The EU Single Rulebook (AMLAR) becomes law in 400 days. Is your compliance program ready?

Legal

Privacy policy

Privacy Policy

**Instant Compliance Pty Ltd** ("InstantCompliance", "we" and "us") is the provider of a software platform designed to assist businesses with their Customer Due Diligence (CDD) and AML/CTF (Anti-Money Laundering and Counter-Terrorism Financing) workflows. We provide the technological infrastructure that allows our customers ("Clients") to collect data and verify the identities of their customers ("Customers") in accordance with Applicable Laws.

This privacy policy ("Policy") sets out how we collect, use, disclose and protect the Personal Information of:

A. Customers (see Section A); and

B. Clients, website visitors, and others (see Section B),

(together, "you" and "your").

In this Policy:

  • "**Personal Information**" means any information about an identifiable individual, or an individual who is reasonably identifiable, and includes any data that can be used to identify or contact a single person.
  • "**Service Providers**" means the third party service providers we procure services from (such as identity verification databases), together with our business and analytics partners.

    • InstantCompliance is an Australian Privacy Principle (APP) entity, as defined by the Privacy Act 1988 (Cth) (Privacy Act), and as such is committed to handling personal information in accordance with applicable privacy laws.

    We may update this Policy from time to time, and any changes will be published directly to our website and will be effective from the date of publication.

    Our Company-Wide Commitment to Your Privacy

    Providing secure technological infrastructure for AML/CTF compliance management is InstantCompliance's business. Handling all your Personal Information securely and in accordance with the APPs is essential to that business.

    Every InstantCompliance employee undertakes mandatory training in the identification and handling of personal information as part of their onboarding process. Protection of personal information is discussed regularly in team and company-wide meetings, and considered when making any business decision.

    Our Clients are contractually required to comply with the requirements of the Privacy Act, to comply with the security requirements of any Service Providers, and to protect all the Personal Information they receive through our platform.

    Retrieval Process

    InstantCompliance generally collects Personal Information under four scenarios:

    1. From our Clients (current and potential) and their staff, we receive information necessary to set up and manage their contracts and provide software services to them.

    2. From Clients we receive contact details for a Customer to facilitate the data collection process via our software.

    3. From Customers we receive their Personal Information during the data collection and verification process facilitated by our platform.

    4. From Clients and Customers we receive Customers' Personal Information contained in documents uploaded to our platform for 'know your customer' (KYC) processes.

    If a Client has directed you to use our software for a CDD check, they do so because it is a legal requirement that they must complete prior to performing a service for you. They cannot perform that service without collecting your Personal Information. If you have any concerns or questions regarding why this data is being collected or how the Client will use it to make compliance decisions, you should contact the Client directly.

    Section A: Customer

    If you're dealing with us as a Customer, we might request and handle your Personal Information in two circumstances:

    1. For your current provider: We have received a request from, and are providing software services to, a specific financial institution, law firm, accounting firm, real estate agent, or any other service you've hired, which are legally required to collect identity data to complete their service ("Current Provider").

    2. For future providers: In limited circumstances allowed by Applicable Laws, and only if you or your authorised person approves, we can also hold your personal information securely within our platform for future use by a service provider ("Future Provider").

    When we're handling your personal information for a Current Provider, we are doing it as a technology provider facilitating their data collection process. In these cases, the Current Provider remains the primary data controller. Any questions or requests about your personal information in this circumstance should be directed to that Current Provider, and they will instruct us if necessary via our platform tools.

    When we're handling your personal information for potential Future Providers, we are doing it on your behalf and this policy does apply.

    *Note: By virtue of you visiting our website, parts of Section B (below) may also apply to you.*

    1. Information we collect and disclose

    When we are managing your personal information during the Retrieval Process we request and collect it from you directly and your Current Providers, and then may share it, when necessary, with:

  • Your Current Provider;
  • Our Service Providers (e.g., identity verification databases); and
  • Future Providers (subject to regulatory requirements and your authorisation)

    • This includes the following types of personal information (the "Retrieved Information"):

    CategoryInformation we Collect
    Customer Contact InformationFirst and last name, Email, Address
    Biometric InformationFaceprints (and facial mapping and scans of digitised images)
    Sensory InformationPhotos, videos or recordings of you and your environment
    Unique IdentifiersUnique Device ID, IP Address, Identification number (such as Passport or Drivers Licence number)
    Demographic InformationAge / date of birth contained on your identification documents, Nationality indicated on your identification documents, Sex indicated on your identification documents
    Geographic InformationGeographic location

    2. How long we retain information

    We aim to keep your information for only as long as it is legally required for your Current Provider to maintain their audit trails, or for as long as you request it for Future Providers.

    Please note that certain photographic evidence (such as images of ID documents) may be automatically purged from our active databases after a short period (e.g., 7 days) in accordance with our data minimization policies, while cryptographic audit trails confirming the verification event are retained for the Client's compliance records.

    Factors that may influence how long we retain your data include fulfilling our legal or regulatory obligations, responding to a question or complaint, or being unable to delete the data for technical reasons.

