Privacy Policy

My Family Officer ("we", "us", "our") is committed to protecting the privacy of personal information we collect and hold. This policy sets out how we collect, use, disclose, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to all users of the My Family Officer platform, including workspace owners, members, and beneficiary portal users.

We may collect the following kinds of personal information:

• Identity information: name, date of birth, gender, marital status
• Contact information: email address, phone number, residential and postal addresses
• Tax information: Tax File Number (TFN), tax residency status
• Financial information: employment details, income, investment holdings, transaction history
• Authentication data: OAuth provider identifiers (Google, Microsoft)
• Device information: companion app device registrations, WebAuthn credentials
• Documents: uploaded files such as trade confirmations, governance documents, identification documents

We collect personal information:

• Directly from you when you create an account, add entities, or enter data into forms
• From uploaded documents (trade confirmations, identification, financial statements)
• From third-party data providers with your consent (e.g., open banking via CDR/Basiq, market data via Yahoo Finance)
• From your authentication provider (Google or Microsoft) when you sign in
• Automatically from your use of the platform (activity logs, AI usage records)

We collect and use your personal information for the following purposes:

• Providing and operating the investment management platform
• Managing your portfolio, transactions, and financial records
• Tax reporting, compliance, and SMSF administration
• Generating AI-powered analysis, reports, and insights
• Governance document management and digital signing
• Beneficiary portal access and distribution reporting
• Account administration and user support
• Platform security, fraud prevention, and audit logging

If you choose not to provide certain personal information, some features of the platform may not be available to you. For example, without a TFN, tax-related reports and compliance checks cannot be generated.

We may disclose your personal information to:

• AI service providers: We use third-party AI providers (including OpenAI, Anthropic, and Google) to power document extraction, investment analysis, and other AI features. Personal information included in documents or queries may be transmitted to these providers for processing. These providers are contractually bound to use data only for providing their services.
• Open banking providers: If you connect bank accounts via CDR (Consumer Data Right), account and transaction data is exchanged with accredited data recipients (e.g., Basiq).
• Email delivery services: Report delivery and notifications may be sent via third-party email services (e.g., Amazon SES).
• Workspace members: Personal information you enter is visible to other members of your workspace based on their access role.
• Beneficiaries: Distribution and tax data is shared with beneficiaries via the beneficiary portal as configured by the workspace owner.

We take reasonable steps to protect your personal information, including:

• Encryption of sensitive fields (TFN, phone) at rest using AES-256-GCM
• TLS encryption for all data in transit
• Workspace-scoped data isolation (multi-tenant architecture)
• Role-based access control (Owner, Editor, Viewer roles)
• OAuth-based authentication via trusted identity providers
• Rate limiting and lockout protections on authentication endpoints
• Audit logging of significant actions

You have the right to request access to the personal information we hold about you, and to request corrections if that information is inaccurate, incomplete, or out of date.

Workspace owners and editors can view and update personal information directly through the platform. Beneficiary portal users can view their distribution and tax data.

To request access to or correction of your personal information, or to make a privacy complaint, please contact the workspace owner who manages your data, or contact us at the details below.

We retain personal information for as long as your account is active or as needed to provide services. Financial records may be retained for the periods required by Australian tax and corporate law (generally 5-7 years).

Workspace owners can delete entities, assets, and financial events through the platform. Deleted records are soft-deleted (retained but hidden) and can be permanently purged via the Data Hygiene panel in Settings.

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising networks.

We may update this privacy policy from time to time. Material changes will be communicated through the platform. Your continued use of the platform after changes constitutes acceptance of the updated policy.

If you have questions about this privacy policy, wish to make an access or correction request, or want to lodge a privacy complaint, please contact:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.