MoneyMind Profile Pty Ltd ABN 33 672 152 073 ("MoneyMind Profile," "we," "us," or "our") values your privacy. MoneyPattern is software you use directly to understand your own financial behaviour. We are committed to protecting your personal information and being transparent about how we handle it.
This Privacy Policy explains:
We serve individuals only in Australia, the United Kingdom, the United States, and Canada — these are the only countries in which we operate. This Privacy Policy is designed to comply with applicable data protection laws in each of these jurisdictions, including:
This Privacy Policy applies to personal information we collect, use, and disclose when you visit our websites, create a MoneyPattern account, use the MoneyPattern software and services, or otherwise communicate with us.
MoneyPattern is a direct-to-consumer product. You use it yourself to complete a financial assessment to understand your behaviors toward saving, spending, investing and risk, to generate a personal financial profile and insights. You interact with us directly: there is no financial advisor, advisory firm, or other organisation sitting between you and us in providing the Service to you.
If you later choose to share your results with a financial professional or another person, you do so at your own direction, and their handling of your information is governed by their own privacy practices, not this Policy.
Because you use MoneyPattern directly, MoneyPattern is the data controller for the personal information you provide and that we collect about you. This means we determine the purposes and means of processing your personal information, and we are responsible for handling it in accordance with this Policy and applicable law.
For purposes of this Privacy Policy, key terms include: "Applicable Data Protection Laws" means all applicable data protection and privacy laws; "Controller" means the entity that determines the purposes and means of processing personal information; "Personal Information" means any information that identifies or is reasonably capable of being associated with an identified natural person; "Sensitive Information" means personal information that receives heightened protection under Applicable Data Protection Laws, which may include information about your financial circumstances; "Services" means the MoneyPattern software, websites, and related services; and "you" or "your" means the individual who uses the Services.
We are the data controller for the personal information of everyone who interacts with us, including people who create an account and use the Services, website visitors, newsletter subscribers, event attendees, and people who contact us.
We process your personal information only for the purposes described in this Policy and on a lawful basis. We do not use third parties to make decisions about your personal information on our behalf except as described in Section 9 (service providers), and those parties act only on our instructions.
When you register and use MoneyPattern, we may collect:
When you visit our website or use the Service, we may automatically collect your IP address and approximate geolocation, browser type and version, operating system, referring website, pages visited, links clicked, and in-app activity and diagnostic data.
We may receive personal information from service providers and integration partners; from publicly available sources; and, if you choose to sign in using a third-party provider (for example, a Google or Apple sign-in) or to connect a third-party account, from those providers as authorised by you.
Some of the information you enter to use MoneyPattern — particularly information about your financial circumstances and attitudes — may be treated as Sensitive Information under Applicable Data Protection Laws. We collect this information only to provide the Service to you, and only where you choose to provide it. Where Applicable Data Protection Laws require it, we rely on your explicit consent to process Sensitive Information, and you may withdraw that consent at any time (see Section 8). We do not require you to provide more sensitive information than is necessary to deliver the features you use.
We collect personal information directly (when you provide it through registration, the assessment or questionnaire, forms, or communications), automatically (through cookies, web and app logs, and analytics tools), and from third-party sources (service providers, third-party sign-in or account providers you choose to use, and publicly available sources).
We use personal information to:
For users in jurisdictions requiring a legal basis for processing (such as the UK and EU under GDPR), we rely on: performance of a contract (providing the Service you have signed up for); legitimate interests (improving the Services, security, and fraud prevention — for which we conduct balancing tests); legal obligations; consent (including explicit consent for processing Sensitive Information and for marketing, which you may withdraw at any time); and vital interests in rare emergency circumstances.
We do not sell, rent, or lease personal information to third parties, and we do not share your personal information with financial advisors or other third parties for their own purposes unless you direct us to.
We share personal information:
We may share aggregated, anonymised, or de-identified information that cannot identify you (see Section 11).
MoneyPattern may transfer personal information to Australia (primary operations), the United States (cloud hosting infrastructure), the United Kingdom (offices), and other countries where our service providers operate. When transferring to countries not recognised as providing adequate protection, we implement Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), and supplementary measures including encryption in transit and at rest, strict access controls, and data minimisation.
We create aggregated, anonymised, and de-identified data to improve the Services, conduct research, and generate benchmarks. We remove all direct identifiers, apply statistical techniques to prevent re-identification, and ensure the data cannot reasonably be linked back to you. We apply our Data Aggregation and De-Identification Policy (supplied upon request).
