Terms

Privacy Policy

Obliq Pty Ltd (“Obliq,” “we,” “us,” or “our”) is committed to protecting the privacy of users (“you” or “Customer”) of our compliance-focused SaaS platform (“Platform”) and related services (“Services”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (e.g., www.obliq.io), register for an account, or otherwise use our Platform. By accessing or using the Services, you consent to the practices described in this policy.

1. Scope & Applicability

  1. Who Is Covered
    This policy applies to:
    • Users who register for or access an Obliq Account (e.g., administrators, advisers, compliance officers—collectively, “Authorized Users”).
    • End clients of financial advisory firms (“End Clients”) whose data is uploaded by a Customer into Obliq.
    It does not cover third-party websites, applications, or services linked from our Platform.
  2. Jurisdictions
    Obliq is an Australian company. We comply with the Australian Privacy Act 1988 (including the Australian Privacy Principles) and, where applicable, the EU’s General Data Protection Regulation (“GDPR”) for European data subjects.
  3. Definitions
    • “Personal Data” means any information that identifies or can reasonably identify an individual (e.g., name, email, date of birth).
    • “Customer Data” refers to any data, documents, or information that a Customer or its Authorized Users upload or generate within the Platform (including End Client data).

2. Information We Collect

  1. Account Registration & Profile Information
    When you create an Account, we collect:
    • Full name, email address, phone number, business name, and role/title.
    • A password (stored in hashed form).
    • Company billing address and payment information (e.g., credit card details via a third-party processor).
  2. Customer Data (Uploaded by You)
    Customers who onboard End Clients will typically upload:
    • End Client’s personal details: name, date of birth, residential address, email, phone.
    • Identification documents: passport, driver’s license, national ID scans or photos.
    • Fact-find information: employment status, income, financial goals.
    • “Investor status” documentation (e.g., proof of sophisticated or wholesale status).
    • Statements of Advice (SoAs), KYC forms, risk-profile questionnaires, and other compliance files.
  3. Platform Usage & Analytics
    We automatically collect certain technical data when you use or interact with the Platform, including:
    • IP address, browser type/version, operating system, device identifiers.
    • Pages viewed, time and date of access, clickstream data, and other analytics via cookies and similar technologies.
    • API request logs (including endpoint accessed, timestamp, and response codes) for debugging, monitoring, and security.
  4. Third-Party Integrations & Identity Verification
    When you (or your End Clients) trigger an identity check (e.g., via Stripe Identity, Twilio Verify), we receive verification results (document scan success, liveness check, etc.) but do not store raw biometric photos beyond the minimum required by our identity-verification partners. We rely on third-party processors’ privacy policies for storing and processing biometric or sensitive information.
  5. Communications & Support
    If you contact Obliq for support, we may collect emails, chat transcripts, or recordings to troubleshoot issues, improve our Services, and train our team.

3. How We Use Your Information

  1. To Deliver & Improve Services
    • Authenticate and authorize your Account and provide access to the Platform.
    • Host, store, and process Customer Data (e.g., onboarding documents, KYC files).
    • Generate, display, and update real-time analytics, dashboards, and compliance reports.
    • Send automated reminders, notifications, and follow-ups to End Clients or Authorized Users.
    • Monitor and analyze system performance and usage to optimize the Platform’s reliability and user experience.
  2. Compliance & Legal Obligations
    • Maintain audit trails and logs to help you meet regulatory requirements (ASIC, AUSTRAC, FASEA).
    • Respond to lawful requests for information from public authorities (e.g., subpoenas, court orders).
  3. Billing & Administration
    • Process payments, manage subscriptions, and send invoices or receipts.
    • Enforce our Terms and other agreements, including detecting and preventing fraud or abuse.
  4. Marketing & Communications (with opt-in)
    • Send newsletters, product updates, or promotional materials—only if you have expressly opted in.
    • Conduct surveys or user research and gather feedback to improve our Services.
  5. Security & Fraud Prevention
    • Detect, investigate, and prevent unauthorized access, misuse, or criminal activity.
    • Encrypt sensitive data and use intrusion detection to safeguard your information.

4. Cookies & Tracking Technologies

  1. Types of Cookies
    Essential Cookies: Required for the Platform to function (session cookies for login, CSRF tokens).
    Performance & Analytics Cookies: Collect usage statistics (e.g., Google Analytics) to monitor site performance and improve our features.
    Functional Cookies: Remember preferences (e.g., language, time zone).
  2. Managing Cookies
    You can manage or delete cookies via your browser settings. Disabling certain cookies may limit the functionality of the Platform.

