Audit Shield

Privacy Policy

Last updated: April 2026 · Version 2026-04

Audit Shield Pty Ltd ("we", "us", "our") is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we handle personal information collected through our Audit Shield platform.

1. Who We Are

Audit Shield Pty Ltd is an Australian company that provides compliance workflow software to accounting firms subject to Tranche 2 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. We are a software tool provider, not a compliance adviser or reporting entity.

Privacy enquiries: privacy@teamchau.online

2. Information We Collect (APP 3)

We collect the following categories of personal information:

  • Account information: name, email address, phone number, firm affiliation, role.
  • Firm information: business name, ABN, contact details provided by your firm.
  • Client data: information about your firm's clients uploaded by your firm to the platform — including identity documents, financial records, and AML/CTF screening data.
  • Usage data: login timestamps, feature usage, and AI query logs for service operation and security.
  • Device and connection data: IP address, browser type, collected automatically when you use the platform.

We collect sensitive information (such as identity verification documents uploaded by firms) only where it is reasonably necessary for the service. We handle such information with additional care in accordance with APP 3.3.

3. Why We Collect It (APP 5 — Collection Notice)

We collect personal information to:

  • Create and manage user accounts and provide access to the platform.
  • Enable your firm to perform AML/CTF compliance workflows (document storage, risk assessments, client registers).
  • Power the Verity AI information retrieval feature by indexing your uploaded compliance documents.
  • Monitor platform performance, diagnose issues, and improve our service.
  • Meet our legal and contractual obligations.

4. How We Use Information (APP 6)

We use personal information only for the purposes for which it was collected or directly related purposes. We do not sell personal information to third parties. We do not use client data uploaded by your firm for any purpose other than providing the platform services to your firm.

5. Disclosure to Third Parties (APP 6 & 8)

We disclose personal information to the following service providers in order to operate the platform:

  • Supabase: database hosting and authentication (servers located in Sydney, ap-southeast-2 — data stored in Australia).
  • Google Cloud / Vertex AI: powers the Verity AI feature. Document content used for AI queries may be processed on Google Cloud infrastructure, which may be located outside Australia. Google is bound by contractual data processing terms.

We take reasonable steps to ensure overseas recipients handle personal information in a way consistent with the APPs (APP 8.1). For full details of sub-processors see our Sub-Processors page.

We may also disclose personal information where required by law, court order, or regulatory authority.

6. Data Storage and Security (APP 11)

All data is stored in Supabase's Sydney (ap-southeast-2) data centre. We implement reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, including encryption at rest and in transit, row-level security, and access controls.

No internet transmission is completely secure. We cannot guarantee the security of information transmitted to or from our platform, but we follow industry-standard practices to protect it.

7. Data Retention

We retain personal information for as long as necessary to provide the service and meet our legal obligations. Compliance records (including AML/CTF records) uploaded by firms may be subject to statutory retention periods under the AML/CTF Act 2006 (7 years). We will notify firms of applicable retention requirements. Account data is deleted upon a valid account deletion request, subject to legal retention obligations.

8. Your Rights (APP 12 & 13)

You have the right to:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request correction of inaccurate personal information.
  • Deletion: request deletion of your personal information, subject to legal retention obligations.
  • Complaints: lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise your rights, contact us at privacy@teamchau.online. We will respond within 30 days.

9. Notifiable Data Breaches (NDB Scheme)

We comply with the Notifiable Data Breaches scheme under the Privacy Act. If a data breach is likely to result in serious harm to affected individuals, we will notify the OAIC and affected individuals as soon as practicable and no later than 30 days after becoming aware of the breach.

10. Cookies and Tracking

We use session cookies for authentication purposes only. We do not use third-party advertising cookies or tracking pixels. You can disable cookies in your browser, but this will prevent you from logging in.

11. Changes to This Policy

We may update this policy from time to time. We will notify users of material changes via the platform or by email. The version date at the top of this page indicates when the policy was last updated.

12. Contact Us

For privacy enquiries, complaints, or to exercise your rights:
privacy@teamchau.online