    3. How we use and share your Personal Information

    InstantCompliance collects, uses and holds your Personal Information so that we can provide the technological infrastructure for our Client to conduct their required CDD checks. We may also use it for specific purposes that you have consented to. In general, we use your information to minimise risks and protect against fraud, misuse or loss of data, and to improve our software services. We may also use it to comply with laws, obligations or provide assistance to regulatory, government and law enforcement authorities.

    InstantCompliance shares your Personal Information with the requesting Client via our platform to enable them to meet their legal obligations and make their own compliance decisions. We may share limited Personal Information to identify you or your CDD so that we may respond to a Client's technical enquiry about your data file.

    If compelled by law, we may disclose your information in response to a subpoena, court order, or a request for cooperation from a law enforcement or government agency. We may also disclose information when we believe it is appropriate to investigate illegal activity, suspected fraud, or to protect the rights, property, or safety of our company, users, and employees. In the event of a reorganisation, merger, or sale of InstantCompliance, we may transfer any and all Personal Information we collect to the relevant third party.

    4. Security and storage

    InstantCompliance implements a comprehensive array of physical, technical, organisational, and administrative security measures to protect the Personal Information we hold from unauthorised access, use, and disclosure.

    The servers used for storing Customer data, which may include Personal Information, are operated by Amazon Web Services and are located in Sydney, Australia. These data centres are certified to SOC 1, SOC 2, and ISO 27001 standards, ensuring robust security protocols.

    Data held on our servers is encrypted both in transit (when being sent to and from our servers) and at rest (when stored). Specifically, 256-bit SSL/TLS encryption is employed to protect data in transit, while 256-bit AES encryption safeguards data at rest.

    5. Accessing, correcting, erasing and your other rights

    You are entitled to know and confirm the accuracy of all your Personal Information recorded by InstantCompliance, and all such requests will be addressed free of charge. However, Personal Information collected for a CDD check is held within the platform on behalf of the Client who requested the data collection, and any requests in relation to modifying or deleting this information must be directed to the Client, as they have legal record-keeping obligations.

    Correction of Personal Information may not be possible once a CDD data collection event is completed as this information has been logged to verify your identity at a specific point in time in accordance with Applicable Laws and needs to be retained by the Client to support their audit trail.

    If we cannot correct Personal Information as requested, InstantCompliance will respond in written form as to the reasons for denial of the correction along with the appropriate avenue for complaint.

    Section B: Clients, website visitors and others

    1. Personal Information we collect

    When you visit our website, InstantCompliance gathers information that doesn't directly identify you. This can include things like your job, language, postcode, area code, unique device ID, location, IP address, and the time zone. We might collect information about what Clients do on our website and with our software products and services.

    1.1 Information Collected Directly

    We might collect some Personal Information directly from you, such as your name, email, and professional title when you contact us or sign up for our software services.

    1.2 Information Collected Automatically

    When you visit our website, we might automatically collect some Personal Information, such as your IP address, device type, and browser attributes.

    1.3 Cookies and Other Technologies

    InstantCompliance's website, online services, and email messages may use "cookies" and other technologies. These technologies help us better understand user behaviour and improve the effectiveness of our software. You can disable cookies in your browser settings, but please note that certain features of the InstantCompliance website may not be available.

    2. How we use and share your Personal Information

    We only handle your Personal Information if we have a good reason under the law. Generally, here are our main reasons:

  • **Because of a contract:** We need your Personal Information to do what we've agreed to do for you, like providing access to our software platform.
  • **Our legitimate interests:** We might use your Personal Information for our legitimate business reasons, such as improving our software, marketing, and keeping our platform secure.
  • **With your consent:** Sometimes, we'll use your Personal Information because you've clearly provided your consent.
  • **Legal requirement:** We might need to use your Personal Information to follow a legal rule or if it's for something that benefits the public.

    • We will not sell your Personal Information. We may share it with government or regulatory bodies if the law requires it, or with anyone else you authorise us to.

    3. Accessing, correcting, erasing and your other rights

    You can get in touch with us anytime to see your personal information and ask us to:

  • Fix or add to it.
  • Delete it.
  • Take back your permission.
  • Get more information or a copy.
  • Limit how we use or share it.
  • Stop marketing messages by using the "unsubscribe" link in our emails or contacting us at **help@instantcompliance.ai**.

    • Before you can do any of these things, we'll need to check who you are. We'll deal with your request as quickly as we can, following the privacy laws.

    Contact & Complaints

    If you have any questions, concerns or would like to make a complaint about any of our data handling practices, please contact us by:

  • **Email:** help@instantcompliance.ai
  • **Address:** 1301/242 Elizabeth St, Surry Hills, NSW, 2010, Australia

    • We aim to respond to your dispute within 30 days. We take all complaints seriously and are committed to a quick and fair resolution.

    If you are not satisfied with how we deal with your query or complaint, you may contact the Office of the Australian Information Commissioner (OAIC) by visiting their website at www.oaic.gov.au.

    **Instant Compliance Pty Ltd**

    **ACN:** 111 744 668

    *This policy was last updated on 29 May 2026.*