Privacy Policy

1. Privacy Policy

Your privacy is important to us. It is ComplyFlow's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our:


Web application: where our cloud services are hosted.

Personal information is any information about you that can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service. Personal records are not revealed, sold, distributed, rented, licensed, shared or passed on to any third party unless ComplyFlow is legally required to do so, or as part of our core product offering - refer to 1.4 Collection and Use of Personal Information. In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

This policy is effective as of 19 May 2021. Last updated: 04 April 2024

1.1 Information We Collect

Information we collect includes both information you knowingly and actively provide us when using or participating in any of our services and promotions, and any information automatically sent by your devices in the course of accessing our products and services.

1.2 Log Data

When you visit our website or web application, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit. Additionally, if you encounter certain errors while using our services, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.

1.2.1 Personal Information

We may ask for personal information which may include one or more of the following: Name Email Date of birth Phone/mobile number Home/mailing address Certificates Licences Information in regards to a person’s business or professional capacities such as ABN/ACN, position and organisation.

1.3 Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

1.4 Collection and Use of Information

We may collect personal information from you when you do any of the following on our website: Register for an account Use a mobile device or web browser to access our content Contact us via email, social media, or on any similar technologies When you mention us on social media We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes: To provide you with our platform's core features and services to enable you to customise or personalise your experience of our website to contact and communicate with you to enable you to access and use our website, associated applications, and associated platforms for internal record keeping and administrative purposes to comply with our legal obligations and resolve any disputes that we may have. Please be aware that we may combine information we collect about you with general information or research data we receive from other trusted sources.

1.5 Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use, or modification. We will comply with laws applicable to us in respect of any data breach. You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.

1.6 Sharing information with Clients & Employers

ComplyFlow is committed to providing a confidential service to its users, we are bound by the National Privacy Principles of the Privacy Act 1988 and individual state legislation.

Information collected by ComplyFlow on behalf of each Client or Employer is only disclosed to Client/s and/or Employers that you work for. It is important to refer to their respective Privacy Policies for information on how they handle your data, for example,they may retain your personal information for their compliance with legal, accounting, or reporting obligations.

For the purpose of this policy, confidentiality relates to the transmission of personal, sensitive or identifiable information about individuals or organisations (confidential information), which comes into the possession of the organisation through its work.

ComplyFlow holds personal data about its users on behalf of your Client or Employer which will only be used for the purposes for which it was gathered and will not be disclosed to anyone outside of the parties mentioned above where a warrant or subpoena has not been provided. All personal data will be dealt with sensitively and in the strictest confidence internally and externally. All personal data used by our web application is encrypted in transit and encrypted at rest.

1.7 The Privacy Act 1988 (Privacy Act)

All personal paper-based and electronic data must be stored in accordance with The Privacy Act 1988 (Privacy Act) and must be secured against unauthorised access, accidental disclosure, loss or destruction. All personal paper-based and electronic data are only accessible to those individuals authorised to have access.

1.7.1 Records

We consider protecting personal information a high priority and have strict measures when it comes to securing data on our Australian based servers.

The data is not viewed or accessed by personnel unless management, your Client or Employer require us to do so. Our personnel do not access accounts or export records unless it is intentionally granted by the Managing Director or disclosed by your Clients or your Employer. ComplyFlow is committed to the use of personal information in accordance with the Australian Privacy Principles.

1.7.2 Accessing the information we hold about you.

You can access and correct the personal information we hold about you. Contact us via: E-mail: Physical mail: Suite 3, 12-16 Sydney Road MANLY NSW 2095

1.7.3 Breaches of the Privacy Policy

Confidential or sensitive information relating to an individual may be divulged where it is against the law to withhold it. In these circumstances, information may be divulged to external agencies e.g. police or social services on a need to know basis, provided that they present a subpoena or a warrant. If the breach is caused by any other than the above-listed reasons, the disciplinary measure is immediate termination.

1.7.4 Data Breaches

In the event of a data breach, ComplyFlow will inform all involved as per The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Privacy Act).

1.7.5 Legislative Framework

ComplyFlow will monitor this policy to ensure it meets statutory and legal requirements including the; Privacy Act 1988 Information Privacy Act 2014(ACT) Privacy and Personal Information Protection Act 1998 (NSW) Information Act (NT) Information Privacy Act 2009 (Qld) Information and Protection Act 2004 (Tas) Privacy and Data Protection Act 2014 (Vic) General Data Protection Regulation (GDPR) (EU) 2016/679 Ensuring the effectiveness of the policy All employees will receive a copy of the Privacy Policy. New workers and/or subcontractors will be introduced to the Privacy Policy via induction and training. The policy will be reviewed annually and amendments will be proposed and agreed upon by the Directors. The disciplinary sanction for any breaches of this policy is immediate termination.

1.7.6 Children’s Privacy

We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.