5. Disclosure of Your Information

  1. Service Providers & Subprocessors
    We may share Personal Data and Customer Data with:
    Cloud Hosting Providers: AWS or a comparable Tier-1 data center (Australia) that store and process data on our behalf.
    Identity Verification Partners: Stripe Identity, Twilio Verify, or similar vendors, strictly for KYC checks.
    Payment Processors: Stripe, PayPal, or a similar trusted third party to process subscription payments.
    Analytics Providers: Google Analytics (or equivalent) for anonymized site usage data.
    Customer Support Tools: Intercom, Zendesk, or similar platforms for ticketing and support.
    Each subprocessor is contractually bound to use data only for the services we request and to maintain adequate security controls.
  2. Affiliates & Transfers
    • Obliq may share your information with wholly owned subsidiaries or affiliates for business continuity, support, or administrative functions.
    • In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity—provided they adhere to a privacy policy at least as protective as this one.
  3. Legal & Safety
    • Obliq may disclose Personal Data or Customer Data if required to comply with applicable laws, regulations, or legal processes (e.g., court orders, subpoenas).
    • We may also share information if we believe it is necessary to investigate fraud, protect our rights or property, or respond to an emergency that threatens anyone’s safety.
  4. Aggregate & De-identified Data
    We may use aggregated or de-identified data (in which individual users cannot be re-identified) for analytics, benchmarking, research, and marketing. Such data does not constitute Personal Data.

6. Data Retention & Deletion

  1. Account & Customer Data
    • We retain your Account information (profile, billing) for as long as your Account is active or as needed to provide Services.
    • Customer Data (including End Client documents) is retained for the duration of your subscription and for 30 days after termination or account closure, unless you request earlier deletion. After 30 days, we may permanently delete or irreversibly anonymize data.
  2. Backups & Logs
    System backups and logs (including audit trails, API logs) may be retained for up to 12 months to meet security, legal, or compliance requirements.
  3. Deletion Requests
    You may request deletion of your Account at any time by contacting privacy@obliq.io. We will delete your profile data within 30 days, except for data we are legally required to keep (e.g., tax invoices, audit logs).

7. Security Measures

  1. Encryption & Access Controls
    • All Customer Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
    • Role-based access control ensures only authorized personnel can view sensitive data.
    • Multi-factor authentication (MFA) is available for all user accounts.
  2. Infrastructure Security
    • We host our Platform in Tier-1 Australian data centers (AWS or equivalent) with SOC 1/SOC 2 compliant controls.
    • Firewalls, intrusion detection/prevention systems (IDS/IPS), and regular vulnerability scans (quarterly) protect against attacks.
    • Disaster recovery and business continuity plans ensure at least 99.9% uptime and rapid restoration in case of an outage.
  3. Employee Training & Policies
    Our staff undergo annual security and privacy training. Access to production systems is strictly limited to essential personnel under non-disclosure agreements.

8. Your Rights & Choices

  1. Access & Correction
    You may review, update, or correct your Account profile information at any time by logging into your account settings. For Customer Data (End Client data), please contact your firm’s administrator.
  2. Data Portability & Export
    You can export your Account data (profile details, billing history) from the Platform. For bulk exports of Customer Data (e.g., KYC files, reports), contact support@obliq.io to request a data dump in CSV or JSON format.
  3. Deletion & Right to be Forgotten
    You may request deletion of your Account or Personal Data by emailing privacy@obliq.io. We will comply unless retention is required by law (e.g., retaining tax invoices for 7 years).
  4. Consent & Marketing Opt-Out
    You can opt out of marketing communications at any time by clicking “Unsubscribe” in promotional emails or by contacting privacy@obliq.io. Transactional messages (e.g., account notifications, system alerts) cannot be opted out of, as they are necessary to provide the Services.
  5. Object & Restrict Processing
    Where required by applicable law, you may object to or restrict our processing of your Personal Data. Please send a written request to privacy@obliq.io, identifying the specific data and processing activities.

9. Children’s Privacy

Our Services are not intended for individuals under 18 years old. We do not knowingly collect or solicit Personal Data from minors. If we learn we have collected data from a minor, we will promptly delete it.

10. International Data Transfers

While we primarily store data in Australia, Customer Data may be transmitted or accessed by subprocessors or affiliates in other jurisdictions (e.g., Stripe servers in the U.S., Google Analytics servers anywhere). We implement standard contractual clauses or equivalent safeguards to ensure that personal data remains protected to a high standard when transferred internationally.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we post changes, we will update the “Last Updated” date at the top and, if changes are material, provide a 30-day notice via email or Platform announcement. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Obliq Pty Ltd
Privacy Team
Email: privacy@obliq.io
Address: Level 5, 123 Compliance Street, Sydney, NSW 2000, Australia

You also have the right to lodge a complaint with your local privacy authority (e.g., Office of the Australian Information Commissioner or an EU Data Protection Authority) if you believe your personal data has been handled in violation of applicable law.

By using Obliq’s Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.