Privacy Policy

WealthWise is a personal wealth management service operated by RoundRock Labs Pty Ltd (ABN 50 698 674 967) ("we", "us" or "our"). This Privacy Policy sets out how we collect, hold, use and disclose personal information in connection with the WealthWise platform and related services (collectively, the "Service").

We are bound by the Privacy Act 1988 (Cth) (the "Privacy Act") and the Australian Privacy Principles ("APPs") contained in Schedule 1 of that Act. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

Identity and account information

• Full name and email address, collected at the time of registration
• Account credentials, which are stored in a protected and non-recoverable form
• Subscription status and billing records; payment card details are collected and held exclusively by our payment processor and are not retained by us

Financial information (provided by you)

• Ownership structures, including self-managed superannuation funds, family trusts, companies and personal holdings
• Real property details, including addresses, estimated valuations, acquisition costs, encumbrances and rental income
• Investment portfolios, including listed securities, managed funds, cash holdings and superannuation balances
• Liabilities, including mortgage balances, personal loans and other indebtedness
• Planning assumptions, including projected growth rates, income targets and modelling parameters

The Service does not connect to or retrieve data from any financial institution, stockbroker or government authority. All financial information is entered by you voluntarily. You retain full control over the information you choose to provide.

We collect and use personal information solely for the following purposes:

• To establish and administer your account and provide you with access to the Service
• To generate the net worth calculations, financial projections and retirement models that form the core of the Service
• To send transactional communications necessary to the operation of your account, including registration confirmations, subscription receipts and security notifications
• To respond to enquiries and provide customer support

We do not use your personal or financial information for marketing, targeted advertising, customer profiling, benchmarking, or research purposes of any kind. We do not sell, licence or otherwise commercialise your information.

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification and disclosure. These steps include:

• Logical access controls: Each user's data is strictly isolated at the infrastructure level. No other user can access your records under any circumstances.
• Encryption in transit: All communications between your device and the Service are encrypted using industry-standard protocols.
• Encryption at rest: All data stored within our infrastructure is encrypted at rest.
• Access authentication: Access to the Service requires verified credentials. Account passwords are stored in a form that cannot be read, reversed or recovered by us.

Notwithstanding the above, no method of electronic storage or transmission is completely secure. We cannot guarantee the absolute security of your information, but we are committed to promptly notifying you of any breach that is likely to result in serious harm, as required under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act.

We will not disclose your personal or financial information to any third party except in the following limited circumstances:

• Infrastructure service providers — we engage third-party providers to host and operate the Service's database and infrastructure. These providers are engaged under contractual obligations of confidentiality and are not permitted to use your data for any independent purpose.
• Payment processor — subscription payments are processed by a third-party payment provider. That provider receives only the information necessary to process your payment and is bound by its own privacy obligations.
• Legal obligations — we may disclose information where required to do so by law, by order of an Australian court or tribunal, or in response to a lawful request by a regulatory or law enforcement authority.

We do not disclose personal information to advertisers, data brokers, analytics providers or any other commercial third parties.

Our infrastructure providers may store and process data on servers located outside of Australia. Where personal information is disclosed to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information, in accordance with APP 8.1 of the Privacy Act.

We retain personal information for as long as your account remains active and for such further period as may be required to meet our legal obligations or resolve disputes. Cancellation of a subscription does not result in the automatic deletion of your data; your account will enter a read-only state and your information will be preserved unless you request deletion.

You may request the permanent deletion of your account and all associated personal information at any time by contacting us at privacy@roundrocklabs.ai. We will action all verified deletion requests within 30 days of receipt.

Subject to the exceptions set out in the Privacy Act, you have the following rights in respect of personal information we hold about you:

• Right of access (APP 12): You may request access to the personal information we hold about you.
• Right of correction (APP 13): You may request that we correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading.
• Right to deletion: You may request the erasure of your personal information, subject to our legal retention obligations.
• Right to complain: You may lodge a complaint with us regarding how we have handled your personal information.

To exercise any of the above rights, please contact us at privacy@roundrocklabs.ai. We will respond to all requests within a reasonable time and in any event within 30 days. If you are dissatisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

The Service uses only cookies and similar technologies that are strictly necessary for authentication and the maintenance of your session. We do not use cookies or any other tracking technology for advertising, behavioural profiling or third-party analytics purposes.

We reserve the right to amend this Privacy Policy at any time. Where we make a material change to how we collect, hold, use or disclose personal information, we will notify registered users by email prior to the change taking effect. Continued use of the Service following notification constitutes acceptance of the revised Policy. The current version of this Policy is published at wealthwise.pro/privacy.

All privacy enquiries, access requests, correction requests and complaints should be directed to our Privacy Officer: