Privacy & Confidentiality Policy

Overview 

Moneycatcha Pty Ltd (trading as Stryd) provides a high-security loan-monitoring and financial insight platform designed for mortgage brokers, aggregators, and their clients. We operate a B2B2C model, processing information provided by financial professionals about their customers, as well as information collected directly from consumers. We are committed to protecting this data in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Consumer Data Right (CDR) framework.  

Information We Collect 

We collect only the data required to deliver automated loan reviews and refinancing insights: 

• Consumer Identity Data: Full names, email addresses, and mobile phone numbers. 
• Loan & Financial Data: Information including lender names (e.g., Westpac, Adelaide Bank), interest rates, loan purposes, BSBs, Account Numbers, current balances, and available redraw credit. 
• Broker & Aggregator Data (Enterprise): Trading names, business addresses, ABNs, Australian Credit Licence (ACL) numbers, and aggregator-specific external IDs. 
• Property & Valuation Data: Physical addresses and automated property valuations provided via our integration with PropTrack. 
• Technical Data: Device ID, IP address, geo-location, and standard web log information for security and session management. 

Data Collection Pathways 

From Enterprise Partners: Brokers and aggregators provide client loan data to identify retention or refinancing opportunities. 

• Directly from Individuals: Through our website, web application, or digital consent requests sent via email.
• Via Secure API: Through automated integrations with enterprise financial systems. 
• Open Banking: With explicit consumer consent, we access banking data via our CDR intermediary using authorised CDR APIs, operating under a "Trusted Adviser" model.

Data Resiliency & Subprocessors 

To ensure high standards of data sovereignty and security, Stryd utilizes the following infrastructure and third-party services: 

• Primary Hosting: All core production data and application services are hosted on Amazon Web Services (AWS) in the Sydney, Australia region.
• Subprocessors: We utilise specialised third parties for core functionality, including PropTrack (valuations), Adatree (CDR intermediary), and Twilio/SendGrid (email delivery). A full list of our subprocessors and their data locations is maintained at our Trust Centre (https://trust.stryd.au)

How We Use Your Information 

We process data to deliver actionable financial insights: 

•  Loan Health Monitoring: Tracking interest rate fluctuations against a consumer's current loan to identify potential savings. 
• Automated Lead Generation: Notifying brokers of priority retention leads when a client's loan reaches a specific age or a more competitive rate is available. ● Enterprise Branding: Managing custom email templates and verified email domains for brokers to communicate with their clients. 
• Audit Compliance: To maintain records required for independent security and privacy audits.

Security, Retention & Secure Disposal 

Stryd maintains strict controls over the entire data lifecycle to comply with international security standards:

• Encryption: Data is stored using cryptographic measures for data at rest and in transit. 
• Retention: Information is kept only for as long as necessary for the purpose of collection or as required by Australian law. 
• Secure Disposal: In accordance with APP 11.2 and our Data Management Policy, when data is no longer required or upon a valid Deletion Request, we take reasonable steps to destroy or de-identify the records. This includes the secure erasure of digital records and ensuring data is removed from backups within a reasonable timeframe, consistent with our backup retention practices. 

Individual Rights & Consent Management 

Regardless of how your information entered our systems, you may have the following rights and choices in relation to personal information we hold about you:

• Access & Correction: You may request access to, or correction of, your personal information in accordance with the Privacy Act 1988 (Cth). We may need to verify your identity before responding to a request. 
• Requests for deletion of personal information: You may request deletion of personal information we hold by contacting security@stryd.au. We will  assess and action requests in accordance with the Privacy Act 1988 (Cth) and other applicable legal and regulatory obligations. In some circumstances, we may be required to retain certain information (for example, for compliance, audit, security, dispute resolution, or legal purposes). Where deletion is appropriate, we take reasonable steps to permanently destroy or de-identify the relevant information within a reasonable timeframe and maintain records of such actions for audit purposes. 
• Withdrawal of consent / revocation of sharing: Where we rely on your consent (including where you have enabled Open Banking or CDR-related sharing), you can withdraw your consent or revoke sharing permissions at any time through the relevant product or platform. Once consent is withdrawn, we will cease further collection of information under that consent. Information previously collected may be retained and used where required or permitted by law, including for security, compliance, audit, dispute resolution, and service continuity purposes. 
• Marketing preferences: You can opt out of receiving marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly. Where you opt out, we may still send you important service-related communications.

Using Our Website and Cookies 

We may collect personal information about you when you use and access our website. 

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so. 

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy and Confidentiality Policy. 

Making A Complaint 

If you have concerns about your privacy, please contact us at security@stryd.au. We will acknowledge your complaint and respond within a reasonable period. Unresolved complaints can be referred to the Office of the Australian Information Commission (OAIC):

• Online: www.oaic.gov.au/privacy  
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au 
• Fax: +61 2 9284 9666 
• Mail: GPO Box 5218, Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601

Contact Us 

For all privacy enquiries or Data Deletion Requests:

• Email: security@stryd.au
• Mail: Flux, L1 191 St George's Terrace, Perth WA 6000