Privacy Policy

1. Introduction

1.1 Our Privacy Commitment

Konkrd takes the protection of your personal information very seriously. This Privacy Policy explains how we collect, use and disclose your personal information, and how you can access or correct it.

In this Privacy Policy, “our” “we” or “us” means Konkrd Pty Ltd (ABN 88 683 257 927) – the owner and operator of the Konkrd Platform.

We are bound by the Australian Privacy Principles (“APP”) in the Privacy Act 1988 (Cth) (“Privacy Act”) and any relevant state or territory legislation. Please read this Privacy Policy carefully, and contact us if you have any questions or concerns.

1.2 Who this Privacy Policy Covers

This Privacy Policy applies to any individual who accesses or uses the Konkrd website, mobile site, and mobile application and digital wallet (collectively “Platform”). By using and accessing the Platform, you agree to be bound by our Privacy Policy as amended from time to time. We encourage you to regularly check our Privacy Policy for updates.

This Privacy Policy does not apply to our employees (about whom we hold separate employment records). It applies to personal information we handle in providing comparison, referral, and product storage services to the public.

Where our Platform contains links to third-party websites, these sites are not governed by this Privacy Policy. We are not responsible for their operation and their privacy practices, so we recommend that you read their privacy policies.

2. WHAT INFORMATION AND DATA WE COLLECT

2.1 Personal information

We access, collect, and hold your personal information to provide you with a personalised, insightful and rewarding experience.

‘personal information’ when used in this Privacy Policy has the meaning given to it in the Privacy Act but it generally means any information that can be used to personally identify you. When you use our Platform, the type of personal information we may collect includes:

Personal Details: Name, address, date of birth, contact details (phone, email).
Product Requirements: Insurance needs, financial goals, or health-related information (for certain products).
Identifiers: In some cases, we may need government identifiers (e.g. driver’s licence, Medicare number) if lawfully required for certain product comparisons.
Documents: Any policies or official paperwork you choose to store on our Platform such as through your digital policy locker.
Sensitive Data: If you apply for health or life insurance, we may need some health or lifestyle details. We only collect sensitive information with your explicit consent.

3. how we collect and hold your information

3.1 Ways we collect your information

We collect your personal information in various ways to provide our services to you, but will always do so through lawful and fair means. This may include, collecting your information:

Directly from You
- When you request a quote or comparison using our Platform in anyway, including via our website, App or over the phone.
- When you enquire about or purchase a product through our Platform.
- When you call, email, or use live chat with our support team.
- When you upload documents to your digital policy locker.
- When you participate in promotions, competitions, or feedback surveys.
- When you interact with our chatbot via external messaging platforms such as WhatsApp.
From Third Parties
- If you’ve been referred to us by a partner organisation (with your consent).
- Marketing or comparison lists purchased from reputable third parties, with appropriate consent.
- Third-party platforms, if they help us improve or verify the information we hold.

3.2 Keeping Your Data Secure

We always aim to keep your data secure. We do this by:

- Storing personal information in electronic form within secure systems.
- Using industry-standard encryption for data in transit and at rest.
- Ensuring access to your information is restricted to authorised personnel who need it for legitimate tasks.
- For phone calls, we securely store call recordings and transcripts (where relevant) for training and quality assurance, always in compliance with legal obligations.

3.3 Anonymity / Pseudonymity

Where it is legally and practically possible, for example, if you’re only browsing our site or making a general enquiry, you may interact with our Platform without identifying yourself or by using a pseudonym.

However, once you ask us to:

generate accurate quotes or comparisons tailored to your circumstances;
submit an application to a product provider;
complete a purchase or arrange policy fulfilment; or
store official documents in our Platform, such as your digital wallet,

we must collect and verify your true personal details (e.g. name, date of birth, address, contact information and, in some cases, government‑issued identifiers). Without this accurate information we cannot:

guarantee that a quote reflects the price or cover you will actually receive;
lodge your application or finalise a sale with a provider; or
perform ongoing product management or compliance obligations.

If you choose not to provide the required information, we’ll still explain your options, but you may be unable to access some services or features on our Platform.

3.4 Retention

We retain personal information only as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. If you stop using our Platform, you can request that we delete or de-identify your data (subject to legal retention requirements). See more on your data choices in clause 6.

4. Why We Collect Your Information

We collect, hold, use and disclose your personal information through lawful and fair means, so we can perform our business activities. In particular, we need your information for the following primary purposes:

Provide Services
- Compare, arrange, or update the products you’re interested in.
- Follow up on enquiries and process applications.
- Manage your digital policy locker (including storing and securing your policy documents).

Support and Communication
- Verify your identity if you call or message us.
- Address any customer service needs or disputes.
- Keep you up to date on new products or changes to your existing ones.

Legal and Regulatory Compliance
- Fulfil obligations under financial, insurance or privacy laws.
- Meet the requirements of our product providers and relevant authorities.

