Privacy Policy

Effective Date: 15 May 2026

Contents

  1. Introduction
  2. What personal information do we collect?
    a. Information we collect on behalf of our customers
    b. Information we collect for FrankieOne
    c. Special categories of personal information
  3. How will we use your personal information?
  4. Who do we disclose your personal information to?
  5. International Data Transfers
  6. Our Information Storage
  7. Automated Decision Making
  8. Your Rights
  9. Children’s Privacy
  10. Cookie Policy
  11. Links to Third Party Sites
  12. Changes to Our Privacy Policy
  13. Contact Us

1. Introduction

This Privacy Policy applies to our websites, and identity verification, fraud prevention, and related services (including interactions with the foregoing, such as events we hold or other online resources we make available).

These services are provided by Frankie Financial Pty Ltd trading as FrankieOne, an Australian company with company number ACN 623 506 892 and with a registered office at Level 6, 440 Collins St, Melbourne VIC 3000 Australia, and our related bodies corporates and subsidiaries (collectively, “we”, “us”, “our”, “FrankieOne”).

We are committed to protecting your privacy and safeguarding your personal information. Please take time to read through this privacy policy to ensure you're aware of how we will use your personal information.

Personal information is information, or a combination of different types of information, that could reasonably allow you, as an individual, to be identified. This includes your name, e-mail address, phone number, physical address. There are other types of data, such as an IP address, which could constitute personal information if the data can be used to identify a specific individual. However, information that is anonymised or that cannot identify an individual either in isolation or in combination with other data, does not constitute personal information.

2. What personal information do we collect?

You are able to visit our website, www.frankieone.com, without actively providing your personal information. However, some areas of the website may allow you to contact us or request information (including a demo of our services), in which case, we will be collecting your personal information as requested in those areas.

Information we collect on behalf of customers

Most of our information is collected because a customer has retained us to provide our services. In these cases, we collect your personal information either:

  1. when you work for an organisation that has purchased one or more of our services and they have directed us to provide you with a user account; or
  2. when we provide our customers with a technology platform that relates to identity verification, fraud prevention or anti-money laundering services.

When this occurs, personal information is generally provided to us by our customers, and collection and use of personal information is limited solely to the purpose of providing the services specified above. We have no direct relationship with the individuals whose personal information we process. If your data is processed on behalf of one of our customers, you should contact the customer you interact with directly. This includes any queries regarding access, correction, amendment or deletion of inaccurate information. If we are requested to remove any personal information, we will respond within a reasonable timeframe.

When providing our services, we may use third parties to assist. As a result, personal information may be transferred or disclosed to subsequent third parties or subprocessors. This type of transfer is covered in our agreements with customers.

We collect personal information on behalf of our customers from you as described in the table below.

Category

Examples

Sources

Personal identifiers

Name, date of birth, residential address, email, mobile number; entity name + identifiers (e.g., ABN/ACN/LEI).

From you, as the end user or from a FrankieOne customer that you have provided your Personal Information to.

Electronic network information

IP address, device fingerprint, browser/device metadata; device/OS/browser/network details and VPN detection (where enabled)

Location data

Address supplied by the user/customer; IP-derived location signals (e.g., city/country/lat/long) where available; session/location context such as “IP Geolocation” vs “User” address source

Employment information

In some customer configurations for identify verification: Single Touch Payroll (STP) and Superannuation verification sources may be used.

Profiling

Fraud/risk signals such as unusual login patterns (new device/location), known proxies/VPN indicators, device fingerprint changes, velocity/multiple accounts from same device/IP, disposable email/VoIP indicators, etc

Sensitive personal information

Government ID data (passport, driver’s licence, national ID numbers, Medicare/equivalents); biometric data such as facial images (for biometric verification)

Personal information processed under this section will be retained as long as needed to provide services to our customer. We will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Information we collect for FrankieOne

Where you are a user of the FrankieOne platform, we will collect your personal information to continuously operate its internal purposes, as described in the table below.

Category

Examples

Sources

Personal identifiers

Personal details (e.g. name, title, employer, or similar employment related information).


Contact details (e.g. phone number, e-mail address, postal address, phone number, or similar identifiers).


Other information that you provide to us at your option, such as survey responses, contest submissions, feedback or optional user profile information (which may include a photo).


Usage data about your use of our services (e.g. features used, types of devices used to access the services and session lengths).


