SNS IDProofBack to home

Privacy Policy

Last updated: 1 June 2026

SNS IDProof is a registered Business Trading Name of SD Finance Group Pty. Ltd (ABN 99 162 701 206).

Effective Date: 1 June 2026
Last Updated: 1 June 2026

1. Introduction

This Privacy Policy explains how SD Finance Group Pty. Ltd ("SNS IDProof", "we", "our", or "us") collects, uses, stores, processes, discloses, and protects personal information in connection with our technology services, software platforms, APIs, identity verification solutions, SaaS products, financial service support systems, compliance solutions, cybersecurity services, and related business operations.

We are committed to protecting your privacy and handling personal information in a lawful, fair, secure, and transparent manner in accordance with applicable privacy and data protection laws, including:

  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles (APPs)
  • The Notifiable Data Breaches (NDB) Scheme
  • The General Data Protection Regulation (GDPR)
  • The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Applicable Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations
  • Other applicable international privacy and cybersecurity laws

This Privacy Policy applies to all personal information collected through our websites, applications, APIs, software systems, communication channels, integrations, identity verification systems, and related services.

By accessing or using our services, you acknowledge and agree to the collection, processing, disclosure, and handling of your information as described in this Privacy Policy.

2. Definitions

For the purpose of this Privacy Policy:

  • Personal Information means information or an opinion relating to an identified individual or an individual who is reasonably identifiable.
  • Sensitive Information includes biometric information, identity documents, financial information, geolocation data, government identifiers, and any other information classified as sensitive under applicable privacy laws.
  • DVS means the Australian Government's Document Verification Service operated through IDMatch.
  • AML/CTF means Anti-Money Laundering and Counter-Terrorism Financing obligations under Australian law.
  • Services means all products, platforms, applications, APIs, software, websites, and solutions operated or provided by SNS IDProof / SD Finance Group Pty. Ltd.

3. Scope

This Privacy Policy applies to:

  • Customers and prospective customers
  • Website and application users
  • API users and developers
  • Business clients and their end users
  • Employees, contractors, consultants, and applicants
  • Individuals whose information is provided to us by clients or authorised third parties
  • Visitors interacting with our websites, services, systems, or communications

This Policy applies whether information is collected online, electronically, verbally, through integrated systems, or via third-party providers.

4. Information We Collect

Depending on the nature of the services provided, we may collect and process the following categories of information:

4.1 Identity Information

  • Full legal name
  • Preferred name
  • Date of birth
  • Gender
  • Nationality
  • Citizenship status

4.2 Contact Information

  • Email address
  • Phone number
  • Residential address
  • Business address
  • Mailing address

4.3 Government Identification Information

  • Passport details
  • Driver's licence details
  • National identification information
  • Visa or immigration documents
  • Tax file or regulatory identification numbers where required

4.4 Biometric Information

  • Facial images
  • Video recordings
  • Liveness detection data
  • Biometric authentication templates
  • Facial comparison and verification results

4.5 Financial and Transaction Information

  • Transaction records
  • Billing and invoicing information
  • Payment details
  • Banking details where required
  • Cryptocurrency wallet information where applicable

4.6 Technical and Device Information

  • IP address
  • Browser type and version
  • Device identifiers
  • Device fingerprints
  • Operating system information
  • Network information
  • Login timestamps and activity records
  • Error logs and diagnostics

4.7 Usage and Analytics Information

  • Website usage data
  • API request logs
  • Session activity
  • Clickstream data
  • User preferences and settings
  • Interaction analytics

4.8 Communications Information

  • Emails and correspondence
  • Customer support requests
  • Chat or messaging interactions
  • Feedback submissions
  • Survey responses

4.9 Compliance and Risk Information

  • Identity verification results
  • PEP screening results
  • Sanctions screening outcomes
  • Fraud indicators
  • AML/CTF monitoring data
  • Due diligence records
  • Risk scoring and assessment information

4.10 Other Information

We may also collect any other information voluntarily provided through:

  • Onboarding forms
  • Applications
  • Support interactions
  • Integrated systems
  • Client submissions
  • Surveys or questionnaires
  • Marketing interactions

5. Sensitive Information

Certain information collected by us may constitute Sensitive Information under applicable privacy laws, including:

  • Biometric information
  • Government identification documents
  • Financial information
  • Geolocation data
  • Identity verification information

We only collect Sensitive Information where:

  • It is reasonably necessary for our services or activities
  • Required by applicable laws or regulations
  • You have provided your express and informed consent
  • Collection is otherwise authorised or permitted by law

Sensitive Information is subject to enhanced security controls, restricted access permissions, encryption measures, and monitoring procedures.

6. How We Collect Information

We may collect information through:

  • Direct submissions through websites, applications, APIs, or forms
  • Client onboarding and verification processes
  • Business clients acting on your behalf
  • Automated technologies including cookies and analytics systems
  • Publicly available databases and records
  • Government verification systems
  • Third-party integrations and service providers
  • Communications and customer support channels
  • Security monitoring and fraud prevention systems

Information may be collected electronically, verbally, through automated systems, or via integrated services.

7. Purpose of Collection and Processing

We collect and process information for legitimate business, operational, legal, security, and regulatory purposes, including:

  • Providing and administering services
  • Identity verification and authentication
  • Fraud prevention and cybersecurity protection
  • AML/CTF compliance and due diligence
  • Customer onboarding and account management
  • Risk assessment and transaction monitoring
  • Regulatory reporting and legal compliance
  • API management and service optimisation
  • Platform analytics and performance monitoring
  • Service improvement and development
  • Security incident detection and response
  • Customer communications and support
  • Marketing communications where permitted by law
  • Internal business operations, audits, and governance

We will only process personal information for purposes that are reasonably necessary and proportionate.

