Privacy Policy

1. Introduction

This Privacy Policy describes how Slowburn Wealth ("we", "our", or "us") collects, uses, stores, and discloses your personal information when you use the Slowburn mobile application (the "App") and any related services.

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) ("Privacy Act"), the Australian Privacy Principles ("APPs"), and the Consumer Data Right ("CDR") Privacy Safeguards under the Competition and Consumer Act 2010 (Cth).

By using the App, you consent to the collection and use of your personal information as described in this policy. If you do not agree, please do not use the App.

2. Information We Collect

2.1 Information You Provide

• Apple ID information provided through Sign in with Apple (name and email address, or a private relay email if you choose to hide your email)

2.2 Financial Data Accessed Through Third-Party Services

With your explicit consent, we access the following financial data from your linked accounts through authorised third-party data aggregation services:

• Account balances and transaction history
• Investment holdings and portfolio data (stocks, ETFs, managed funds, and similar instruments)

We do not access or store sensitive banking credentials such as BSB numbers, account numbers, or login passwords. Authentication with your financial institutions is handled entirely by our authorised third-party aggregation partner.

2.3 Automatically Collected Information

We may collect limited technical information to ensure the App functions correctly, including device type, operating system version, and app version. This information is collected in anonymised form and does not include any financial data.

3. How We Use Your Information

We use your personal and financial information solely for the following purposes:

• To provide the core functionality of the App, including displaying your financial accounts, balances, and investment holdings in a consolidated view
• To authenticate your identity via Sign in with Apple
• To improve the App's performance and user experience using anonymised, non-financial data
• To comply with applicable laws, regulations, and legal obligations

We do not use your personal or financial data for marketing, advertising, profiling, or any purpose unrelated to providing you with the App's services.

4. How We Store and Protect Your Information

Your data is stored on Australian-hosted cloud infrastructure (DigitalOcean, Sydney region). We implement the following security measures to protect your information:

• Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256)
• Access controls and authentication for all backend systems
• Regular security reviews and monitoring of infrastructure
• Principle of least privilege applied to all system access

We retain your personal and financial data only for as long as is necessary to provide our services or as required by law. When you delete your account, we will delete or de-identify your personal information within 30 days, unless we are required to retain it for legal or regulatory purposes.

5. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We do not share your personal or financial data with any third parties, except in the following limited circumstances:

• Third-party bank account aggregation services, solely to facilitate the retrieval of your financial data at your direction
• Where required or authorised by Australian law, regulation, or court order
• To protect the rights, property, or safety of Slowburn Wealth, our users, or the public

Any anonymised and aggregated data we use for analytical purposes cannot be used to identify you and does not include any financial data.

6. Consumer Data Right (CDR) Compliance

Where we access data through the Consumer Data Right framework, we comply with the CDR Privacy Safeguards, including:

• Privacy Safeguard 1: We maintain this privacy policy in an open and transparent manner
• Privacy Safeguard 3: We only collect CDR data that you have explicitly consented to share, and only for the purposes you have authorised
• Privacy Safeguard 4: We notify you at the point of collection about what data is being collected, why, and how it will be used
• Privacy Safeguard 5: We do not use or disclose CDR data for purposes beyond those consented to
• Privacy Safeguard 6: We do not use CDR data for direct marketing purposes
• Privacy Safeguard 7: We do not disclose CDR data to overseas recipients
• Privacy Safeguard 10: We maintain CDR data quality by synchronising with data holders as needed
• Privacy Safeguard 11: We implement robust security measures to protect CDR data from unauthorised access, misuse, or loss
• Privacy Safeguard 12: We will notify you and the Australian Information Commissioner of any eligible data breaches involving CDR data
• Privacy Safeguard 13: We will delete or de-identify your CDR data when it is no longer needed for the consented purpose, or upon your request

7. Your Rights

Under the Privacy Act and the APPs, you have the following rights:

• Access: You may request access to the personal information we hold about you
• Correction: You may request that we correct any inaccurate or incomplete personal information
• Deletion: You may request the deletion of your personal information by deleting your account within the App or by contacting us
• Withdraw consent: You may withdraw your consent for us to access your financial data at any time by unlinking your accounts within the App
• Complaint: If you believe we have breached the APPs or CDR Privacy Safeguards, you may lodge a complaint with us (see Section 10) or with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

We will respond to all access and correction requests within 30 days.

8. Data Breach Notification

In the event of an eligible data breach as defined under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act, we will:

• Take immediate steps to contain the breach and mitigate any harm
• Assess whether the breach is likely to result in serious harm to affected individuals
• Notify the OAIC and affected individuals as soon as practicable if serious harm is likely
• Where CDR data is involved, also notify the relevant data holder

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes through the App or via email. The updated policy will take effect from the date of publication. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact us:

If you are not satisfied with our response to your complaint, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):