Account information (e.g. user ID, contact details, answers to security questions, or similar identifiers, language, time zone).

You, your organisation or employer, our business partners, public online sources or information resellers.

We may also be required to collect certain personal information about you in order to comply with applicable laws including anti-money laundering, financial reporting, and responding to and protecting against legal claims. If we do not receive the information, it may prevent or delay our compliance with law. We will generally inform you whether the collection of personal information is compulsory and the consequences for failing to provide the information.

Failure to provide this information may prevent or delay the fulfillment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.

Sensitive Personal Information

FrankieOne may collect sensitive personal information or protected classes of information. However, this will occur only with your consent when you directly provide the information to us through our services or when our customers request that this information be uploaded to our services by you. For any sensitive information collected from, or on behalf of, our customers, we process such information for the sole purpose of supplying the services to them that have been agreed under a written contract. For any sensitive information that is collected for FrankieOne, we process the information provided to us for the services specified to you at the time of collection.

3. How will we use your personal information?

FrankieOne uses personal information differently depending on how the information was collected. However, at all times, we may use your personal information for the following purposes:

  • exercise our legal rights. We may use your personal information to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or our applicable contract terms and conditions;
  • comply with our legal obligations. We may process your personal information to, for example, carry out fraud prevention checks or comply with other legal or regulatory requirements, where this is explicitly required by law; or
  • ensure continuity of operations where our business is sold or control of it changes hands. We process your personal information in the event of a merger, acquisition, sale of all (or substantially all) of our assets, reorganisation, or other change of control because we have a legitimate interest to ensure our business can be continued by the buyer, or surviving entity, as applicable. If you object to our use of your personal information in this way, the buyer of our business may not be able to provide services to you.

Information processed on behalf of customers

If the personal information was collected on behalf of our customers, FrankieOne will only use your personal information to:

  • identify you as a user of our service where you work for an organisation that is a FrankieOne customer. We use your personal information to verify your identity when you create an account with us or when you access and use services that require a log in. This allows us to comply with contractual obligations to your organisation;
  • provide technical support. We process your personal information if you request support, or raise service questions. This is necessary for the performance of a contract or our legitimate interest in fulfilling your requests or questions as well as communicating with you; or
  • identify you to provide services to our customers. Our customers may engage us to verify your identity on their behalf. Usually, this will include your name, address and ID documents. We use this information to comply with contractual obligations to our customers.

Information processed for FrankieOne

If your information was collected for FrankieOne’s internal business operations, FrankieOne uses your personal information to:

  • prospect sales leads. We use your personal information to communicate with you, where legally permitted, following the expression of your interest in learning more about FrankieOne. This is in our legitimate interest of communicating with interested prospects about our services;
  • improve our services and internal operations. We may analyse how you engage with us or our services to provide an improved user experience to our customers. This process may include aggregation of statistics and analytics, the use of artificial intelligence and training of machine learning capabilities. It is in our legitimate interest to use such information for this purpose, so we can understand any issues with our services and improve them;
  • communicate with you. We may use your personal information to respond to your inquiries, to fulfill your requests for information, notify of any updates to the services, or provide security alerts. It is in our legitimate interest to provide you with appropriate responses and provide you with notices about our services;
  • conduct marketing. We may send you our news updates about our services and offers because you have opted in to receive them or because you are an existing customer. In this case, we rely on your consent to contact you or provide you with an opt-out mechanism. You can unsubscribe at any time by contacting us using the details below or clicking on the unsubscribe link provided in any email you receive from us; or
  • promote our activities and host events. We use personal information to host events, webinars and other promotions, which you have registered for. We will have obtained your consent, where required by law. Alternatively, it is in our legitimate interests to be able to provide the event or promotional activity.

As and when required by law, we obtain your consent to collect and use personal information. If we have asked for your consent to process your personal information, you may withdraw your consent at any time by contacting us directly using the contact details contained at the end of this Privacy Policy.

