 30 days, except where retention is required by law.
- AI conversations — chat history is retained while your account is active and deleted upon account deletion.
- Audit logs — retained for 2 years for compliance and security purposes.
- Payment records — retained for 7 years as required by Australian tax law.
7. Your rights
Under the Australian Privacy Principles, you have the right to:
- Access your personal information — request a copy of the data we hold about you.
- Correction — request correction of inaccurate or incomplete information.
- Deletion — request deletion of your account and personal data.
- Complaint — lodge a complaint if you believe we have breached the Privacy Act.
To exercise any of these rights, contact us at the details below.
8. Data breach notification
In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. Specifically, we will:
- Conduct a reasonable and expeditious assessment within 30 days of becoming aware of grounds to suspect a breach.
- Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable if a breach is assessed as an eligible data breach.
- Notify affected individuals directly via email, including a description of the breach, the types of information involved, and recommended steps to protect themselves.
- Take reasonable steps to contain the breach and mitigate any resulting harm.
9. Cookies and tracking
We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. Local storage is used for user preferences (theme, notification settings).
10. Children
Finance Frank is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:
- Email: privacy@financefrank.ai
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).