Privacy Policy

Last Updated: October 2025

1. Introduction

This Privacy Policy explains how Verifiable Pty Ltd (ABN 52 680 890 082) trading as Broker Passport (“Broker Passport”, “we”, “our”, or “us”) collects, uses, discloses, and protects personal information.

Broker Passport provides a secure digital platform for finance brokers and aggregators to store and share accreditation data with participating lenders. Our goal is to simplify accreditation processes while maintaining the highest standards of data security, integrity, and privacy.

We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and to aligning our practices with international frameworks including the General Data Protection Regulation (GDPR) (EU/UK), California Consumer Privacy Act (CCPA), and Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

We collect personal information necessary to facilitate broker accreditation, verification, and compliance processes. This may include:

  • Personal Identifiers: full name, contact details, email address, phone number, date of birth, and proof of identity documents (e.g., driver’s licence, passport).
  • Professional Information: aggregator affiliation, Australian Credit Licence number, MFAA/FBAA membership, certifications, employment history, and relevant qualifications.
  • Compliance and Accreditation Information: accreditation forms, lender-specific requirements, declarations, and historical submissions.
  • Sensitive Information: background checks, police clearances, and criminal history records where required by lenders or aggregators.
  • Technical Information: device identifiers, IP addresses, browser type, operating system, and activity logs generated while using our platform.
  • Cookies and Tracking Data: small data files used for authentication, analytics, and performance monitoring.

We collect this information when you:

  • Create or manage an account on the Broker Passport platform;
  • Upload or submit accreditation data;
  • Are referred by an aggregator or other third party; or
  • Interact with our website, CRM, or analytics tools.

3. How We Use Personal Information

We process personal information to deliver and improve the Broker Passport service, including:

  • Managing user accounts and authentication;
  • Facilitating broker accreditation submissions to lenders;
  • Conducting identity, membership, and compliance checks;
  • Maintaining audit trails for accreditation data;
  • Communicating with users about updates, compliance, and technical matters;
  • Operating, maintaining, and improving the security and functionality of our systems;
  • Analysing usage patterns to improve user experience; and
  • Complying with our legal and regulatory obligations.

Our processing relies on legitimate interests and contractual necessity as the lawful bases for handling personal data under GDPR.

4. Data Sharing and Disclosure

Broker Passport shares data strictly as necessary to perform its functions.

We may disclose personal information to:

  • Lenders and financial institutions to which brokers submit accreditation applications.
    • Data is transmitted directly to the lenders’ systems via secure encrypted channels.
  • Aggregators, when they provide accreditation data or manage their brokers through our platform.
  • Service providers and processors, including:
    • Cloud infrastructure providers (Google Cloud Platform, Australia region)
    • CRM and analytics tools (for user management, technical support, and usage analysis)
    • Security and compliance monitoring services
  • Regulatory or law enforcement authorities, when required by law or to protect against fraud, misuse, or security threats.

We do not sell or rent personal data to third parties.

All third-party processors are contractually bound to handle data in accordance with strict confidentiality, security, and data protection obligations.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Authenticate users and maintain session continuity;
  • Analyse website and platform usage (via Google Analytics or equivalent tools); and
  • Improve system performance and user experience.

You may manage or disable cookies in your browser settings, but certain platform functions may not operate correctly without them.

6. Data Security

Broker Passport employs industry-leading security practices to protect all data under our control.

Key measures include:

  • Encryption of data in transit and at rest using modern cryptographic standards (e.g., AES-256 and TLS 1.2+);
  • Access controls, multi-factor authentication, and role-based permissions;
  • Network firewalls and continuous security monitoring;
  • Periodic security audits and penetration testing; and
  • Internal policies to ensure staff adhere to confidentiality and data handling standards.

Despite these safeguards, no system is entirely immune from risk. Users are encouraged to use strong passwords and notify us immediately of any suspected unauthorised access.

7. Data Storage and Retention

All personal data is hosted on Google Cloud Platform (GCP) within Australia.

We retain data only as long as necessary to fulfil the purposes for which it was collected:

  • User account data: retained while the account remains active.
  • Accreditation records: retained for up to 7 years of inactivity, or 6 months following confirmed deletion, whichever occurs first.
  • System and security logs: retained for shorter operational periods, as required for audit and compliance.

Upon expiry of retention periods, data is securely deleted or anonymised in accordance with ISO 27001–aligned data destruction procedures.

8. International Data Transfers

Broker Passport does not transfer personal data outside of Australia.
All cloud hosting, storage, and processing take place within Australian data centres.

Should cross-border transfers ever become necessary, we will implement appropriate safeguards (such as Standard Contractual Clauses) to ensure continued protection of personal information.

9. Your Rights

Under applicable privacy laws, users have the right to:

  • Access the personal data we hold about them;
  • Request correction of inaccurate or incomplete data;
  • Request deletion (“right to be forgotten”) where legally permissible;
  • Object to certain types of processing; and
  • Request data portability in structured electronic form.

To exercise these rights, please contact our Privacy Officer at privacy@brokerpassport.com.au.
We may require verification of your identity before processing your request.

10. Legal Basis for Processing

We process personal data under one or more of the following legal bases:

  • Contractual necessity: to perform our obligations to brokers, aggregators, and lenders.
  • Legitimate interests: to maintain platform integrity, security, and service improvement.
  • Legal obligation: to comply with applicable laws or regulatory reporting requirements.

11. Age Restrictions

Broker Passport is intended for use by adults aged 18 and over.
We do not knowingly collect or process information relating to minors.
If we become aware that we have collected personal information from an individual under 18, we will promptly delete that data.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal obligations.
The latest version will always be available at www.brokerpassport.com.au/privacy and will include a “Last Updated” date.

Continued use of our platform after updates constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data handling practices, please contact:

Privacy Officer
Verifiable Pty Ltd (trading as Broker Passport)
📧 privacy@brokerpassport.com.au

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.