4. Who do we disclose your personal information to?

FrankieOne may disclose your personal information to the following types of parties:

  • FrankieOne group companies. FrankieOne works closely with other companies that fall within the FrankieOne group of companies. We may disclose certain personal information with our group companies (including any future acquired companies) for customer support, marketing, technical operations, event registration and account management purposes. For more information about our group companies, please contact us;
  • the organisation that has made you an authorised user of FrankieOne’s services. This is limited to the extent necessary for verifying accounts, activity, investigating suspicious activity, or enforcing our terms and policies;
  • customers. We disclose personal information to our customers as part of the identification verification, anti-money laundering and fraud prevention services we provide. However, the disclosure is strictly restricted to the customer that required us to process your personal information;
  • service providers. FrankieOne uses vendors who provide services such as data matching, IT and system administration and hosting, emailing services, credit card processing, research and analytics, marketing, events planning, and customer support for the purposes and pursuant to the legal bases described above in Section 3;
  • professional advisors. In select circumstances, we may share personal information with professional advisers including, for example, lawyers, bankers, auditors, and insurers who provide professional services to us;
  • event or promotional sponsors. If you attend an event or webinar organised by us, participate in a contest or other promotion, download or access resources on our website, FrankieOne may share personal information with sponsors of the event, resource or promotion. In these circumstances, the processing of personal information will be governed by the third party’s privacy policy. However, we will seek your consent to share the personal information;
  • law enforcement bodies, courts, government authorities or similar third parties. We disclose personal information to these parties where we believe it is necessary to comply with a legal obligation or to otherwise protect our (or third party) rights. Where permitted by law, we will attempt to notify you of these requirements;
  • asset or company purchasers. We may need to disclose personal information to any third party that purchases our assets and/or business. If there is a change in ownership, we will provide notification either via email or a prominent notice on our website.

5. International Data Transfers

FrankieOne may transfer or disclose your personal information to a recipient outside of Australia. This will occur because we operate as a global operation with international contractors or employees and also when our customers ask us to match your personal information against data held by an international organisation. As transfers of personal information are dependent on the services engaged by our customers, we welcome you to contact us if you would like more information about where your personal information may be transferred to.

Therefore, your personal information may be processed and stored outside your country or jurisdiction, including in places that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection.

However, FrankieOne ensures that the recipient of personal information provides an adequate level of protection and security by entering into appropriate agreements, including standard contractual clauses, or alternative mechanisms, for the transfer of personal information overseas in accordance with applicable legal requirements.

Please see below in Section 6 or contact us if you would like more information.

6. Our Information Storage

All personal information that we hold is stored securely on our Amazon Web Services servers in Australia. In addition, we implement technical and organizational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the ongoing integrity and confidentiality of personal information. In the limited cases where we process credit card transactions, we use third party processors that are PCI-DSS compliant to process transactions in a secure manner. Please see more information about our security practices here. We evaluate these measures on a regular basis to ensure the security of the processing.

If you are a user of our services with an account with us, you share responsibility for protection of personal information by keeping your username and password confidential and by changing passwords regularly.

We retain personal information:

  • if you are our direct customer, for as long as we have a legal relationship with you;
  • if you are not our direct customer, for the period of time that is consistent with the reason and purpose for which your personal information was collected.

In determining the retention period, we will take into account the amount, nature and sensitivity of the personal information. When these retention periods have ended, we will retain your personal information for a period of time that enables us to:

  • maintain business records for analysis and/or audit purposes;
  • comply with record retention requirements under the law;
  • defend or bring any existing or potential legal claims;
  • deal with any complaints regarding the services; and/or
  • enforce our commercial agreements.

If none of the above apply, we will delete your personal information. Sometimes, there may be technical reasons why your information cannot be entirely deleted. In this case, we will implement appropriate measures to prevent any further processing or use of the data.

7. Automated Decision Making

We develop and provide automated decision-supporting tools and technologies that are capable of being used by our clients to support or make decisions that may affect individuals. However, we want to be clear about our practices:

  • FrankieOne does not use automated decision-making internally on you. We do not employ any automated decision-making systems to make decisions about you that would produce legal effects or similarly significantly affect your rights or interests. All decisions regarding your relationship with us are made with appropriate human involvement.
  • FrankieOne develops automated decision-making tools for customers. These tools are designed to assist in various decision-making processes and may be capable of processing personal information (as identified in Section 2) to generate recommendations or decisions.
  • Whilst FrankieOne does provide automated decision-making tools to customers, we impose stringent requirements, including but not limited to:
    • implementing appropriate human oversight and intervention mechanisms;
    • establishing procedures that allow individuals to request human review or object or challenge automated decisions;
    • ensuring transparency about when and how automated decision-making is used; and
    • complying with all applicable privacy and data protection laws in their jurisdiction.

