Privacy Policy
Last Updated: February 2025
At halcytoriva, we're serious about protecting your personal information. This isn't just legal speak – we genuinely care about how your data gets handled when you use our smart budgeting tools and services.
We operate in Australia and comply with the Privacy Act 1988, including the Australian Privacy Principles. But honestly? We go beyond just ticking compliance boxes. Your financial data is sensitive, and we treat it that way.
Questions about your privacy? Contact us directly at contact@halcytoriva.com or reach our Melbourne office at 7/488 Bourke St, Melbourne VIC 3000, Australia.
What Information We Collect
Personal Details You Share With Us
When you sign up for halcytoriva, we collect basic identification info. Name, email address, phone number – the usual stuff you'd expect. If you're setting up payment features or connecting bank accounts, we'll also need financial identifiers to make those integrations work properly.
- Contact information including full name, email, and phone number
- Account credentials and authentication data
- Financial institution details when you connect accounts
- Transaction data from linked accounts (amounts, dates, merchant names)
- Budget preferences and financial goals you set within the platform
- Communication records when you contact our support team
Information We Collect Automatically
Like most digital services, we collect some technical information automatically. This helps us keep the platform running smoothly and catch any security issues before they become problems.
Device information, IP addresses, browser types, and how you interact with our platform – we log this stuff. It's not about surveillance, it's about service quality and security.
| Data Category | Specific Information | Purpose |
|---|---|---|
| Device Data | Operating system, device type, browser version | Compatibility and optimization |
| Usage Data | Pages viewed, features used, session duration | Service improvement and analytics |
| Location Data | IP-based approximate location | Fraud prevention and regional services |
| Cookie Data | Session identifiers, preferences | Authentication and personalization |
How We Use Your Information
We're not in the business of selling your data. Never have been, never will be. Everything we collect serves a specific purpose related to making halcytoriva work better for you.
Core Service Delivery
Your financial data powers the budgeting features you're actually using. Transaction categorization, spending insights, budget alerts – none of that works without processing your information. We analyse patterns to give you meaningful recommendations, but this all happens within your account.
Communication and Support
When we email you about your account or respond to support requests, we're using your contact information for those specific purposes. We might send educational content about budgeting strategies or notify you about service updates. You can opt out of marketing emails anytime, though we'll still send essential account notifications.
Security and Fraud Prevention: We actively monitor for suspicious activity to protect your account. This means analyzing login patterns, transaction behaviour, and access requests. If something looks off, we'll flag it before it becomes a problem.
Product Development
Aggregated, anonymized data helps us understand which features people actually use and which ones need improvement. We're not looking at individual accounts – we're examining usage trends across our user base to make smarter product decisions.
Data Sharing and Third Parties
We don't hand your information to random third parties. But running a financial platform means working with certain service providers and partners. Here's the honest breakdown of who sees what.
Essential Service Providers
Our banking integration partners handle secure connections to your financial institutions. Cloud hosting providers store encrypted data. Payment processors manage transactions. These companies sign strict data processing agreements and can only use your information for the specific services they provide to us.
- Banking API providers for account connections and transaction retrieval
- Cloud infrastructure providers for secure data storage
- Analytics services for platform performance monitoring (using anonymized data)
- Email service providers for transactional and marketing communications
- Identity verification services for fraud prevention
Legal Requirements
Sometimes we're legally obligated to disclose information. Court orders, regulatory investigations, or law enforcement requests backed by proper legal authority. We review every request carefully and only provide what's legally required.
Business Transfers: If halcytoriva gets acquired or merges with another company, your information would transfer as part of that transaction. Any acquiring company would need to honour the commitments made in this privacy policy.
Your Rights and Choices
This is your data. Australian privacy law gives you specific rights, and we've built tools to make exercising those rights straightforward.
Access and Portability
You can download a complete copy of your personal data from your account settings. This includes all information we've collected, formatted in a way you can actually use. Takes about 48 hours to compile everything, then we'll email you a secure download link.
Correction and Updates
Found something incorrect? You can update most personal details directly in your account settings. For changes to financial data or information sourced from connected accounts, you'll need to make corrections at the source (your bank), and updates will sync automatically.
