Legal

Last updated: 13 November 2025

1. Introduction

Portfolio App Pty Ltd ACN 688794247 (“Portfolio”, “we”, “us”, or “our”) operates:

  • our website at www.downloadportfolio.au (and any related domains), and

  • our mobile applications listed on the Apple App Store™ and Google Play™ (together, the “Portfolio Services”).

These Terms of Use (“Terms”) apply to your access to and use of the Portfolio Services.

Portfolio is a personal financial management platform designed to help you understand, track, and improve your financial position. Our Services allow you to:

  • connect and view your financial accounts in one place,

  • track assets, liabilities, spending, and overall net worth,

  • view insights, reports, and personalised information based on your financial data

  • access Portfolio Assist, our AI-powered financial companion that provides general insights, educational explanations, data-driven observations, and personalised suggestions based on your financial information.

Portfolio Assist uses artificial intelligence to analyse your financial activity and present general guidance to help you better understand your money. Portfolio Assist does not provide financial advice, personal recommendations, credit assistance, or tax/legal advice. Its suggestions are factual, educational, and general in nature.

Portfolio provides general information only. We are not a financial adviser, tax agent, or accountant, and we do not provide financial product advice, personal recommendations, or credit assistance. Any information we present is factual, general in nature, and is designed to help you better understand your own financial circumstances. You are responsible for assessing whether any information displayed through the Portfolio Services is appropriate for your personal situation.

If you require financial, legal, credit, or taxation advice, you should seek independent professional advice before making decisions based on information displayed in the Portfolio

2. Legal Basis & Governing Laws

Portfolio manages your personal information in accordance with Australian law and industry regulations, including:

  • the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)

  • the Consumer Data Right (CDR) legislation and Rules, where applicable

  • other relevant laws governing financial data, electronic communications, and data security in Australia

Portfolio enables certain Open Banking functionality through its accredited open banking partner, Fiskil Pty Ltd, which is an Accredited Data Recipient (ADR) under the Consumer Data Right regime.
Where you choose to connect your bank accounts using Open Banking, the collection, sharing, and management of your CDR data is handled in accordance with Fiskil’s accreditation obligations and the CDR Rules.

This policy applies to all personal information that Portfolio collects, uses, stores, or discloses when providing our Services.

3. What Information We Collect

Portfolio may collect and hold the following types of information to provide and improve our Services:

  • Identification Information: such as your name, date of birth, contact details (address, email, phone), and government ID documents for verification purposes.

  • Account / Credentials: including username, password, and multi-factor authentication settings.

  • Financial / Transaction Data: bank account balances and transaction history, accessed read-only via CDR feeds.

  • Usage & Technical Data: IP address, device identifiers, browser type, operating system, timestamps, pages visited, and session logs.

  • Marketing / Preferences: your preferences, opt-in or opt-out settings, and subscription choices.

Important: Portfolio currently does not initiate payments or move funds. Any financial data accessed through CDR feeds is read-only and used solely for analysis, reporting, and personal wealth tracking, with your explicit consent.4. How We Collect Information

4. How We Collect Information

  1. Directly from you: When you register, fill in forms, submit identity verification, or communicate with us.

  2. Automatically / Implicitly: Through the use of our website, apps, and APIs (e.g., usage logs, analytics).

  3. From Third Parties: With your consent, from financial institutions or data aggregators, or from public records if legally permitted.

5. Use & Disclosure of Information

We may use or disclose your personal information for purposes including:

  • Providing, maintaining, and improving the Services

  • Identity verification, fraud detection, risk management

  • Communicating service announcements and updates

  • Meeting legal or regulatory obligations, including CDR Rules

  • Enforcing our rights, or as required by law

We do not sell your personal information to third parties.

6. Overseas / Cross-Border Data Transfers

If your data is stored or processed overseas, we ensure that appropriate protections are in place, such as contractual obligations and encryption.

7. Cookies & Tracking Technologies

We may use cookies, web beacons, and similar technologies to enhance functionality, analyze usage, and deliver content. You can manage or disable cookies via your browser, noting that some features may be limited.

8. Data Security

Portfolio adopts robust technical and organizational measures to protect your data. Our app is developed using Convex, a secure backend platform, and benefits from their enterprise-grade security practices:

  • Encryption: All customer data (databases, files, search indexes) is encrypted at rest using industry-standard 256-bit AES. Data in transit is protected using TLS and SSH.

  • Database Isolation & Credentials: Each database is isolated and secured with unique, randomly generated credentials.

  • Access Controls: Production access is limited to authorized personnel, with audited access control management.

  • Multi-Factor Authentication (MFA): Critical internal systems use MFA for enhanced account security.

  • Data Visibility: No customer project data is publicly accessible unless explicitly exposed by Portfolio.

  • Vulnerability Management: Convex employs automated vulnerability scanning, intrusion detection, and annual third-party penetration testing.

  • Third-Party Compliance: Convex’s platform and third-party systems are audited for SOC 2 Type II compliance.

  • Hosting: Convex is hosted on AWS, which complies with SOC 2 Type II, ISO 9001, GDPR, HIPAA, and other standards.

Read-Only Financial Access: Any financial data accessed via CDR feeds is strictly read-only, cannot initiate transactions, and is only used with your explicit consent for reporting and analysis.

9. Retention & Deletion

We retain personal data only as long as necessary for service delivery, legal obligations, or legitimate business purposes. Data no longer required is securely deleted or anonymized.

10. Your Rights & Choices

Under Australian law, you may:

  • Access your personal information

  • Correct or update your data

  • Request deletion, where permitted by law

  • Withdraw consent for collection or processing

  • Object to direct marketing communications

Requests can be made via the contact details below.

11. Account Deletion / Anonymity

You may delete or deactivate your account at any time. Upon deletion, personal data will be removed or anonymized, except where retention is required by law.

12. Notifiable Data Breaches & Incident Response

Portfolio maintains an incident response plan. In case of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme.

13. Complaints & Dispute Resolution

You may submit complaints about privacy handling via the contact details below. If unresolved, you may escalate to the OAIC or other relevant regulators.

14. Complaints & Dispute Resolution

  • You may submit complaints about our privacy handling via the contact details below

  • We will aim to resolve complaints promptly (e.g. within specified business days)

  • If unresolved, you may escalate to relevant regulatory bodies (e.g. OAIC, or local privacy commissioner)

15. Contact Information

If you want to exercise your rights, raise a complaint, or ask questions about this policy, contact:

Privacy / Security Officer
Email: admin@portfolio.com
Phone: 0403 001 633
Address: 33 Marmion Parade, Taringa QLD 4068

16. Changes to This Policy

We reserve the right to amend this policy from time to time. The changes become effective when posted with an updated “Last updated” date. Your continued use of our Services after changes indicates your acceptance.