1.8 Disclosure of Personal Information to Third Parties

We may disclose personal information to: A parent, subsidiary, or authorised integration partner of our company third party service providers for the purpose of enabling them to provide their services, for example, IT service providers, data storage, hosting and server providers, analytics platforms our employees, contractors, and/or related entities (refer to Sharing information with Clients & Employers) courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights third parties, including sub-contractors, who assist us in providing information, products, services, or email communication and product updates to you Hosting services used to collect and process data.

1.9 International Transfers of Personal Information

The personal information we collect is stored and/or processed in Australia, or where we or our partners, authorised integration partner, and third-party providers maintain facilities.

1.10 Your Rights and Controlling Your Personal Information

You always retain the right to withhold personal information from us, with the understanding that your experience of our website may be affected. We will not discriminate against you for exercising any of your rights over your personal information. If you do provide us with personal information you understand that we will collect, hold, use and disclose it in accordance with this privacy policy. You retain the right to request details of any personal information we hold about you.

If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such a person’s consent to provide the personal information to us.

If you have previously agreed to us using your personal information for email communication and product updates, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email database or opt-out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

1.11 Use of Cookies

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on the preferences you have specified.

Please refer to our Cookie Policy for more information.

1.12 Limits of Our Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

1.13 Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt-out of, as applicable, any new uses of your personal information.

1.14 Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following details: Mitchell Bourne

2. Terms of Service

These Terms of Service govern your use of the website located at and any related services provided by ComplyFlow. By accessing or you agree to abide by these Terms of Service and to comply with all applicable laws and regulations. If you do not agree with these Terms of Service, you are prohibited from using or accessing this website or using any other services provided by ComplyFlow. We, ComplyFlow, reserve the right to review and amend any of these Terms of Service at our sole discretion. Upon doing so, we will update this page. Any changes to these Terms of Service will take effect immediately from the date of publication.

These Terms of Service were last updated on 04 April 2024.

2.1 Limitations of Use

By using this website, you warrant on behalf of yourself, your users, and other parties you represent that you will not: Modify, copy, prepare derivative works of, decompile, or reverse engineer any materials and software contained on this website; remove any copyright or other proprietary notations from any materials and software on this website; transfer the materials to another person or “mirror” the materials on any other server; knowingly or negligently use this website or any of its associated services in a way that abuses or disrupts our networks or any other service ComplyFlow provides; use this website or its associated services to transmit or publish any harassing, indecent, obscene, fraudulent, or unlawful material; use this website or its associated services in violation of any applicable laws or regulations; use this website in conjunction with sending unauthorised advertising or spam; harvest, collect, or gather user data without the user’s consent; or use this website or its associated services in such a way that may infringe the privacy, intellectual property rights, or other rights of third parties.

2.2 Intellectual Property

The intellectual property in the materials contained in this website are owned by or licensed to ComplyFlow and are protected by applicable copyright and trademark law. We grant our users permission to download one copy of the materials for personal, non-commercial transitory use.

This constitutes the grant of a license, not a transfer of title. This license shall automatically terminate if you violate any of these restrictions or the Terms of Service, and may be terminated by ComplyFlow at any time.

2.3 Liability

Our website and web application are provided on an 'as is' basis. To the extent permitted by law, ComplyFlow makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property, or other violation of rights.

In no event shall ComplyFlow or its suppliers be liable for any consequential loss suffered or incurred by you or any third party arising from the use or inability to use this website or the materials on this website, even if ComplyFlow or an authorised representative has been notified, orally or in writing, of the possibility of such damage.

In the context of this agreement, “consequential loss” includes any consequential loss, indirect loss, real or anticipated loss of profit, loss of benefit, loss of revenue, loss of business, loss of goodwill, loss of opportunity, loss of savings, loss of reputation, loss of use and/or loss or corruption of data, whether under the statute, contract, equity, tort (including negligence), indemnity, or otherwise.

Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

2.4 Accuracy of Materials

The materials appearing on our website are not comprehensive and are for general information purposes only. ComplyFlow does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on this website, or otherwise relating to such materials or on any resources linked to this website.

2.5 Links

ComplyFlow has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement, approval, or control by ComplyFlow of the site. Use of any such linked site is at your own risk and we strongly advise you make your own investigations with respect to the suitability of those sites.

2.6 Right to Terminate

We may suspend or terminate your right to use our website and terminate these Terms of Service immediately upon written notice to you for any breach of these Terms of Service.

2.7 Severance

Any term of these Terms of Service which is wholly or partially void or unenforceable is severed to the extent that it is void or unenforceable. The validity of the remainder of these Terms of Service is not affected.

2.8 Governing Law

These Terms of Service are governed by and construed in accordance with the laws of NSW, Australia. You irrevocably submit to the exclusive jurisdiction of the courts in that State or location.

3.0 Fair Usage Policy for API Usage

This Fair Usage Policy (FUP) is designed to prevent misuse of our APIs and ensure that all users have equitable access to our services. By using our APIs, you agree to comply with this policy, which is part of our Terms of Service.

3.1 Usage Limits

To ensure stable and reliable service for all users, we impose certain usage limits. These limits are designed to protect the system from excessive use and to ensure equitable access for all users. The specific limits may vary depending on the API usage and the subscription plan you are on.

3.2 Acceptable Use

You agree to use our APIs for lawful purposes only and in accordance with all applicable laws and regulations. You must not use our APIs in a manner that could damage, disable, overburden, or impair any of our servers, or the network(s) connected to any of our servers, or interfere with any other party's use and enjoyment of any of our services.

3.3 Fair Usage

Fair usage constitutes use of our APIs within the usage limits and in a manner that does not negatively impact the performance of our services for other users. Actions considered outside of fair use include, but are not limited to, making excessive requests in a short period of time or attempting to circumvent API limitations.

3.4 Monitoring and Enforcement

We reserve the right to monitor your use of our APIs to ensure compliance with this Fair Usage Policy. Should your usage exceed the fair use limits, we may engage in corrective action, which may include throttling your API requests, temporarily suspending your access to the API, or terminating your account in severe or repeated cases of abuse.

3.5 Support Requirements and Approval

Any support requirements beyond standard usage or specific requests for assistance with our APIs will require prior approval. To seek approval, please provide a detailed description of your support needs, including the nature of the support, the expected duration, and how it relates to your use of our APIs. Approval of support requests is at our sole discretion and will be based on factors such as the reasonableness of the request, the potential impact on our resources, and alignment with our capabilities.

3.6 Changes to the Policy

We may modify this Fair Usage Policy at any time to reflect changes to our services, legal requirements, or for other reasons. We encourage you to review this policy regularly to stay informed of any changes. Your continued use of our APIs after any modification to this policy constitutes your acceptance of the modified terms.

3.7 Contact Us

If you have any questions about this Fair Usage Policy or if you believe that a violation has occurred, please contact us at We are committed to providing a fair and stable service to all our users and appreciate your cooperation in adhering to this policy.

4. Website Cookie Policy

  • We use cookies to help improve your experience of our website at This cookie policy is part of ComplyFlow's privacy policy. It covers the use of cookies between your device and our site.
  • We also provide basic information on third-party services we may use, who may also use cookies as part of their service. This policy does not cover their cookies.
  • If you don’t wish to accept cookies from us, you should instruct your browser to refuse cookies from In such a case, we may be unable to provide you with some of your desired content and services.

4.1 What is a cookie?

A cookie is a small piece of data that a website stores on your device when you visit. It typically contains information about the website itself, a unique identifier that allows the site to recognise your web browser when you return, additional data that serves the cookie’s purpose, and the lifespan of the cookie itself.

Cookies are used to enable certain features (e.g. logging in), track site usage (e.g. analytics), store your user settings (e.g. time zone, notification preferences), and to personalise your content (e.g. language).

Cookies set by the website you are visiting are usually referred to as first-party cookies. They typically only track your activity on that particular site.

Cookies set by other sites and companies (i.e. third parties) are called third-party cookies They can be used to track you on other websites that use the same third-party service.

4.2 Types of cookies and how we use them

4.2.1 Essential Web Application cookies

Essential cookies are crucial to your experience of a website, enabling core features like user logins, account management, shopping carts, and payment processing.

We use essential cookies to enable certain functions on our website.

4.2.2 Website and Web Application Performance cookies

Performance cookies track how you use a website during your visit. Typically, this information is anonymous and aggregated, with information tracked across all site users. They help companies understand visitor usage patterns, identify and diagnose problems or errors their users may encounter, and make better strategic decisions in improving their audience’s overall website experience. These cookies may be set by the website you’re visiting (first-party) or by third-party services. They do not collect personal information about you.

Read more about performance tracking or opt-out. We use performance cookies on our site.

4.2.3 Functionality cookies

Functionality cookies are used to collect information about your device and any settings you may configure on the website you’re visiting (like language and time zone settings). With this information, websites can provide you with customised, enhanced, or optimised content and services. These cookies may be set by the website you’re visiting (first-party) or by third-party services. We use functionality cookies for selected features on our site.

4.3 Intercom Services

We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilise Intercom to collect data for analytics purposes when you visit our website or use our web application..

As a data processor acting on our behalf, Intercom analyses your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom's use of cookies, please visit

We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). The Intercom Messenger Apps and Apps in Inbox products may also provide you with access to other third party applications such as Stripe. You should consult these third parties' privacy notices for further information on their use of your personal data. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, company, job title, website URLs, social network handles and physical addresses, to enhance your user experience.

For more information on the privacy practices of Intercom, please visit Intercom’s services are governed by Intercom’s terms of use which can be found at If you would like to opt out of having this information collected by or submitted to Intercom, please contact us

4.4 Use of Hotjar Services

We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.