Skip to content

Privacy policy

Last updated: 12 September 2025

1. About this Privacy Policy

This Privacy Policy outlines the personal information handling practices of Swyftx Pty Ltd (ACN 623 556 730) and our related bodies corporate ("Swyftx", "our", "us" or "we"). Our Privacy Policy sets out how we collect, use, store and disclose your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By providing personal information to us, you consent to the collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other agreements we have with you. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

2. Information Collection

2.1 What information do we collect?

Swyftx collects different types of personal information needed to provide you with our products and services to customers. The information collected depends on the services you use and your interactions with Swyftx. In order to provide you with services that meet your particular needs and objectives we may need to collect any or all of the following information:

  • (a)Personal and contact details: Your name, address, email address, phone number, and date of birth.
  • (b)Identity information documents from Australian Government Sources: Your Tax File Number and country of tax residency; Medicare card, Australian passport, driver licence, proof of age/photo ID card, or pension card details; immigration documents, when foreign passports are supplied; and citizenship, birth, death and marriage certificates.
  • (c)Foreign government identifiers and identity documents: Foreign government identity documents and identifiers such as tax identification number and country of tax residency; and foreign passport and driver's licence.
  • (d)Financial information: Details of your employment, income, assets, financial liabilities and other evidence relating to the source of your wealth or funds; and copies of bank statements and other statements from other financial institutions and government bodies. This may also include details of your financial needs and objectives, any financial hardship, investment preferences, past investment experience, and your level of risk tolerance.
  • (e)Transaction information: Information about transactions that you have made using our products and services.
  • (f)Socio-demographic information: Your marital status, age, gender, occupation and nationality.
  • (g)Interaction information: Details of your interactions with us, such as when you have a phone call with us, use our online services, make an enquiry, provide feedback, or make a complaint.
  • (h)Digital information: Includes information collected when you use our online services, including location data (if enabled), IP address, source port, device/browser details (mobile and tablet), and internet/mobile network provider. We do not link this technical data to you unless we reasonably believe it is necessary for fraud detection or security purposes. We may also collect information using technologies like cookies and other tracking tools for platform performance, user behaviour analysis, and security. Cookies are small pieces of information sent to your browser and stored on your device's hard drive that allow websites to operate more efficiently and improve your browsing experience. We may deploy third-party tracking technologies, including tracking pixels, which collect information about user activity when a webpage loads. These technologies are configured to collect only the minimum personal information necessary and are used to analyse website traffic, measure advertising campaign success, and deliver targeted advertising on third-party platforms in accordance with this Privacy Policy. If you access our social media pages, we may collect your user ID/name, permitted shared information (e.g., profile picture), and any disclosed content related to that service.
  • (i)Behavioural information: Information that is generated from how you use our products and services, including interactions, use, habits, mouse movements, clicks, text entered, pages viewed and other behaviours when dealing with us, our website, other platforms (whether embedded in our website or otherwise), and our services.
  • (j)Call recordings: We may monitor and record calls between you and Swyftx. We will notify you when this occurs.
  • (k)Sensitive information: This is personal information that includes information relating to your racial or ethnic origin, criminal history, or political affiliation. In certain situations, we or our third-party service providers may collect and use sensitive information, such as biometric information (e.g., your face), for automated identity verification. We will only collect other sensitive information from you with your consent.
  • (l)Publicly available information: We may collect and handle information that is in the public domain, such as from online forums, websites, Facebook, Twitter, YouTube or other social media (for example, if you use social media to make a complaint); and public registers (for example, those kept by the Australian Securities and Investments Commission).
  • (m)Other information: Includes details of any professional advisers you engage with, estate planning details, employment history, and your agreement to grant access to a spouse or partner's information in connection with your Swyftx account.

