Privacy Policy

Last updated: May 29, 2025

Effective date: 1 June 2024 (last updated September 2025)

This Privacy Policy explains how Fintek Pty Ltd (ABN 67 618 866 014) and its related businesses (“Fintek”, “Mystro”, “we”, “us” or “our”) handle personal information.

We are committed to protecting privacy and security in accordance with:

  • the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs),
  • the Notifiable Data Breaches (NDB) scheme,
  • relevant global data protection best practices.

This Policy incorporates our Data Security Policy and Cookie Policy so customers have a single, comprehensive reference point for privacy and data handling.

1. Scope

This Policy applies to:

  • visitors to our websites (e.g. www.mystro.com.au),
  • users of our SaaS products, software, tools, and related services (the “Services”),
  • employees, contractors, and third-party service providers who may access or handle customer data.

2. Collection of Personal Information

We collect personal information lawfully and fairly, including when you:

  • visit or interact with our websites,
  • register for, subscribe to, or use our Services,
  • contact us (email, phone, chat, forms),
  • participate in surveys, promotions, or events.

Types of personal information may include:

  • name, date of birth, title, and identity information,
  • contact details (address, email, phone),
  • payment and billing details,
  • account preferences and support information,
  • usage data (log files, IP address, device identifiers, cookies, analytics),
  • any other information you provide to us.

We may also collect personal information from third parties where lawful (e.g. credit agencies, referral partners, or publicly available sources).

3. Use of Personal Information

We may use personal information to:

  • provide and manage our Services,
  • process payments and billing,
  • deliver customer support,
  • improve and develop products and Services,
  • send updates, marketing communications, and offers (opt-out available),
  • comply with legal and regulatory obligations,
  • detect, prevent, and address fraud, misuse, or security issues,
  • enforce our agreements and protect our rights.

4. Disclosure of Personal Information

We may disclose personal information to:

  • Trusted third-party service providers who process data on our behalf, including:
    • Amazon Web Services (AWS) – secure hosting and data storage in Sydney, Australia.
    • Twilio – communications services (e.g. SMS, telephony).
    • Google – cloud infrastructure, analytics, and advertising services.
    • Microsoft – productivity, security, and hosting tools.
    • Equifax – identity verification and credit reference services.
    • Meta (Facebook/Instagram) – advertising, analytics, and remarketing.
  • professional advisers (lawyers, auditors, insurers),
  • regulators, courts, or law enforcement when legally required,
  • related entities in our corporate group.

These providers may process, store, or transmit personal information in connection with our Services. Each is contractually bound to handle data in compliance with this Policy and applicable privacy laws.

We do not sell or rent personal information.

5. Overseas Disclosure

Some service providers (including Google, Microsoft, Twilio, Meta, and Equifax) may store or process personal information outside Australia. Where disclosure occurs, we take reasonable steps to ensure recipients are subject to privacy obligations comparable to those under Australian law.

6. Data Security

We maintain robust technical and organisational measures to safeguard customer data. Key practices include:

  • Access Control – strict authorisation and authentication measures, including 2FA and least-privilege access.
  • Hosting & Storage – AWS Sydney data centres with ISO 27001, SOC 1/2/3, and PCI DSS certification.
  • Encryption – all data encrypted in transit (TLS/SSL) and at rest.
  • Monitoring & Logging – 24/7 monitoring, logs retained for 12 months, incident reporting processes.
  • Development & Personnel – all development conducted in Sydney/Melbourne; no offshore outsourcing. Staff undergo background checks, training, and confidentiality agreements.
  • Compliance – regular audits and assessments against industry standards.

7. Cookies and Tracking

Our websites use cookies, pixels, and similar technologies for functionality, security, preferences, advertising, and analytics.

  • We use Google Analytics/Ads and Meta Pixel for performance measurement and targeted advertising.
  • Third-party cookies may recognise your device across multiple sites. We recommend reviewing third-party privacy notices.
  • You may disable cookies via your browser; however, Services may not function properly.
  • We do not respond to browser “Do Not Track” signals.

8. Notifiable Data Breaches

If a data breach is likely to cause serious harm, we will:

  • contain and investigate the breach,
  • notify affected individuals and the Office of the Australian Information Commissioner (OAIC) where required,
  • take remedial measures and review processes to reduce recurrence.

9. Data Retention

We retain personal information only as long as required for business, legal, or regulatory purposes.
Data is securely destroyed when no longer required, in line with industry standards.

10. Direct Marketing

We may send marketing communications in compliance with law. You can opt out at any time via unsubscribe links or by contacting us.

11. Children’s Privacy

Our Services are not directed at individuals under 18. We do not knowingly collect children’s personal information.

12. Access, Correction, and Complaints

You may request access to, or correction of, your personal information at any time.

If you have a complaint about our handling of your data, contact us at support@mystro.com.au. We will investigate promptly. If unsatisfied, you may contact the OAIC (www.oaic.gov.au).

13. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be published on our website with the revised effective date.

14. Contact Us

Fintek Pty Ltd
Level 9, Tower B, The Zenith
821 Pacific Highway
Chatswood NSW 2067
Email: support@mystro.com.au

Experience what Mystro can do for you.


We'll even throw in a 30 day money back guarantee.

Book a demo
Book a demo

Mystro is an AI-powered financial CRM that automates workflows, manages client data, and integrates seamlessly with lenders — helping teams work smarter and scale faster.

Pages
Social
© Copyright 2025 Fintek Pty Ltd
Terms & Conditions
Privacy Policy
Mystro is a financial technology platform, not a bank. Mystro provides client management, workflow automation, and reporting tools designed for the Australian financial services industry.

Any information provided within the platform is for general use only and does not constitute financial, legal, or tax advice. Users should confirm all details independently before making financial decisions.

Mystro integrates with third-party lenders and financial institutions; however, Mystro does not hold client funds and does not provide banking or investment services.

Some Mystro products have associated fees.