Get started
Legal · Privacy policy

Privacy policy

Last updated 3 May 2026Effective 3 May 2026
Draft. This document is a working draft prepared for review. It is not legal advice and should be reviewed by an Australian solicitor before being relied on. Until reviewed, treat the binding version as whatever you and OpenPasskey agree in writing.

1. About this policy

This policy explains how OpenPasskey Pty Ltd (ABN 27 688 670 420) (we, us, our) collects, holds, uses, and discloses personal information. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

“Personal information” has the meaning given in the Privacy Act: information or an opinion about an identified individual, or an individual who is reasonably identifiable.

2. What we collect

We collect only what we need to operate the Service. In practice this is:

  • Contact information you give us — your name, email address, business name, and message, when you email us, fill in a contact form, or join a waitlist.
  • Server logs — IP address, user agent, request timestamps, and pages visited. This is collected automatically by our hosting provider and helps us operate, secure, and debug the Site.
  • Merchant onboarding information — if you onboard as a merchant, your trading name, ABN, contact details, and bank payout details. Held under the merchant agreement.

We do not collect on-chain wallet activity beyond what is publicly visible on the relevant blockchain. We do not link public on-chain addresses to personal information unless you provide that link to us yourself.

3. Sensitive information

We do not seek or collect sensitive information (as defined in the Privacy Act, e.g. health, racial or ethnic origin, religious beliefs, criminal record). Please don't send sensitive information to us unless we have specifically asked for it.

4. Why we collect it

  • To respond to your enquiry or onboarding request.
  • To operate, secure, and improve the Site and the Service.
  • To send you operational updates about the Service or product changes that affect you.
  • To meet our legal, tax, audit, and regulatory obligations.
  • To send you marketing or product news only where you have opted in. You can unsubscribe at any time.

5. Cookies and analytics

This Site uses only the minimum cookies needed to remember your theme preference (light or dark) and any session state required for the page to work. We do not currently run third-party advertising trackers. If we add an analytics provider in future we will update this policy and disclose what is collected.

6. How we share information

We do not sell personal information. We share it only where necessary, and only with parties bound to keep it confidential and use it for the stated purpose:

  • Service providers — hosting (e.g. Vercel, AWS), email delivery, customer support, error monitoring, and similar sub-processors.
  • Professional advisers — lawyers, accountants, and auditors when we need their advice.
  • Government and law enforcement — where we are required by law, court order, or to protect our rights or the safety of others.
  • Successor entity — in connection with a merger, acquisition, restructure, or asset sale, subject to confidentiality and your continuing rights under this policy.

7. International transfers

Some of our service providers operate outside Australia (for example, US-based hosting and email delivery). When we send personal information overseas we take reasonable steps to ensure the recipient handles it in a way consistent with the APPs.

8. How we keep it safe

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include access controls, encryption in transit, supplier reviews, and limiting collection to what we need. No system is perfectly secure; if we suffer an eligible data breach, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

9. How long we keep it

We keep personal information only for as long as we need it for the purpose it was collected, plus any period required by law (for example, tax or AML record-keeping). When we no longer need it, we delete or de-identify it.

10. Your rights

You can ask us to:

  • access the personal information we hold about you;
  • correct it if it is inaccurate, out of date, or incomplete;
  • delete it (subject to any legal obligation we have to retain it); or
  • stop using it for direct marketing — opt out at any time using the unsubscribe link or by emailing us.

Email contact@openpasskey.com to exercise any of these rights. We will respond within 30 days.

11. Children

The Service is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe we have, please contact us and we will delete it.

12. Updates

We may update this policy from time to time. The current version will always be available at this URL with the “Last updated” date above. Material changes will be notified via the Site or by email where appropriate.

13. Complaints and contact

If you have a privacy question or want to make a complaint, contact us first using the details below. We will acknowledge your complaint within a reasonable period and aim to resolve it within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC).

OpenPasskey Pty Ltd — PrivacyABN 27 688 670 420
Suite 95, 296 Pacific Highway
Lindfield NSW 2070, Australia

Email: contact@openpasskey.com