Deletion Requests
Want to delete your account? There's an option in account settings, or you can email us. We'll permanently delete your personal information within 30 days, though we're required to keep certain financial records for seven years under Australian law. These retained records are securely stored and not used for any operational purposes.
- Request access to all personal data we hold about you
- Correct inaccurate or incomplete information
- Delete your account and associated data (with legal exceptions)
- Object to certain types of data processing
- Restrict how we process your information in specific situations
- Withdraw consent for optional data uses at any time
To exercise any of these rights, contact us at contact@halcytoriva.com. We'll respond within 30 days, usually much faster.
Data Security Measures
Security isn't something we bolt on as an afterthought. It's fundamental to how we've built halcytoriva from the ground up.
Encryption Standards
All data transmits over encrypted connections using TLS 1.3 protocols. Stored data is encrypted using AES-256 encryption. Your login credentials are hashed using industry-standard algorithms – we literally cannot see your password, even if we wanted to.
Access Controls
Only authorized halcytoriva employees with legitimate business needs can access user data, and every access is logged. Our team undergoes regular security training. We enforce two-factor authentication for all internal systems.
Third-Party Audits: We conduct annual security audits with independent cybersecurity firms. Our infrastructure undergoes regular penetration testing, and we maintain industry-standard compliance certifications.
That said, no security system is completely impenetrable. If we detect a data breach affecting your information, we'll notify you within 72 hours and provide specific guidance on protective steps you should take.
Data Retention Periods
We don't keep your information longer than necessary. Here's how long different types of data stick around.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of active account + 90 days | Service provision and account recovery |
| Transaction Data | 7 years after account closure | Legal and regulatory requirements |
| Support Communications | 3 years after last contact | Service quality and dispute resolution |
| Marketing Data | Until consent withdrawal + 30 days | Communication preferences |
| Anonymized Analytics | Indefinitely | Product improvement (cannot identify individuals) |
Once retention periods expire, we permanently delete data through secure deletion processes that prevent recovery.
Cookies and Tracking Technologies
We use cookies and similar technologies to keep you logged in and remember your preferences. Some of these are essential for the platform to function, while others help us improve the user experience.
Essential Cookies
These keep you authenticated and maintain your session as you navigate through halcytoriva. Without these, you'd need to log in on every page. They're not optional – they're required for basic functionality.
Performance and Analytics
We track how people use halcytoriva to identify confusing interfaces or features that aren't working as expected. This data is aggregated and anonymized. You can opt out through your browser settings or our cookie preferences panel.
We don't use advertising cookies or allow third-party advertisers to track you on our platform. No retargeting, no cross-site tracking for ad purposes.
International Data Transfers
halcytoriva primarily operates within Australia, and your data is stored on Australian servers. However, some of our service providers use international infrastructure, which means your information might be processed in other countries.
When data leaves Australia, we ensure adequate protections through approved transfer mechanisms. This includes standard contractual clauses and verification that receiving countries maintain privacy standards comparable to Australian requirements.
Our primary data centers are located in Sydney and Melbourne. Backup systems operate in Singapore under data processing agreements that enforce Australian privacy standards.
Children's Privacy
halcytoriva is designed for adults managing their finances. We don't knowingly collect information from anyone under 18. If you're a parent and discover your child has created an account, contact us immediately and we'll delete it.
Our platform includes age verification during signup. If we learn we've inadvertently collected data from a minor, we delete that information within 48 hours of discovery.
Changes to This Policy
We'll update this privacy policy occasionally as we add features or regulations change. Material changes trigger email notifications to all users. The "Last Updated" date at the top reflects our most recent revisions.
Continuing to use halcytoriva after policy updates means you accept the changes. If you disagree with new terms, you can close your account before they take effect.
Complaints and Disputes
If you're not satisfied with how we've handled your privacy concerns, you have options. Start by contacting our privacy team at contact@halcytoriva.com. We'll investigate and respond within 30 days.
Still not satisfied? You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). They're the independent regulator responsible for privacy oversight in Australia.
- Office of the Australian Information Commissioner
- Phone: 1300 363 992
- Website: www.oaic.gov.au
- Mail: GPO Box 5218, Sydney NSW 2001
halcytoriva | 7/488 Bourke St, Melbourne VIC 3000, Australia
Phone: +61 418 693 914 | Email: contact@halcytoriva.com
This privacy policy is governed by Australian law and complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles.