Skip to content

Privacy policy

Swyftx Privacy Policy

We value your trust and are committed to being upfront about our personal information handling practices.

Print Page

Last updated: 17 June 2026
Effective date: 17 June 2026

Recent changes to this Policy

We've made some key changes to this Policy to remain transparent about our personal information handling practices. These changes include:

  • Revised our collection and purposes to reflect new products and services, and updated laws applicable to us;
  • Provided further clarity on how we deal with privacy rights requests and complaints made to us; and
  • Minor changes to enhance the Policy's structure, clarity, and transparency.

These changes will become effective on 17 June 2026. For any questions, refer to our Contact Us section below.

1. About this Policy

Subject to section 1.1, this Policy covers how Swyftx Pty Ltd (ABN 72 623 556 730) and our related bodies corporate ("Swyftx", "our", "us" or "we") collect personal information and why, how we handle it, and the rights and choices available to you.

1.1 Related policies

For individuals that interact and engage with Caleb and Brown Holdings Pty Ltd (ABN 34 651 147 152) and its wholly owned subsidiaries, please refer to their Privacy Policy available here.

For individuals that interact and engage with EC Advantage (Pty) Ltd t/a Easy Crypto (RN 2021/893536/07), please refer to their Privacy Policy available here.

Our Credit Reporting Policy sets out how we collect and handle credit-related information when you apply for credit through us and should be read in conjunction with this Policy.

1.2 Definitions

"Personal information" under this Policy refers to information or an opinion about an individual, where that individual is identified or reasonably identifiable, and as defined under applicable privacy laws.

"Handles" refers to the collection, use, disclosure, holding, or otherwise processing of personal information.

2. Collection and Method

2.1 What personal information do we collect?

Swyftx collects different types of personal information, including to provide and deliver our products and services. We may collect the following types of personal information from you, depending on the product or services offered to you or your interactions with us.

  • Personal and contact details: Your name, residential address, email address, phone number, and date of birth.
  • Identity information and documents, including from Australian and New Zealand government sources: Your Tax File Number/IRD Number and country of tax residency; Medicare card, Australian or New Zealand passport, driver licence, proof of age/photo ID card, or pension card details; and citizenship, birth, death and marriage certificates.
  • Foreign government identifiers and identity documents: Foreign government identity documents and identifiers such as your tax identification number and country of tax residency; foreign passport and driver's licence; and immigration documents, when foreign passports are supplied.
  • Financial information: Details of your employment, income, assets, financial liabilities and other evidence relating to the source of your wealth or funds; and copies of bank statements and other statements from other financial institutions and government bodies. This may also include details of your financial needs and objectives, any financial hardship, investment preferences, past investment experience, and your level of risk tolerance.
  • Transaction information: Information about transactions that you have made using our products and services.
  • Socio-demographic information: Your marital status, age, gender, occupation and nationality.
  • Interaction information: Details of your interactions with us, such as when you have a phone call with us, use our online services, make an enquiry, provide feedback, or make a complaint.
  • Digital information: Information collected when you use our online services, including location data (if enabled), IP address, source port, device/browser details (mobile and tablet), and internet/mobile network provider. We do not link this technical data to you unless we reasonably believe it is necessary for fraud detection or security purposes. We may also collect information using technologies like cookies and other tracking tools for platform performance, user behaviour analysis, and security. Cookies are small pieces of information sent to your browser and stored on your device's hard drive that allow websites to operate more efficiently and improve your browsing experience. We may deploy third party tracking technologies, including tracking pixels, which collect information about user activity when a webpage loads. These technologies are configured to collect only the minimum personal information necessary and are used to analyse website traffic, measure advertising campaign success, and deliver targeted advertising on third party platforms in accordance with this Policy. If you access our social media pages, we may collect your user ID/name, permitted shared information (e.g., profile picture), and any disclosed content related to that service.
  • Behavioural information: Information that is generated from how you use our products and services, including interactions, use, habits, mouse movements, clicks, text entered, pages viewed and other behaviours when dealing with us, our website, other platforms (whether embedded in our website or otherwise), and our services.
  • Call recordings: We may monitor and record calls between you and Swyftx. We will notify you when this occurs.
  • Sensitive information: Personal information that includes information relating to your racial or ethnic origin, criminal history, biometric information, or political affiliation. We may collect your sensitive information with your consent, or where otherwise required, authorised or permitted by law or a court/tribunal order.
  • Publicly available information: Information that is in the public domain, such as from online forums, websites, Facebook, X (formerly Twitter), YouTube or other social media (for example, if you use social media to make a complaint); and public registers (e.g., those kept by the Australian Securities and Investments Commission).
  • Information relating to a crypto-backed credit loan application and account: Together with credit-related information outlined in our Credit Reporting Policy, we may collect and handle the following categories of information: information and evidence of your financial and personal standing and loan intentions and nominated and verified bank account details. If your crypto-backed credit loan is approved, we also collect and handle transaction information sourced from the Principal Credit Provider.
  • Other information: Includes details of any professional advisers you engage with, estate planning details, employment history, and your agreement to grant access to a spouse or partner's information in connection with your Swyftx account.

2.2 How do we collect your personal information?

We may collect and handle personal information, including the kinds of personal information detailed in section 2.1 above, in the following ways:

  • Directly from you, including through use of our products and services: We collect information directly from you when you register for an account, use Swyftx or third party integrated services and products, complete online forms, participate in surveys or competitions, communicate with us via phone, email, live chat, or social media, or interact with customer support.
  • From third parties:
    • Identity verification services: Swyftx engages third party identity verification providers to confirm your identity and comply with regulatory obligations. This may include verification against records held by regulatory bodies where applicable, such as the Australian Securities and Investments Commission or Australian Taxation Office for Australian companies, trusts, or registered co-operatives.
    • Financial institutions: Information may be received from banks, payment processors, or other financial institutions involved in your transactions with Swyftx, primarily for transaction processing, fraud prevention, and compliance.
    • Public sources: Information may be collected from publicly available government registers, commercial databases, or open-source intelligence, where relevant and permissible by law for compliance or due diligence purposes.
    • Referral partners: if you are referred to Swyftx by a third party, that party may provide basic contact information.
    • Other entities with consent: We may seek your express permission to collect information from other entities, such as product providers, accountants, or solicitors.
  • Through technology: Certain technical data is automatically collected through your interaction with Swyftx's website, mobile applications, and other digital platforms. This includes the use of cookies, web beacons, analytics tools, and server logs to monitor platform performance, understand user behaviour, and maintain security.

2.3 Dealing with unsolicited personal information

If we receive personal information about you that we did not solicit, we will determine if we could have lawfully collected that information. If we determine that we could not have, and the information is not required by law to be retained, we will take reasonable steps to destroy or de-identify it.

2.4 If you choose not to provide your personal information

If you decline to provide us with certain personal information that we believe is necessary for lawful purposes, we may not be able to provide you with our products and services that you have requested from us. Our ability to provide effective services depends on you providing relevant, complete, and accurate information. If you elect not to provide us with your up-to-date personal information as and when requested, we may not be able to provide you or continue to provide you with our products and services.

3. Purposes

3.1 Why do we collect your personal information?

We may collect and handle your personal information in the following circumstances:

  • the purposes for which it was provided, or for related purposes that you would reasonably expect, including as set out below; or
  • where you or an authorised representative has consented; or
  • where otherwise permitted or authorised under applicable laws, including in circumstances relating to public health and safety and in connection with certain operations by or on behalf of an enforcement body.

Personal information is collected and handled for purposes necessary for our functions and activities, including the following:

  • Serving you as a customer: We use your information to deliver our products and services, including to assess and process your applications for products and services; administer and manage existing products or services you have with us; manage our relationship with you or your business; improve our service to you and your experience with us; and communicate with you or your representatives about our products and services.
  • Improving our business: We use your information to improve the products and services we provide, through activities, such as reviewing customer feedback and assessing how you use our products and services; testing and validating the effectiveness of products, services and system enhancements; and monitoring and reviewing call recordings, online chats and other business activity for quality assurance, training and compliance purposes.
  • Managing our operations: We use your information to manage our operations, including to deliver our products and services; make and manage customer payments and transactions; manage fees and charges due on your products and services; collect and recover money that is owed to us; and respond to complaints and seek to resolve them.
  • Managing security, risk and crime prevention: We use your information to take reasonable steps to prevent, detect and investigate suspicious or fraudulent activities; support the management of our information security and network controls to prevent cyber-attacks, unauthorised access and other criminal or malicious activities; and meet our legal obligations and for the legitimate purposes of preventing, detecting, responding to and investigating fraudulent activities and other crimes, protecting the security of our network and systems, and for the purpose of legal claims and actions.
  • To comply with the law: Where required, we use your personal information to comply with the law, including our regulatory obligations, including to confirm your identity; share relevant information with law enforcement agencies, tax authorities and other regulatory bodies; screen applications and monitor accounts to identify criminal activity such as fraud, terrorist financing, bribery, corruption and money laundering and investigate financial crime; and responsible lending requirements in relation to relevant credit products (including under the National Consumer Credit Protection Act 2009 (Cth) and associated regulations), including to complete risk assessments and assess your creditworthiness in our decision making process.
  • Performing analytical activities: We use your information to run our business efficiently and effectively. This includes performing analytic activities to help us manage our financial position, business capability and planning, testing systems and processes, as well as managing communications, corporate governance, and audit.
  • De-identifying your information: We may de-identify your personal information, such as transaction information, to generate insights and analytics. De-identified or aggregated information may be shared with other organisations.
  • Sales or acquisitions: We use your personal information to support changes to our products or services. For example, we may sell, transfer, or merge parts of our business, or our assets, including products or services; and stop providing a particular product or service.
  • Outsourced functions: We use your information when we outsource certain functions, including paraplanning, telemarketing, bulk mailing, market research, and information technology support. We also seek external help to improve our systems, products, and services.
  • Direct marketing: If you are opted in to receive direct marketing, we use your information to offer you personalised communications, including platform updates, promotions, news, insights, and announcements that may interest you. Where permitted, we may send communications regarding our related entities or trusted partners. These communications may be sent via email, SMS, push notifications, mail, telephone, social media, or other channels where permitted. You can manage your subscription preferences or opt out at any time by following the instructions outlined in section 6.2 of this Policy.

3.2 Identity verification and government-related identifiers

3.2.1 Know Your Customer ("KYC") and Customer Due Diligence ("CDD")

As a digital currency exchange provider, Swyftx is designated as a 'reporting entity' under Australia's Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and New Zealand's Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) Act 2009 and their associated rules, regulations and instruments (collectively, "AML/CTF Laws"). This designation imposes legal obligations to verify and confirm your identity (known as KYC and CDD) before Swyftx can provide any designated services, and at certain other times in the course of us providing services. These procedures are fundamental to Swyftx's commitment to identify, mitigate, and manage the risks of money laundering and terrorism financing. Any government-related identifiers obtained for the purposes of identification may be collected, used or disclosed for the following purposes:

  • verifying your identity before providing certain products and services to you or the person you are acting on behalf of and throughout our relationship with you as necessary for compliance purposes;
  • assessing and managing potential money laundering, terrorism financing, proliferation financing risks or related compliance risks associated with the provision of our services;
  • making reports and meeting record keeping obligations required by law under applicable AML/CTF Laws;
  • where reasonably necessary to fulfil obligations to an Agency or an Australian State or Territory Authority; or
  • as otherwise required or authorised by or under an applicable law (including AML/CTF Laws) or a court/tribunal order.

3.2.2 Use of Government Identity Verification Services

To meet our legal obligations, Swyftx uses Australian and New Zealand Government identity verification services as outlined below.

We use the Australian Government's Document Verification Service ("DVS") to verify our Australian customers' identities. The DVS allows for the validation of certain government-issued identity documents (e.g., passports, driver's licences) by comparing provided details against the records held by the respective Australian Government issuing authority. This is a component of Swyftx's electronic identity verification processes. The DVS checks the details you provide against the records of the document's issuing agency and provides a 'match' or 'no match' response. You have the right to know how your information is collected and used for this purpose. If you decline to have your identity verified through this process, we will be unable to provide you with our products and services. For information about making a complaint regarding our handling of your information for this purpose, please see section 6.3 of this Policy. For more information on how your personal information is collected and handled by the Australian Government as part of the DVS, please refer to the Identity Verification Services Privacy Statement.

We use the New Zealand Department of Internal Affairs ("DIA") Identity Verification Services to verify our New Zealand customers' identities. The DIA allows for the validation of certain government-issued documents held by the DIA and other New Zealand external agencies and is managed through the RealMe service. For more information on how your personal information is collected and handled by the DIA as part of this service, please refer to the Identity Verification Service Privacy Statement.

4. Disclosures

4.1 Who do we share your personal information with?

We may disclose personal information to the following types of third parties for purposes described in this Policy and to the extent we are authorised or permitted by law.

  • Related Entities of Swyftx: We may share information with our related entities in order to facilitate our and their internal business processes.
  • Authorised third parties: We may share information with third parties where you have authorised us to do so or where we are legally required. They include: third parties that you have authorised to act for you (such as accountants, legal representatives, agents, financial advisors, or a person with Power of Attorney); and third parties authorised by a court in relation to your or your company's affairs (such as a bankruptcy trustee or liquidators). This also includes other persons acting on your behalf, such as your executor, solicitor, administrator, trustee, or guardian.
  • Third parties that can verify your information: This includes organisations that can verify information that you have supplied when applying for a product or service, including: other banks and financial institutions that you may have products and services with; and commercially available third party databases.
  • Service partners: We may share your information with our service partners, external service providers and other related organisations. These include organisations that we partner with to supply products and services such as financial institutions, credit providers, merchants, payment organisations and product providers that manage financial or credit products; external service providers that we engage to do some of our work for us, for example legal service providers, auditors or accountants, organisations involved in maintaining, reviewing, upgrading and developing our computer and business systems and cloud service providers; trusted third parties to analyse and organise collected site usage data on our behalf; organisations involved in our funding arrangements (like investors and advisers) or in a corporate re-organisation or involved in a transfer of all or part of the assets or business of our organisation; insurers and re-insurers; organisations that assist in the identification, investigation or prevention of fraud or other misconduct.
  • Strategic referral partners: We may share your information with external parties with whom we have entered into arrangements to enable you to inquire about the services or products they offer.
  • Government and law enforcement agencies: We may share your information with regulatory authorities, government agencies or bodies, law enforcement bodies, and courts or tribunals, including to respond to a lawful request for information relating to their enquiries and/or investigations, such as suspected or actual unlawful activity or misconduct; a subpoena or court order; for the establishment, exercise or defence of a legal or equitable claim; or as otherwise required or permitted by applicable laws. For example, we may share your personal information with relevant regulatory supervisors or members of our corporate or designated business groups to meet our obligations under applicable AML/CTF Laws.
  • Transaction parties: companies that we propose or plan to merge with, be acquired by, or that may invest with us, including to enable the assessment or completion of the relevant merger, restructuring, financing, acquisition, divestiture, dissolution, or other corporate change or transfer.

4.2 Overseas Disclosures

In certain circumstances, we may disclose your personal information outside your country of residence to overseas recipients, including for purposes described in this Policy. The countries where we may use, store or transfer personal information include Australia, New Zealand, the United States of America, South Africa, and the Philippines. We take reasonable steps to ensure a lawful transfer mechanism applies, such as entering into binding agreements with third parties to ensure appropriate and comparable safeguards are in place.

5. Personal Information Handling Practices

5.1 Quality

Swyftx takes reasonable steps to ensure that the personal information it collects, uses, and discloses is accurate, up-to-date, complete, relevant, and not misleading. We encourage you to assist Swyftx in maintaining the accuracy of your information by updating your details promptly when they change or when a review of your personal information is requested by us.

5.2 Security

We take reasonable steps to implement technical and organisational measures to ensure that your personal information is stored safely to protect it from misuse, loss, unauthorised access, modification, or disclosure. This includes maintaining an Information Security Management System aligned and certified against the International Standards Organisation's ISO/IEC 27001:2022 standard. Customers are expected to stay vigilant to protect their accounts.

5.3 Retention

We may retain your personal information for as long as necessary for the purposes we initially collected it, including as described in this Policy, and as required by or under an applicable law (including AML/CTF Laws), court or tribunal order, to manage and enforce an agreement with you, to manage legal claims or complaints, and as otherwise permitted or authorised under applicable law. When personal information is no longer required for these purposes, we will take reasonable steps to securely destroy or de-identify your personal information.

6. Your Rights and Choices

6.1 Access to or correction of your personal information

You, or an authorised representative, have the right to request:

  • access to a copy of your personal information we hold about you; or
  • the correction of personal information we hold about you, and notify any relevant third parties of this correction, unless it is impracticable or unlawful to do so.

We may ask you to put your request in writing, and to verify your identity and the identity of your authorised representative, if relevant. We will provide you with an outcome to your request in a reasonable and timely manner. If we are unable to fulfil your request, we will share with you our reasons and the review and complaint mechanisms available to you. You can make a request by reaching out through the contact details set out in section 8 below.

With respect to the correction of your personal information, we may be unable to do so where we believe, for the purposes for which it is held, it is accurate, up to date, complete, relevant, and not misleading. You may ask us to keep an associated statement that you believe the information is inaccurate, out of date, incomplete, irrelevant and/or misleading.

6.2 Manage your marketing subscription preferences

We provide you with a clear opportunity to manage your marketing subscription preferences or to unsubscribe. You can do so by: using the update preferences and unsubscribe facilities provided in a direct marketing communication; updating your preferences within the Swyftx account settings, if you have an account; or by contacting us directly. We may still be required to send you essential service-related messages that are necessary for the operation of your account and services, such as security alerts, account statements, or terms or policy update notifications. Swyftx does not disclose personal information to external entities for the purpose of allowing them to direct market their products or services.

6.3 Make a privacy inquiry or complaint

If you have an inquiry or complaint about how we have handled your personal information, please contact Swyftx's Privacy Team in the first instance. We will respond to requests within a reasonable timeframe and provide our reasons for the outcome of your inquiry or complaint. If you are unsatisfied with the outcome of your inquiry or complaint, you can contact us to discuss your concerns.

Swyftx is a member of the Australian Financial Complaints Authority ("AFCA"). AFCA offers a free external dispute resolution service for individuals in Australia who are unable to resolve an issue with a covered entity directly. AFCA will generally ask if you have tried to resolve the issue with us first. You can visit their website (https://www.afca.org.au/) to find their contact details or further information relating to their processes. You also have the right to make a complaint about us to the Office of the Australian Information Commissioner. You can visit their website (https://www.oaic.gov.au) to find their contact details or further information relating to Australian privacy legislation. For New Zealand residents, you also have the right to make a complaint to the Office of the Privacy Commissioner. You can visit their website to find their contact details or further information relating to New Zealand privacy legislation (https://www.privacy.org.nz).

7. Updates to this Policy

We reserve the right to change this Policy from time to time, as may be required to keep it accurate and up to date. We will take reasonable steps to notify known individuals covered by this Policy of material changes through available communication channels. The revised Policy will be effective on the "Effective Date" listed above.

8. Contact Us

For any inquiries, requests, or complaints relating to this Policy, please contact the Swyftx Privacy Team at [email protected].