We implement comprehensive administrative, technical, and physical safeguards including: encryption (TLS 1.2+ in transit, industry-standard encryption at rest); access controls (MFA, role-based access control, least privilege, regular access reviews); network security (firewalls, intrusion detection, DDoS protection, penetration testing); and application security (secure SDLC, code reviews, OWASP Top 10 protection). Our infrastructure is hosted in secure, certified data centres with 24/7 monitoring.
No absolute security. Despite our efforts, no security measures are perfect. We cannot guarantee the absolute security of personal information. Internet transmissions are never completely private or secure.
We retain personal information only as long as necessary. We retain your information for as long as your account is active, plus up to 30 days after you close it. Closed accounts are deleted or anonymised within 30 days (backups retained for an additional 90 days). Financial and transaction records are retained for 7 years. Support tickets are retained for 3 years. Server logs are retained for 90 days. Aggregated and anonymised analytics data may be retained indefinitely. You may request deletion of your personal information, or close your account, at any time, subject to our legal obligations.
If you are in Australia, you have the right to access the personal information we hold about you, request correction of inaccurate information, and lodge a complaint with us about our handling of your personal information.
If you are in the UK or EU, you have the right to access, rectification, erasure, restriction of processing, data portability, objection to processing, and to lodge a complaint with the Information Commissioner's Office (ICO).
If you are in California, Virginia, Colorado, or another state with consumer privacy rights, you have the right to know what personal information we collect, request deletion, request correction, opt out of sale/sharing (note: we do not sell or share), limit the use of Sensitive Information, and not be discriminated against for exercising your rights.
To exercise any of these rights, please contact us at [contact@moneypattern.ai]. We may need to verify your identity before responding to your request.
We use essential cookies (necessary for the Services to function — cannot be disabled), performance and analytics cookies (analytics and error tracking), functionality cookies (preferences, A/B testing), and marketing and advertising cookies (campaign tracking, retargeting). You can manage cookies through your browser settings or our Cookie Preference Center. Our Services do not currently respond to Do Not Track signals.
Our Services may contain links to third-party websites not operated or controlled by MoneyPattern. We are not responsible for the privacy practices or content of external sites. When you click on a third-party link, their privacy policy applies. We encourage you to read their privacy policy before providing personal information.
Our Services are not directed to children under the age of 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will delete the information, terminate any associated account, and prevent future collection. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at [contact@moneypattern.ai] with the subject "Children's Privacy Concern."
In the event of a data breach affecting personal information, we are committed to transparency and prompt action. Our incident response process covers detection and verification, containment and mitigation, assessment of affected individuals and compromised information, notification as required by law, and remediation to prevent recurrence.
Notification timing: UK/EU GDPR — ICO within 72 hours; Australia — OAIC as soon as practicable and within 72 hours; United States — state attorneys general as required by state breach notification laws (typically 30–90 days). To report a security vulnerability, contact [contact@moneypattern.ai] with the subject "Security Incident Report."
For material changes, we will provide prominent notice through email notification to users with an account at least 30 days before the effective date, a prominent banner on our website, and an in-app notification. By continuing to use our Services after changes become effective, you accept the updated Privacy Policy. If you disagree with the changes, you may stop using the Services or close your account.
Our data practices comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. The Australian privacy regulator is the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au. We comply with the Notifiable Data Breaches (NDB) scheme.
Our data practices comply with the UK GDPR and the EU GDPR. The supervisory authority is the Information Commissioner's Office (ICO) — ico.org.uk. When transferring personal data outside the UK/EEA, we use Standard Contractual Clauses (SCCs) and supplementary measures.
We comply with the CCPA (as amended by the CPRA), Virginia CDPA, Colorado Privacy Act, and other applicable state privacy laws. We do not sell or share personal information as defined by the CCPA/CPRA. You may designate an authorised agent and appeal our decisions by contacting [contact@moneypattern.ai].
Our data practices comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws (including Quebec's Law 25, Alberta's PIPA, and British Columbia's PIPA). If you are in Canada, you have the right to access the personal information we hold about you, request correction, and withdraw consent, subject to legal and contractual restrictions. The federal regulator is the Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca.
We operate only in Australia, the United Kingdom, the United States, and Canada. We do not offer the Services in, or tailor this Privacy Policy to, any other country. If you contact us from outside these four countries, please get in touch for jurisdiction-specific information.