Last updated: 7th May, 2026

WealthApp Pty Ltd (ACN 696 737 676) (“WealthApp”, “we”, “us” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, hold, disclose and protect personal information when you visit our website at www.wealthapp.com.au (the “Website”), use our mobile application (the “App”, and together with the Website, the “Platform”), or otherwise interact with us.

We are bound by the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Australian Privacy Principles (the “APPs”). This Policy sits alongside, and forms part of, our Terms of Service.

READ THIS CAREFULLY: WealthApp operates a referral platform. As part of how the Platform works, we will share your personal information with third-party Referral Partners that you ask to be connected with, or that we match you to, so they can contact you and provide their products or services. Once your information is with a Referral Partner, the Referral Partner handles it on its own terms and under its own privacy policy. We are not responsible for how Referral Partners handle your information after we disclose it to them. Section 6 explains this in detail and you should read it carefully before using the Platform.

1. About this Policy

1.1  This Policy applies to personal information collected by us through the Platform, by email, telephone, in writing, in person, through social media accounts we operate, and through any other channel through which you interact with us.

1.2  By using the Platform or providing personal information to us, you agree to your personal information being handled as described in this Policy. If you do not agree, please do not use the Platform or provide your personal information to us.

1.3  We may update this Policy from time to time. Where the change is material, we will give you reasonable prior notice (such as by email, in-app notification, or notice on the Platform). The current version is the version published on the Platform, and supersedes all prior versions.

2. What is Personal Information?

2.1  In this Policy, “personal information” has the meaning given in the Privacy Act. Broadly, it means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether or not it is recorded in a material form.

2.2  “Sensitive information” is a sub-category of personal information that includes information about an individual’s health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record and biometric information. We generally do not seek to collect sensitive information, and where we do, we will only do so with your consent or as otherwise permitted by law.

3. Information We Collect

Depending on how you use the Platform and interact with us, we may collect the following categories of personal information:

3.1  Identity and contact information

• Full name, date of birth, gender, residential and postal addresses, email addresses, phone numbers and contact preferences.

• Account credentials (username, password — stored in hashed form), profile photo and any other profile information you provide.

• Government-issued identifiers (such as driver licence number or passport number) only where reasonably necessary, for example for identity verification by a Referral Partner.

3.2  Financial and wealth-related information

• Information about your financial situation, goals and preferences that you provide for the purposes of being matched with or referred to a Referral Partner — for example, employment status, income range, savings, assets, liabilities, existing financial products, investment preferences, risk tolerance, property ownership and household composition.

• Information about products or services you have requested, enquired about, compared, applied for or expressed interest in through the Platform.

3.3  Transaction and usage information

• Records of your enquiries, referral requests, applications, communications with us and with Referral Partners through the Platform, ratings, reviews and feedback.

• Pages and content viewed, features used, search queries, click and tap behaviour, session times and other interactions with the Platform.

3.4  Device and technical information

• IP address, device identifiers (including advertising identifiers), device type, operating system, browser type and version, language and time-zone settings, network and connection information, app version, crash logs and diagnostic data.

• Approximate location derived from IP address, and (only with your permission via your device settings) precise location data from your mobile device.

3.5  Cookies, analytics and tracking

• Information collected through cookies, web beacons, pixels, software development kits (SDKs), tags and similar technologies. See Section 9 for details on cookies and tracking.

3.6  Marketing information

• Your marketing preferences, response to communications, referral codes, loyalty or rewards activity and information you choose to share when you participate in surveys, competitions or promotions.

3.7  Information from third parties

We may collect personal information about you from third parties, including:

• Referral Partners (for example, status updates on your enquiry or application, fee or commission tracking, and feedback);

• identity verification, fraud prevention, credit reporting and KYC service providers (where used);

• publicly available sources, marketing partners, data providers and aggregators;

• social media platforms (where you connect a social account or interact with our content); and

• other Users (for example, where they refer you to the Platform).

4. How We Collect Personal Information

4.1  We collect personal information directly from you when you use the Platform, register an Account, complete a form, request a referral, contact us, subscribe to communications, respond to surveys, or otherwise interact with us.

4.2  We collect technical, device and usage information automatically when you use the Platform, through cookies and similar technologies.

4.3  We collect information from the third parties listed in Section 3.7 in the ordinary course of operating the Platform and our business.

4.4  Where it is unreasonable or impracticable to collect personal information directly from you, we may collect it from another source. If we receive personal information about you that we did not solicit, we will deal with it in accordance with the APPs.