8. Legal Basis for Processing

Where GDPR or similar laws apply, we process personal information based on one or more lawful grounds, including:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate business interests
  • Your consent
  • Protection against fraud, abuse, unlawful conduct, or cybersecurity threats

Where processing is based on consent, you may withdraw consent at any time, subject to legal or contractual restrictions.

9. Identity Verification and DVS

We use the Australian Government's Document Verification Service (DVS) via IDMatch to verify identity information.

When identification information is provided, we may:

  • Disclose relevant details to the DVS
  • Match information against official government records
  • Receive verification outcomes such as "match" or "no match"

We do not receive or retain full government records through the DVS.

By providing identity information and using our services, you provide your express consent for identity verification and biometric processing where required, as described in our Identity Verification Consent Statement.

10. AML/CTF Compliance

As a reporting entity or service provider supporting regulated entities, we may collect and process information to comply with AML/CTF obligations, including:

  • Know Your Customer (KYC) procedures
  • Customer Due Diligence (CDD)
  • Enhanced Due Diligence (EDD)
  • Transaction monitoring
  • Sanctions and PEP screening
  • Fraud and suspicious activity detection

We may disclose information to regulatory authorities including AUSTRAC where legally required.

Under Australian law, we may be prohibited from notifying individuals if a Suspicious Matter Report has been submitted.

11. Disclosure of Information

We may disclose information to:

  • Business clients and authorised representatives
  • Cloud hosting and infrastructure providers
  • Identity verification and fraud-prevention providers
  • Analytics and cybersecurity providers
  • Payment processors and financial institutions
  • Government authorities and regulators
  • Courts, tribunals, and law enforcement agencies
  • Legal, audit, compliance, and insurance advisors
  • Contractors, consultants, and integration providers

We do not sell personal information for monetary compensation.

Any disclosures are made subject to confidentiality obligations and applicable privacy laws.

12. International Data Transfers

Your information may be stored or processed in jurisdictions outside Australia, including jurisdictions where privacy protections may differ from Australian, European, or California laws.

Where international transfers occur, we implement safeguards including:

  • Data processing agreements
  • Standard contractual clauses
  • Encryption and security controls
  • Vendor due diligence assessments
  • Confidentiality and compliance obligations

13. Data Security

We implement administrative, technical, physical, and organisational safeguards designed to protect personal information, including:

  • Encryption in transit and at rest
  • Multi-factor authentication
  • Role-based access controls
  • Security monitoring and intrusion detection
  • Secure cloud infrastructure
  • Network segmentation and firewall protections
  • Vulnerability management and penetration testing
  • Security awareness and staff training

Despite these measures, no method of electronic transmission or storage can guarantee absolute security.

To the extent permitted by law, we are not liable for unauthorised access, disclosure, loss, or misuse of information where reasonable safeguards have been implemented.

14. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) Scheme and other applicable breach notification laws.

Where an eligible data breach occurs, we may:

  • Investigate and assess the incident
  • Notify affected individuals where required
  • Notify regulators and authorities where legally required
  • Take reasonable remediation and containment measures

15. Data Retention

We retain information only for as long as reasonably necessary for:

  • Service delivery
  • Legal and regulatory compliance
  • Security and fraud prevention
  • Dispute resolution
  • Internal business purposes

Certain records may be retained for a minimum of seven (7) years under AML/CTF obligations or other legal requirements.

Information may be securely deleted, anonymised, or archived once no longer required.

16. Your Privacy Rights

Depending on your jurisdiction, you may have rights including:

Australian Privacy Rights

  • Access personal information
  • Request corrections

GDPR Rights

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of data
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

California Privacy Rights

California residents may have rights to:

  • Know what information is collected
  • Request deletion
  • Correct inaccurate information
  • Limit use of sensitive information
  • Access collected information
  • Non-discrimination for exercising privacy rights

Requests may be submitted using the contact details below.

17. Cookies and Tracking Technologies

We use cookies and related technologies including:

  • Essential cookies
  • Functional cookies
  • Analytics cookies
  • Performance cookies
  • Security and fraud-prevention cookies

We may use third-party services including:

  • Google Analytics
  • Cloudflare
  • Authentication providers
  • Fraud detection systems
  • Monitoring and performance tools

You may manage cookie preferences through your browser settings.

18. Automated Decision-Making

Certain services may use automated systems, machine learning models, or fraud detection technologies to assist with:

  • Identity verification
  • Compliance checks
  • Fraud prevention
  • Risk assessments
  • Security monitoring

Where required by law, individuals may request human review of significant automated decisions.

19. Third-Party Services and Integrations

Our services may integrate with or contain links to third-party services or platforms.

We are not responsible for the privacy practices, security, or content of external services not controlled by SNS IDProof / SD Finance Group Pty. Ltd.

20. Children's Privacy

Our services are not directed to children under the age of 16 unless legally authorised or supervised by a parent, guardian, or authorised entity.

We do not knowingly collect personal information from children in violation of applicable laws.

21. Complaints

If you believe we have breached privacy laws or mishandled personal information, you may contact us using the details below.

If you are not satisfied with our response, you may contact:

Office of the Australian Information Commissioner (OAIC)
Website: https://www.oaic.gov.au
Phone: 1300 363 992

EU residents may also contact their local supervisory authority.

California residents may contact the California Privacy Protection Agency where applicable.

22. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements, business practices, technologies, or services.

Updated versions will be published with a revised version number and effective date.

23. Governing Law

This Privacy Policy is governed by the laws of New South Wales, Australia.

24. Contact Us

SNS IDProof
A registered Business Trading Name of SD Finance Group Pty. Ltd
ABN: 99 162 701 206

Email: info@snsidproof.com.au
Address: 301 Castlereagh Street, Haymarket NSW 2000, Australia