2.2 How do we collect your information?

We primarily collect personal information directly from you, but may also gather it from other individuals and organisations to provide our products and services to you. We collect information through various sources to provide our services and meet our regulatory obligations:

  • (a)Directly from you: We collect information directly from you when you register for an account, use Swyftx services, complete online forms, participate in surveys or competitions, communicate with us via phone, email, live chat, or social media, or interact with customer support.
  • (b)From third parties:
    1. (i)Identity verification services: Swyftx engages third-party identity verification providers to confirm your identity and comply with regulatory obligations. This may include verification against records held by regulatory bodies such as the Australian Securities and Investments Commission or Australian Taxation Office for Australian companies, trusts, or registered co-operatives.
    2. (ii)Financial institutions: Information may be received from banks, payment processors, or other financial institutions involved in your transactions with Swyftx, primarily for transaction processing, fraud prevention, and compliance.
    3. (iii)Public sources: Information may be collected from publicly available government registers, commercial databases, or open-source intelligence, where relevant and permissible by law for compliance or due diligence purposes.
    4. (iv)Referral partners: If you are referred to Swyftx by a third party, that party may provide basic contact information.
    5. (v)Other entities with consent: We may seek your express permission to collect information from other entities, such as product providers, accountants, or solicitors, where this information may not be currently available to you.
  • (c)Through technology: Certain technical data is automatically collected through your interaction with Swyftx's website, mobile applications, and other digital platforms. This includes the use of cookies, web beacons, analytics tools, and server logs to monitor platform performance, understand user behaviour, and maintain security.

2.3 Notification of collection

When personal information is collected, Swyftx takes reasonable steps to notify you about the collection, including the purposes for which it is collected, the types of organisations to which it may be disclosed, and how you can access and correct your information. This Privacy Policy serves as Swyftx's primary notification.

2.4 Dealing with unsolicited information

If we receive personal information about you that we did not solicit, we will determine if we could have lawfully collected that information. If we determine that we could not have, and the information is not required by law to be retained, we will take reasonable steps to destroy or de-identify it.

2.5 If you choose not to provide your information

Our ability to provide effective services depends on you providing relevant, complete, and accurate information. If you elect not to provide us with your personal information as and when requested, we may not be able to provide you with our products or services.

3. Use and Disclosure

3.1 How do we use your information?

We will not use or disclose personal information collected by us for any purpose other than:

  • (a)the purposes for which it was provided, or for related purposes that you would reasonably expect; or
  • (b)where you have consented to such disclosure; or
  • (c)where the Australian Privacy Principles authorise use or disclosure where required or authorised under law, in circumstances relating to public health and safety and in connection with certain operations by or on behalf of an enforcement body.

We use your personal information for purposes necessary for our functions and activities, including:

  • (a)Serving you as a customer: We use your information to deliver our products and services, including to assess and process your applications for products and services; administer and manage existing products or services you have with us; manage our relationship with you or your business; improve our service to you and your experience with us; communicate with you or your representatives about our products and services; and let you know about other products and services that may be of interest to you.
  • (b)Improving our business: We use your information to improve the products and services we provide, through activities, such as reviewing customer feedback and assessing how you use our products and services; testing and validating the effectiveness of products, services and system enhancements; and monitoring and reviewing call recordings, online chats and other business activity for quality assurance, training and compliance purposes.
  • (c)Managing our operations: We use your information to manage our operations, including to deliver our products and services; make and manage customer payments and transactions; manage fees and charges due on your products and services; collect and recover money that is owed to us; and respond to complaints and seek to resolve them.
  • (d)Managing security, risk and crime prevention: We use your information to prevent, detect and investigate suspicious or fraudulent activities; support the management of our information security and network controls to prevent cyber-attacks, unauthorised access and other criminal or malicious activities; and meet our legal obligations and for the legitimate purposes of preventing, detecting, responding to and investigating fraudulent activities and other crimes, protecting the security of our network and systems, and for the purpose of legal claims and actions.
  • (e)To comply with the law: Where required, we use your personal information to comply with the law, including our regulatory obligations, including to confirm your identity; share relevant information with law enforcement agencies, tax authorities and other regulatory bodies; screen applications and monitor accounts to identify criminal activity such as fraud, terrorist financing, bribery, corruption and money laundering; and investigate financial crime.
  • (f)Performing analytical activities: We use your information to run our business efficiently and effectively. This includes performing analytic activities to help us manage our financial position, business capability and planning, testing systems and processes, as well as managing communications, corporate governance, and audit.
  • (g)Providing de-identified information to other organisations: We may de-identify your personal information, such as transaction information, to provide insights and analytics and share de-identified information with other organisations.
  • (h)Sales or acquisitions: We use your personal information to support changes to our products or services. For example, we may sell, transfer, or merge parts of our business, or our assets, including products or services; and stop providing a particular product or service.
  • (i)Outsourced functions: We use your information when we outsource certain functions, including paraplanning, telemarketing, bulk mailing, market research, and information technology support. We also seek external help to improve our systems, products, and services.
  • (j)Direct marketing: We use your personal information to tell you about products and services we believe may be of interest and value to you, in accordance with section 7 of this Privacy Policy.

3.2 Who do we share your information with?

To perform the functions and activities described in section 3.1, we may share your information with third parties or where the law otherwise requires us to. These groups include:

  • (a)Related Entities of Swyftx: We may share information with our related entities in order to facilitate our and their internal business processes.
  • (b)Authorised third parties: We may share information with third parties where you have authorised us to do so or where we are legally required. They include: third parties that you have authorised to act for you (such as accountants, legal representatives, agents, financial advisors, or a person with Power of Attorney); and third parties authorised by a court in relation to your or your company's affairs (such as a bankruptcy trustee or liquidators). This also includes other persons acting on your behalf, such as your executor, administrator, trustee, or guardian.
  • (c)Third parties that can verify your information: This includes organisations that can verify information that you have supplied when applying for a product or service, including: other banks and financial institutions that you may have products and services with; and commercially available third-party databases.
  • (d)Service partners: We may share your information with our service partners, external service providers and other organisations. These include organisations that we partner with to supply products and services such as financial institutions, merchants, payment organisations and product providers that manage financial products; external service providers that we engage to do some of our work for us, for example legal service providers, organisations involved in maintaining, reviewing, upgrading and developing our computer and business systems and cloud service providers; trusted third-parties to analyse and organise collected site usage data on our behalf; organisations involved in our funding arrangements (like investors and advisers) or in a corporate re-organisation or involved in a transfer of all or part of the assets or business of our organisation; auditors, insurers and re-insurers; organisations that assist in the identification, investigation or prevention of fraud or other misconduct.
  • (e)Strategic referral partners: We may share your information with external parties with whom we have entered into arrangements to enable you to inquire about the services or products they offer.
  • (f)Government and law enforcement agencies: We may share your information with regulatory bodies, government agencies, and law enforcement bodies to comply with our legislative or regulatory obligations in any of the jurisdictions where we operate.

4. Identity Verification & Government-Related Identifiers

4.1 Know Your Customer (KYC) and Customer Due Diligence (CDD)

As a digital currency exchange provider, Swyftx is designated as a 'reporting entity' under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). This designation imposes legal obligations to verify and confirm your identity (known as KYC and CDD) before Swyftx can provide any designated services, and at certain other times in the course of us providing services. These procedures are fundamental to Swyftx's commitment to identify, mitigate, and manage the risks of money laundering and terrorism financing. Any government-related identifiers obtained for the purposes of identification, such as document numbers on passports, driver's licenses, and Medicare cards, will be used or disclosed only for the following purposes:

  • (a)as required or authorised by or under an Australian law or a court/tribunal order; or
  • (b)where reasonably necessary for Swyftx to fulfil its obligations to an Agency or an Australian State or Territory Authority; or
  • (c)where reasonably necessary for Swyftx to verify the identity of the individual for the purposes of Swyftx's compliance obligations, functions or activities.

4.2 Use of Document Verification Service

To meet our legal obligations, Swyftx uses the Australian Government's Document Verification Service (DVS) to verify your identity. The DVS allows for the validation of government-issued identity documents (e.g., passports, driver's licences) by comparing provided details against the records held by the respective Australian government issuing authority. This is a component of Swyftx's electronic identity verification processes. The DVS checks the details you provide against the records of the document's issuing agency and provides a 'match' or 'no match' response. You have the right to know how your information is collected and used for this purpose. If you decline to have your identity verified through this process, we will be unable to provide you with our services. For information about making a complaint regarding our handling of your information for this purpose, please see section 9 of this policy. You can find further details on the DVS from the Department of Home Affairs.

5. Overseas Disclosure

5.1 Sending your information overseas

Swyftx operates in a global digital environment, and the disclosure of personal information to overseas recipients may be necessary for us to provide services. This may occur for purposes such as:

  • (a)data storage where service providers or third parties who store data operate outside Australia (for example, we may use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside Australia);
  • (b)completing international transactions, such as currency exchanges;
  • (c)to organisations we partner with to provide products and services; and
  • (d)compliance with laws and help government or law enforcement agencies.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information. These measures may include:

  • (a)entering into agreements with overseas recipients that require them to protect your priacy in a way that meets Australian privacy standards;
  • (b)assessing the privacy laws and data security practices of the countries where the recipients are located; and/or
  • (c)ensuring the recipient is subject to a law or binding scheme that has the effect of protecting the information in a way that is substantially similar to the APPs.