8. Your Rights

You have certain rights relating to your personal information, subject to local privacy or data protection laws. Depending on the applicable law, these rights include:

  • accessing your personal information;
  • understanding how we process your personal information;
  • rectifying the information we hold about you;
  • erasing your personal information;
  • restricting our use of your personal information, including limiting disclosures made for valuable consideration;
  • objecting to our use of your personal information;
  • receiving your personal information in a form that is capable of transmission to a third party (otherwise known as data portability);
  • receiving a disclosure regarding how we have collected and used your personal information;
  • withdrawing your consent at any time to the extent we rely on consent as our legal basis for processing;
  • not being subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making");
  • not being subject to discrimination for exercising your legal rights;
  • appealing our refusal to act upon your request to exercise your legal rights; and/or
  • lodging a complaint with your local data protection authority.

To exercise your rights, please contact us by using the information below. However, if your data is processed on behalf of one of our customers, you should contact the FrankieOne customer you interact with directly.

9. Children’s Privacy

Our websites and services are not directed at children. FrankieOne does not knowingly collect personal information from minors or children under the age of 18 for our internal business purposes. In the event that we discover that a minor or child has provided personal information to us, we will make efforts to delete the child’s information in accordance with applicable law.

It is possible that FrankieOne will collect personal information of children as a result of our services to our customers. However, at all times, we require our customers to have obtained the proper consent from a parent or guardian, or have otherwise complied with applicable laws.

If you believe that your child has gained access to our website or services without your permission, please contact us at privacy@frankieone.com. We will respond promptly to you inquiry to help you protect your child. As we do not generally have direct relationships with individuals whose information we process, you should also contact the organisation you interact with directly that is using our service.

10. Cookie Policy

When you visit our website, we may, with your consent, use cookies to distinguish you from other users.

A cookie is a small data file which is placed on your browser or the hard drive of your computer (with your consent) to identify you when you come back to our website and to store details about your use of the Website.

We use the following cookies:

Cookie: Google Analytics

Purpose: This cookie allows us to measure how users interact with the Website and to remember pages the user has visited and previous interactions with the Website.

Duration: The retention period will be between 1 minute and 2 years depending on the type of cookie used.

More Information: Google Analytics
For more information on how Google uses data when you use our Site or Service, please follow this link: Google Partner Sites. You may be able to opt-out of some or all of Google Analytics features by downloading the Google Analytics opt-out browser add-on, available at, Google Analytics Opt-out. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioural advertising purposes, please visit Google About Ads.

You will see a banner on our website before we store a cookie on your device which describes the types of cookies we use and the information they collect where you can consent to or reject the use of cookies.

11. Links to Third Party Sites

Our websites and services may include links to other websites whose privacy practices may differ from FrankieOne’s practices. If you submit personal information to any of those websites, your information is governed by their privacy policies. We are not responsible for the privacy practices or the content of any websites to which our websites provide links.

It is possible that our websites will include interactive features and buttons, such as widgets or social media “likes”, “posts” or “shares” (“Social Media Features”). These Social Media Features may collect your personal information, including IP addresses, and may implement a cookie to allow the Social Media Feature to function. Such Social Media Features may be hosted by third parties and your interactions with those features will be governed by third party privacy policies.

12. Changes to Our Privacy Policy

We will update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we make any changes, we will update the “effective date” at the top of this policy.

If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a notice on our website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes.

We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your personal information.

13. Contact Us

To exercise your rights under this Privacy Policy, or applicable law, or if you have a dispute regarding your personal information, you may do so through your account, or by contacting us at privacy@frankieone.com or writing to Level 5, 440 Collins Street, Melbourne, VIC, 3000 (Attention: Data Privacy Officer) and letting us know what right you wish to exercise.

We try to respond to all legitimate requests within one month unless otherwise required by law, and will contact you if we need additional information from you in order to honour your request or verify your identity. If you are an employee of a FrankieOne customer, you may also wish to contact your employer’s system administrator for assistance in correcting or updating your information.

If you are still not satisfied with the outcome upon conclusion of our investigation, you may escalate the matter to OAIC using the details below, if you are located in Australia:

Office of the Australian Information Commissioner
 GPO Box 5218 SYDNEY NSW 2001
 Website: www.oaic.gov.au

Alternatively, if you are located in the EEA or the UK, you have the right to lodge a complaint with the competent supervisory authority. If you are based in the European Union, you can find your relevant supervisory authority here.




Ready to get started?