Privacy Policy
Effective Date: December 16, 2024 | Last Updated: January 21, 2025
1. About This Policy
This Privacy Policy describes how Krrisp Pty Ltd (ACN: 609 221 570), trading as Klaris AI ("we", "us", "our"), collects, uses, stores, and protects your information when you use our wealth planning software platform ("Klaris" or the "Platform").
We are committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
By using our Platform, you agree to the collection, use, and storage of your information as described in this policy. If you do not agree, please do not use the Platform.
2. Information We Collect
Account Information
When you create an account, we collect:
- Full name
- Email address
- Password (stored in hashed form — we never store plain text passwords)
- Account type (Client or Advisor)
- Subscription and payment information (processed by Stripe)
Financial Structure Data
When you use the Platform, you may enter:
- Entity information (trusts, companies, SMSFs, partnerships)
- Asset details and ownership structures
- Beneficiary and trustee information
- Financial relationships and connections between entities
- Notes and documents related to your structures
TFN Notice
We do not require, request, or store Tax File Numbers (TFNs). Please do not enter your TFN or any other tax identification numbers into the Platform. If you accidentally enter a TFN, we recommend removing it immediately and contacting us so we can assist with data deletion.
Usage Information
We automatically collect certain information about how you use the Platform:
- Pages visited and features used
- Time spent on the Platform
- Browser type and device information
- IP address (anonymised in analytics)
- Referring website
Cookies
We use essential cookies to maintain your session and preferences. We also use analytics cookies (Google Analytics) to understand how the Platform is used. You can manage cookie preferences through your browser settings or our cookie consent tool.
3. How We Use Your Information
We use your information to:
- Provide and maintain the Platform and its features.
- Process your subscription payments through Stripe.
- Send transactional emails (account verification, password resets, security notifications).
- Facilitate advisor-client collaboration when you grant access.
- Improve the Platform based on anonymous usage analytics.
- Respond to your support requests and communications.
- Comply with our legal obligations under Australian law.
Marketing Opt-Out
We may occasionally send product updates or newsletters to your registered email address. You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at info@krrispdigital.com.au. Opting out of marketing does not affect transactional emails related to your account.
Important
Klaris AI is a wealth structuring and documentation tool. It does not provide financial advice, tax advice, or investment recommendations. The information you enter and the structures you create are for your own documentation and planning purposes only.
4. Data Storage and Security
Australian Data Residency
All financial structure data is stored on servers located within Australia (Sydney, ap-southeast-2 region). Your sensitive financial information never leaves Australian jurisdiction.
Security Measures
We implement comprehensive security measures to protect your data:
- Encryption in transit — SSL/TLS encryption with HSTS for all connections.
- Encryption at rest — AES-256 encryption for all stored data.
- Row Level Security (RLS) — Database-level isolation ensuring users can only access their own data.
- Secure authentication — Bcrypt password hashing, email verification, optional 2FA and Google SSO.
Access Controls
Klaris AI staff have zero visibility into user financial structure data. Our administrative tools only manage platform operations. For full details, please see our Data Security Policy.
5. Data Sharing and Third Parties
Third-Party Services
We share limited data with the following service providers:
- Stripe — Payment processing (PCI-DSS Level 1 certified). Receives your payment information only. We never store card details on our servers.
- SendGrid — Transactional email delivery (verification, password reset, notifications). Receives your email address and name only. No financial data is included in emails.
- Google Analytics — Anonymous usage analytics. Receives anonymised browsing data only. IP anonymisation is enabled.
No Data Selling
We do not sell, rent, or trade your personal information or financial structure data to any third party. We do not use your data for advertising purposes. We do not share your data with data brokers.
Advisor Access
If you grant an advisor access to your account, they will be able to view your financial structure data as permitted by the access level you set. You control advisor access and can revoke it at any time. Advisors are bound by their own professional obligations regarding client data confidentiality.
6. Data Retention and Deletion
Active Accounts
We retain your data for as long as your account is active and as needed to provide you with the Platform services. Account and financial structure data is maintained throughout your subscription.
After Account Closure
When you close your account:
- Your financial structure data will be deleted within 90 days of account closure.
- Basic account records may be retained as required by Australian tax and business law (up to 7 years for financial transaction records).
- Anonymised usage data may be retained for analytics purposes.
Account Deletion
You can request complete deletion of your account and data by contacting us at info@krrispdigital.com.au. We will process deletion requests within 30 days and confirm completion via email.
7. Your Rights Under Australian Privacy Law
Under the Australian Privacy Act 1988, you have the right to:
- Access — Request a copy of the personal information we hold about you.
- Correct — Request correction of any inaccurate or incomplete personal information.
- Delete — Request deletion of your personal information (subject to legal retention requirements).
- Export — Request a copy of your financial structure data in a portable format.
- Withdraw Consent — Withdraw consent for marketing communications at any time.
- Lodge a Complaint — Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy.
Identity Verification
To protect your privacy, we may need to verify your identity before processing access, correction, or deletion requests. We will respond to all requests within 30 days. There is no charge for making a request, though we may charge a reasonable fee for requests that are manifestly unfounded or excessive.
9. International Data Transfers
Structure Data Stays in Australia
Your financial structure data (entities, assets, ownership relationships) is stored exclusively on Australian servers and does not leave Australian jurisdiction.
Account Data
Limited account-level data may be processed internationally by our service providers:
- Stripe (USA) — Processes payment information.
- SendGrid (USA) — Processes email delivery.
Safeguards
Where data is transferred internationally, we ensure that the receiving parties maintain security standards comparable to Australian requirements. Both Stripe and SendGrid maintain SOC 2 Type II compliance and other industry-standard security certifications. No financial structure data is included in international transfers.
10. Children's Privacy
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information as soon as possible. If you believe a child has provided us with personal information, please contact us at info@krrispdigital.com.au.
11. Data Breach Notification
In the event of a data breach that is likely to result in serious harm, we will:
- Notify affected individuals as soon as practicable.
- Notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme.
- Provide information about the nature of the breach, the type of information involved, and recommended steps to protect yourself.
- Take reasonable steps to contain the breach and prevent future occurrences.
12. Changes to Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this policy.
- For material changes, we will notify you via email or in-app notification.
- Continued use of the Platform after changes constitutes acceptance of the updated policy.
- We encourage you to review this policy periodically.
13. Complaints and Disputes
If you believe we have breached your privacy or the Australian Privacy Principles, you can:
- Contact us first — Email us at info@krrispdigital.com.au with details of your complaint. We will investigate and respond within 30 days.
- Escalate to the OAIC — If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
14. Contact Information
If you have questions about this Privacy Policy or how we handle your data, please contact us:
Email: info@krrispdigital.com.au
Entity: Krrisp Pty Ltd (ABN: 38 609 221 570 | ACN: 609 221 570)
Website: klaris.com.au
Have Privacy Questions?
If you have any concerns about your privacy or how we handle your data, our team is here to help.
Contact Us