Brumby Finance Pty Ltd (referred to as “Brumby", "Brumby Pay”, “we”, “us”, or “our”) is committed to protecting your privacy. 

​

This Privacy Policy explains how Brumby Pay collects, uses, shares, stores, and protects your personal information when you use the Brumby Pay mobile application (“App”).
 

By using the App, you agree to this Privacy Policy and our Terms and Conditions. If you do not agree, do not use the App.
 

1. Information We Collect
 

We may collect and process the following information when you interact with the App:
 

a. Information you provide:
 

• Name, email address, and phone number

• Invoice number and reference details (to process your payment)
   

b. Automatically collected data:
 

• Device data (e.g. model, operating system, browser type, App version)

• IP address, unique device identifiers, and session logs

• Usage data (e.g. in-app activity, crash reports)
   

c. Payment information:
 

• Invoice amount, biller code, and reference

• No payment card or bank account details are stored by Brumby Pay. All transactions are processed by Monoova, our PCI-DSS compliant third-party payment provider.

 

2. Purpose of Data Use
 

We collect and use your data only as necessary to:

• Enable invoice payment via the App

• Check reward eligibility and deliver milestone-based digital rewards

• Send payment confirmations, reminders, and optional promotional notifications

• Detect and prevent fraud or misuse

• Comply with legal and regulatory requirements

• Maintain and improve our platform functionality and security
   

We do not collect or use data for advertising or profiling.

 

3. Sharing of Personal Information
 

We do not sell personal or sensitive user data.

We only share your data with:
 

• Monoova, for secure payment processing

• Reward vendors, to deliver applicable milestone eGift cards (email or SMS delivery only)

• Service providers, for secure hosting, analytics, SMS/email delivery, and fraud prevention

• Regulatory or legal authorities, if required by law or to comply with valid legal processes
   

All third-party vendors are bound by data protection agreements and must not use your data for unauthorised purposes.

 

4. App Permissions and In-App Disclosures
 

The Brumby Pay App:

• Does not access location, contacts, microphone, camera, or other device sensors

• Does not require runtime permissions outside of what is necessary to complete a payment (e.g. internet access)
   

If future versions of the App require access to sensitive data or Android permissions, users will be presented with:

• A clear in-app disclosure explaining why the data is needed and how it will be used

• A request for explicit user consent before data collection or access begins
   

Example: “Brumby Pay collects device info and app usage logs to enable invoice tracking and fraud prevention.”

 

5. App Set ID and Device Identifiers
 

We may collect a non-resettable device identifier (App Set ID) for security and fraud prevention purposes only. We do not:

• Link App Set ID to advertising identifiers (e.g. AAID)

• Use this data for advertising or tracking
   

This complies with Google Play's restricted identifier policies.

 

6. Data Retention and Deletion
 

We retain personal data only as long as necessary for legal, operational, or audit purposes:

• Transaction metadata is retained for at least 2 years

• Contact and reward information is retained for as long as the App account is active or rewards are unclaimed
   

You may:

• Request account deletion

• Request deletion of specific data not required for legal compliance

• Request correction or access to your stored data
   

To do so, email support@brumbypay.com.au
 

7. User Controls & Privacy Choices
 

You can:

• Opt out of optional SMS/email reminders by replying “STOP” or using the unsubscribe link

• Disable app permissions via your device settings

• Contact us to request access, correction, or deletion of your personal data

 

8. Children’s Privacy
 

This App is not intended for use by persons under the age of 18. We do not knowingly collect data from minors. If you believe a child has provided personal data via the App, contact us at support@brumbypay.com.au and we will delete the data promptly.

 

9. Security
 

We implement industry-standard security measures, including:

• Encryption of data at rest and in transit

• Multi-factor authentication (MFA) for administrator access

• Access control and role-based permissions

• Regular security updates and vulnerability testing

• Audit logs for sensitive data access
   

We do not store or process full card or bank details on Brumby Pay systems.

 

10. International Data Transfers
 

Data is primarily stored in Australia. If any data is transferred overseas (e.g. through cloud hosting or SMS vendors), we ensure:

• Appropriate contractual safeguards are in place

• Compliance with the Australian Privacy Principles (APP 8)

• No transfer occurs unless the recipient meets equivalent data protection standards

 

11. Third-Party SDKs and Analytics
 

Brumby Pay may integrate third-party software development kits (SDKs) for performance, analytics, and system stability.
 

We ensure:

• SDKs are compliant with Google and Apple privacy standards

• SDKs do not collect personal data for advertising or resale

• Any third-party data access is disclosed and consented to (if required)

12. Policy Changes and Notifications
 

We may update this Privacy Policy from time to time. If we make material changes, we will:

• Notify you via the App or email (if available)

• Update the version and date listed at the top
   

Contact Us:

For privacy-related enquiries or access requests:

support@brumbypay.com.au
Brumby Finance Pty Ltd

© 2025 Brumby Finance Pty Ltd. All rights reserved.
This document is provided for general information purposes. It may not be reproduced, distributed, or used for commercial purposes without the prior written consent of Brumby Finance Pty Ltd.