Privacy

Custodio Privacy Policy

Last updated: 01 April 2026

Custodio Pty Ltd ("Custodio", "we", "us", "our") is committed to protecting your privacy and handling your personal information in a transparent, secure and lawful manner. This Privacy Policy explains how we collect, use, disclose, store and protect your personal information, including information handled under the Australian Consumer Data Right (CDR).

This Privacy Policy applies to all users of the Custodio mobile application, website, and related services.

1. Who we are

Custodio is an Australian technology company providing scam-protection and financial safety services. Our services are designed to help individuals identify unusual or potentially harmful financial activity and, where chosen, alert trusted Guardians.

Nominated Account Data Collection: Direct to Consumer: Custodio operates through a Nominated Account Data Collection: Direct to Consumer access model of Adatree Pty Ltd, an Accredited Data Recipient (ADR) with accreditation number ADRBNK000071 under the Australian Consumer Data Right.

Custodio is bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Consumer Data Right Rules.

2. Types of information we collect

2.1 Personal information

We may collect personal information including:

  • Full name
  • Email address
  • Mobile phone number
  • Device identifier
  • Date of birth
  • Contact and other preferences
  • Guardian details (where a Guardian is nominated)
  • Communications with Custodio support

2.2 Consumer Data Right (CDR) data

With your explicit consent, we may collect CDR data from your bank or other data holders, including:

  • Account details (such as account type, balance, and status)
  • Transaction data (such as dates, amounts, descriptions, and merchant details)
  • Payee details (such as name, type, and descriptions)

Custodio accesses CDR data through a Nominated Account Data Collection: Direct to Consumer model of Adatree Pty Ltd using secure CDR infrastructure operated by Adatree.

Custodio only collects CDR data that is:

  • Explicitly authorised by you
  • Required to deliver the Custodio service
  • Accessed for the specific purpose agreed in your consent

2.3 Technical and usage information

We may automatically collect:

  • Device and operating system information
  • App usage data
  • Log files and error reports
  • IP address and security-related metadata

3. How we collect information

We collect information:

  • Directly from you when you register or use the Custodio app
  • From CDR data holders (such as banks) via secure CDR APIs through Adatree Pty Ltd
  • From trusted service providers who assist in operating the service
  • Automatically through your use of our app and website

4. How we use your information

We use your information to:

  • Provide, operate and improve the Custodio service
  • Monitor for unusual or potentially harmful financial activity
  • Generate alerts and notifications
  • Notify nominated Guardians (where you have chosen this feature)
  • Power Custodio.AI features, where you have opted in (see section 5 below)
  • Comply with legal and regulatory obligations
  • Maintain security, prevent fraud, and investigate incidents
  • Communicate with you about your account or service updates

We do not use CDR data for advertising or sell your personal information.

5. Custodio.AI

Custodio offers an optional artificial intelligence feature ("Custodio.AI") that you may choose to enable within the app. When enabled, Custodio.AI processes your shared data, including CDR data you have consented to share, using artificial intelligence and related technologies to generate insights, summaries and suggestions related to your activity.

5.1 How Artificial Intelligence ("AI") uses your data

When Custodio.AI is enabled:

  • Your shared data may be analysed by AI models to identify patterns, generate summaries and produce insights
  • AI processing is subject to the same privacy, security and CDR safeguards that apply to all data handled by Custodio
  • We do not use your data to train general-purpose AI models or share AI-processed data with third parties for their own purposes

5.2 Limitations and disclaimer

You should be aware that:

  • AI-generated outputs may be inaccurate, incomplete or contain errors or omissions
  • Custodio.AI does not provide financial, tax, legal or investment advice
  • You should not rely solely on AI-generated content when making decisions
  • Custodio accepts no liability for loss arising from reliance on AI-generated content

5.3 Opting out

You may disable Custodio.AI at any time through the app settings. Disabling the feature will stop AI processing of your data from that point forward but will not affect processing that has already occurred.

6. Guardians and notifications

If you nominate a Guardian:

  • We will share limited alert-related information with that Guardian
  • Guardians will only receive information relevant to the alert
  • You may add or remove Guardians at any time
  • Guardians do not receive full banking data or transaction histories

7. Disclosure of information

We may disclose your information:

  • To CDR data holders as part of consent and data access flows
  • To Adatree Pty Ltd, through which CDR data is provided to Custodio via the Nominated Account Data Collection: Direct to Consumer model
  • To other service providers who help us deliver the service (e.g. cloud hosting, notifications, security)
  • Where required by law, regulation, court order, or regulator
  • To protect the rights, safety or property of users or Custodio

All service providers are required to handle information securely and confidentially.

8. Data storage and security

Custodio uses industry-standard security controls including:

  • Encryption in transit and at rest
  • Strong access controls and monitoring
  • Secure cloud infrastructure hosted in Australia or approved jurisdictions
  • Regular security reviews and audits

CDR data is handled in accordance with CDR Rules and Adatree's accredited CDR environment.

9. Data retention

We retain personal and CDR data only for as long as:

  • Required to provide the service
  • Required by law or regulation
  • Necessary for dispute resolution or audit purposes

When no longer required, data is securely deleted or de-identified.

10. Your rights

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Withdraw CDR consent at any time
  • Delete your Custodio account (subject to legal retention requirements)
  • Make a complaint about how your information is handled

Withdrawing CDR consent will stop further data collection but will not affect processing already lawfully performed.

11. CDR-specific rights

Under the Consumer Data Right, you have additional rights, including:

  • Transparency about how your CDR data is used
  • Ability to view and manage active consents
  • Ability to request deletion of CDR data
  • Ability to complain to the Office of the Australian Information Commissioner (OAIC)

12. Overseas disclosure

Custodio may use trusted service providers located outside Australia. Where this occurs, we take reasonable steps to ensure overseas recipients comply with Australian privacy and CDR requirements.

13. Complaints

If you have a privacy concern or complaint, please contact us first so we can try to resolve it promptly.

If you are not satisfied, you may contact the OAIC:
Office of the Australian Information Commissioner
www.oaic.gov.au

14. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website and within the Custodio app.

15. Contact us

Custodio Pty Ltd
Website: https://www.custodio.com.au
Email: privacy@custodio.com.au