Personal information will only be disclosed to overseas recipients with your consent, where legally authorised (e.g., by a court order or international treaty), or when required by an international treaty or convention.

5.2 Location of overseas recipients

You may request an up-to-date list of the countries where information may be shared by contacting the Privacy Officer.

6. Data Security and Quality

6.1 Quality of personal information

Swyftx takes reasonable steps to ensure that the personal information it collects, uses, and discloses is accurate, up-to-date, complete, relevant, and not misleading. We encourage you to assist Swyftx in maintaining the accuracy of your information by updating your details promptly when they change.

6.2 Security of personal information

We store your information on secure systems and primarily in electronic form. We take reasonable measures to ensure that your personal information is stored safely to protect it from misuse, loss, unauthorised access, modification, or disclosure, including electronic and physical security measures. This includes maintaining an Information Security Management System aligned and certified against the International Standards Organisation's ISO/IEC 27001:2022.

6.3 Data retention and destruction

Personal information is retained for as long as necessary to fulfil the specific purposes for which it was collected, or as required by law.

When personal information is no longer needed for these purposes, or when legal retention periods expire, we take reasonable steps to destroy or permanently de-identify the information securely.

7. Direct marketing

7.1 Marketing communications

Personal information (excluding sensitive information, unless specific consent has been obtained) may be used to offer you other products, services, promotions, or other communications that Swyftx believes may be of interest, including those of its related entities or trusted partners. Communication may occur via various methods, including email, SMS, notifications, mail, telephone, social media, or other electronic messages.

7.2 Opting out of marketing communications

You will always be provided with a clear opportunity to opt out of receiving direct marketing communications from Swyftx. This right can typically be exercised by utilising the "unsubscribe" facility provided in emails or text messages of that specific channel, by updating communication preferences within the Swyftx account settings, or by contacting the Privacy Officer directly.

Where you opt out of marketing communications, essential service-related messages (e.g., security alerts, account statements, terms or policy updates) that are necessary for the operation of the account and services may still be sent. Swyftx does not disclose personal information to external entities for the purpose of allowing them to direct market their products or services.

8. Accessing and Correction of Personal Information

8.1 Accessing your information

You have a right to request access to the personal information we hold about you.

To request access, you must contact Swyftx's Privacy Officer using the details provided in section 11. We will respond to requests within a reasonable timeframe (typically within 30 days) and provide access in the manner requested, where it is reasonable and practicable to do so.

In some circumstances, access may be refused where permitted or required by law (e.g., if providing access would pose a serious threat to life, health, or safety, would have an unreasonable impact on the privacy of others, or is subject to legal professional privilege). If access is refused, a written explanation for the decision will be provided.

8.2 Correction of personal information

If you believe that any personal information held by us about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you have a right to request its correction. To request a correction, you should contact the Privacy Officer. We will take reasonable steps to correct the information or, if we do not agree with the request, a written explanation for the refusal will be provided, along with a statement that you believe the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

9. Complaints

9.1 Internal complaint resolution

If you have a complaint about how we have handled your personal information, please contact Swyftx's Privacy Officer in the first instance.

We take all complaints seriously and will endeavour to resolve the complaint and communicate our decision within a reasonable timeframe (typically within 30 days).

9.2 External Complaint Bodies

If you are not satisfied with our response or the outcome of your complaint, you may contact the Office of the Australian Information Commissioner (OAIC). The OAIC is the independent national regulator for privacy and freedom of information and can investigate complaints about the handling of personal information. The OAIC can be contacted via their website at www.oaic.gov.au or by phone on 1300 363 992.

10. Updates to this Policy

This Privacy Policy may be updated periodically to reflect changes in Swyftx's practices, legal obligations, or the evolving regulatory environment. Any changes will be effective immediately upon publication on the Swyftx website or platform. Continued use of Swyftx's services after any changes indicates acceptance of the updated Privacy Policy.

11. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or the handling of personal information, please contact Swyftx's Privacy Officer at:

Privacy Officer
Swyftx Pty Ltd
Email: [email protected]