5. Why We Collect, Hold and Use Your Personal Information

We collect, hold and use your personal information for the following primary purposes:

• to operate and provide the Platform, including registering and managing your Account and authenticating you;

• to provide our core service — connecting you with Referral Partners, including matching you to relevant Referral Partners, sharing your details with Referral Partners you have asked to engage, and tracking the progress of your enquiry or application;

• to communicate with you about your enquiries, applications, Account, the Platform and any matters arising from your use of it;

• to personalise and improve your experience, including showing you content, listings or features that may be of interest;

• to send you direct marketing communications (subject to Section 8 below);

• to manage and pay referral fees, commissions, success fees, advertising fees or other amounts owed to or by us;

• to verify your identity, prevent and detect fraud, abuse or breaches of our Terms of Service, and protect the security and integrity of the Platform;

• to conduct analytics, research and product development to understand how the Platform is used and improve it;

• to manage our business, including for accounting, billing, audit, risk management, training and corporate transactions (such as a sale, merger or restructure);

• to comply with our legal and regulatory obligations, respond to lawful requests from regulators, courts and law enforcement, and to establish, exercise or defend legal claims; and

• for any other purpose disclosed to you at the time of collection or otherwise permitted by law.

Where we use your personal information for a related secondary purpose, we will only do so where you would reasonably expect us to, or as otherwise permitted by the APPs.

6. Disclosure to Referral Partners

6.1  Core function. The Platform is a referral service. To deliver that service, we share your personal information with Referral Partners. By using the Platform to request a referral, submit an enquiry, apply for a product, or otherwise indicate interest in a Referral Partner or its products and services, you authorise us to disclose your personal information (including financial and wealth-related information described in Section 3.2) to that Referral Partner so that the Referral Partner can contact you, assess your enquiry and provide its products or services to you.

6.2  What we share. The information we share with a Referral Partner depends on the Referral Partner and the nature of your enquiry, but may include your name, contact details, financial profile, the details of your enquiry, and any supporting information or documents you provide. We will not share more information than is reasonably necessary for the relevant purpose.

6.3  Independent handling by Referral Partners. Once your personal information is disclosed to a Referral Partner, the Referral Partner handles it as a separate and independent entity. The Referral Partner is responsible for its own collection, use, storage, disclosure and security of your information, and its own compliance with privacy laws. The Referral Partner’s use of your personal information is governed by the Referral Partner’s own privacy policy and any agreement between you and the Referral Partner — not by this Policy.

6.4  We are not responsible for Referral Partners. To the maximum extent permitted by law, we are not responsible or liable for the privacy practices, data security, conduct, communications or compliance of any Referral Partner, including any unauthorised access to, use of, disclosure of, loss of, or modification of your personal information by a Referral Partner. You should review the Referral Partner’s privacy policy before engaging with the Referral Partner. If you have a privacy complaint about a Referral Partner, you must raise it directly with that Referral Partner.

6.5  Withdrawal. You may at any time ask us not to make further referrals or further disclosures of your personal information to Referral Partners by contacting us using the details in Section 16. We will action your request within a reasonable time. However, we cannot withdraw or recall personal information that has already been disclosed to a Referral Partner — you will need to deal with the Referral Partner directly to manage that information.

7. Other Disclosures

In addition to disclosures to Referral Partners, we may disclose your personal information to:

• our related bodies corporate, affiliates and group companies;

• our service providers, contractors and consultants — for example, hosting, cloud and infrastructure providers, software providers, analytics providers, marketing platforms, customer support tools, payment processors, identity verification providers, professional advisers (legal, accounting and audit), insurers, debt collectors and recruitment providers — who handle the information on our behalf, on a confidential basis and only for the purposes for which we engage them;

• any actual or proposed acquirer, investor, lender, joint venturer or successor in connection with a sale, merger, restructure, financing or similar transaction involving our business or assets;

• law enforcement bodies, regulators, courts, tribunals and other government authorities, where required or authorised by law, or where reasonably necessary to protect our rights, property or safety or that of any other person;

• any person, with your consent or at your direction; and

• any other person where required or authorised by law.

8. Direct Marketing

8.1  We may use your personal information to send you direct marketing communications (including by email, SMS, push notification, telephone or post) about the Platform, our products and services, and offers from Referral Partners that we think may be of interest to you. We will do this in accordance with the Privacy Act, the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

8.2  Every commercial electronic message will contain a clear and functional unsubscribe mechanism. You can opt out of direct marketing at any time by using that mechanism, by adjusting your communication preferences in your Account, or by contacting us using the details in Section 16.

8.3  Even if you opt out of marketing communications, we will continue to send you transactional, service and account-related communications that are necessary to provide the Platform to you (for example, security alerts, status updates on your enquiries and changes to our Terms or this Policy).

9. Cookies and Similar Technologies

9.1  We use cookies, web beacons, pixels, SDKs, tags and similar technologies (collectively, “tracking technologies”) on the Platform. Tracking technologies allow us to recognise your device, remember your preferences, deliver and measure advertising, perform analytics and improve the Platform.

9.2  We use the following categories of tracking technologies:

• Strictly necessary: required for the Platform to function (for example, authentication, session management and security).

• Functional: remember your preferences and settings to improve usability.

• Analytics and performance: help us understand how the Platform is used (for example, Google Analytics or similar tools).

• Advertising and marketing: deliver relevant advertising on and off the Platform and measure the effectiveness of our marketing campaigns.

9.3  You can manage tracking technologies through your browser or device settings, our cookie banner or in-app preferences. Disabling some tracking technologies may affect the operation or features of the Platform.

10. Overseas Disclosure

10.1  Some of our service providers, including hosting, cloud, analytics, marketing and support providers, are located outside Australia or store or process personal information outside Australia. Common locations include the United States, the European Union, the United Kingdom, Singapore, India and the Philippines.

10.2  Where we disclose personal information overseas, we take reasonable steps to ensure that the recipient handles your personal information in a manner consistent with the APPs. However, you acknowledge that by submitting personal information to us, you consent to your personal information being disclosed to overseas recipients in the circumstances described in this Policy, and that APP 8.1 will not apply to those disclosures. This means that we may not be required to take steps to ensure overseas recipients handle the information in compliance with the APPs, and you may not be able to seek redress under the Privacy Act in respect of those overseas recipients.

10.3  We will update the list of overseas jurisdictions from time to time as our service providers and operations evolve.

11. Storage and Security of Personal Information

11.1  We hold personal information in electronic form on systems operated by us or our service providers, and (where relevant) in hard copy form.

11.2  We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include access controls, encryption in transit and (where appropriate) at rest, secure data centres, network security controls, staff training, vetting of service providers and incident response procedures.

11.3  Despite our efforts, no method of transmission over the internet or electronic storage is completely secure. You acknowledge that you provide personal information to us at your own risk, and we cannot guarantee absolute security. You are responsible for keeping your Account credentials secure and notifying us promptly of any suspected unauthorised access.

12. Data Retention

12.1  We retain personal information only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, tax or reporting requirements, to enforce our agreements, to resolve disputes, and to protect our legitimate business interests.

12.2  When we no longer need personal information for any of those purposes, we will take reasonable steps to destroy or de-identify it, except where we are required by law to retain it.

13. Your Rights — Access, Correction and Deletion

13.1  You have the right to request access to the personal information we hold about you, and to request that we correct any personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.

13.2  To make a request, please contact us using the details in Section 16. We may ask you to verify your identity before responding. We will respond to your request within a reasonable time (and within any timeframe required by law).

13.3  In some cases, we may refuse to give you access to or to correct personal information. If we do, we will give you written reasons for our refusal and information about how you can complain about the decision.

13.4  Subject to our legal and regulatory obligations, you may also request that we delete your personal information or close your Account. We will consider all such requests in good faith. Please note that we may need to retain certain information to comply with the law or for the legitimate purposes described in Section 12, and that information already disclosed to Referral Partners is subject to the Referral Partner’s own retention practices (see Section 6).

13.5  We do not charge for receiving an access or correction request, but may charge a reasonable cost-recovery fee for providing access where the request is complex or burdensome.

14. Notifiable Data Breaches

14.1  We have processes in place to detect, investigate and respond to data breaches. If we suffer a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

15. Children

15.1  The Platform is not intended for, or directed to, persons under the age of 18. We do not knowingly collect personal information from anyone under 18. If you become aware that a person under 18 has provided personal information to us, please contact us using the details in Section 16 and we will take steps to delete that information.

16. Contact Us and Complaints

16.1  If you have any questions about this Policy, want to make a privacy enquiry, or wish to make a request to access, correct or delete your personal information, please contact us at:

Privacy Officer

WealthApp Pty Ltd

ACN 696 737 676

GPO Box 2199, Brisbane QLD 4001

Email: hello@wealthapp.com.au

16.2  If you believe we have breached the APPs or otherwise mishandled your personal information, please contact us using the details above. We will investigate your complaint and respond to you in writing within 30 days. If we need more time, we will let you know and explain why.

16.3  If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner

GPO Box 5288, Sydney NSW 2001

Phone: 1300 363 992

Website: www.oaic.gov.au

17. Definitions

Capitalised terms used but not defined in this Policy have the meanings given to them in our Terms of Service. References to “Referral Partner” have the meaning given in our Terms of Service and include any third-party business, professional, broker, advisor, agent, lender, service provider, advertiser or other entity listed, promoted, recommended, advertised, linked to, or otherwise made available through the Platform.