Internal Improvement
- Train our AI models, strengthen security, and enhance user experience.
- Conduct research, analytics, and quality checks to improve our service.

We may also collect, store, use and disclose your personal information for any purpose relating to the above purposes that could be reasonably anticipated at the time your information was collected, including:

for internal operations such as record keeping, database management, data analytics or training;
sending you marketing and promotional messages and other information that may be of interest to you; and
managing, researching and developing our products and services.

We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate to comply with applicable laws, regulations, government directions, and otherwise in order to protect our rights, privacy, safety, property, or those of other persons.

Our Platform is not intended for individuals under the age of 18. We do not intentionally collect personal information from children. If you are the parent or guardian and believe your child has provided us with personal information, please contact us.

5. Digital policy LOCKER

We collect personal and sensitive information you choose to upload, such as health information or financial data to help you manage, store and understand it through Konkrd’s Digital Policy Locker.
By uploading your information to the Digital Policy Locker and providing your consent, you grant Konkrd permission to use and access this information for the purpose of providing our services, such as reading and explaining your policy to you through Konkrd AI.
We take reasonable steps to protect your personal and sensitive information from misuse, interference, loss and unauthorised access, modification or disclosure in accordance with APP 11.
While we implement reasonable security measures, we cannot guarantee your information will always be secure. To the maximum extent permitted by law, we are not liable for any loss, damage or harm resulting from unauthorised access, disclosure or misuse of your information, where the security of this information is not within our control.

6. Disclosure of Your Information

We take reasonable steps to ensure that personal information is only accessible by people who have a genuine “need to know” as well as “right to know”. Use and disclosure of your information will only be made in accordance with APP 6.

If we disclose your personal information, it will only be for the primary purpose for which it was collected or for a related secondary purpose where you would reasonably expect us disclose the information. We may disclose personal information, and you consent to us disclosing your personal information, to our employees, affiliates, partners, contractors, service providers, payment system operators, sponsors, and any government and regulatory body. You can find more info on the nature of these disclosures below.

Product Providers
- If you decide to purchase or apply for a product through our Platform, we share your necessary information with the provider to finalise the transaction.
- Some providers let you complete your purchase on their own platform. In this case, the provider may share back relevant details with us.
Service Providers
- We rely on trusted partners for hosting, payment processing, IT support, and marketing.
- These partners are contractually required to protect your personal information and use it only for the tasks we’ve engaged them to do.
Compliance and Law
- If required by law or court order, we may disclose your personal information to regulators, law enforcement, or legal advisors.
Overseas Disclosures
- Some of our service providers operate internationally (including in cloud environments). If your data needs to be processed overseas, we take reasonable measures to ensure your privacy rights remain protected, but you acknowledge that these entities may not be bound by the same level of laws or regulations as the Privacy Act.

7. Data Protection and Localisation

7.1 On-Device Encryption and Secure Cloud

We employ a mix of on-device and cloud-based services to power our Platform. Wherever feasible, we take reasonable steps to store the data in systems located in Australia or in jurisdictions with comparable privacy standards.

7.2 Limited Transfer

We do not send your personal data to overseas data centres unless it’s unavoidable for secure processing or backup. Where overseas transfers do occur, we take reasonable steps to ensure the recipient is bound by robust data protection measures.

7.3 Destruction and De-identification

We destroy or permanently de-identify personal information which is no longer needed in accordance with the APP 11, unless we are otherwise required or authorised by law to retain the information for a period of time.

7.4 Security

While we try our best to ensure your personal information is protected from loss, misuse, unauthorised access, modification or disclosure (via measures such as firewalls, data encryption, virus detection methods, and password restricted access), we cannot guarantee the absolute security of your personal information (it’s the Internet after all!). In the event of a data breach, we will attend to the reporting requirements that apply to us. We cannot accept responsibility for the misuse, loss or unauthorised access to, your personal information where the security of information is not within our control.

7.5 Notifiable Data Breach Scheme (NDBS)

If you reside in Australia, in the event that there is a data breach and we are required to comply with the NDBS of the Privacy Act, we will take all reasonable steps to contain the suspected or known breach where possible and follow the process set out in this clause.

If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment. If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.

8. Direct Marketing

8.1 Our Communications
We may use your details to inform you about new or related products and services we think you’ll find useful, or other marketing material. This might be via phone, email, SMS, or push notifications in accordance with applicable marketing laws.

8.2 Opt-Out Anytime
We only send you marketing material if you’ve agreed to it, if you prefer not to receive marketing messages, you can unsubscribe at any time using the link in our emails or by contacting us directly. We’ll respect your preference straight away.

9. Access and Correction

9.1 Access to Your Information
You can request access to the personal information we hold about you or contact us to update at your personal information at any time. Simply update your privacy settings on the Platform or contact us. We’ll respond within a reasonable period (typically 30 days), and we’ll explain any fees (such as processing or administrative fees) or requirements upfront. We may, if in accordance with applicable laws, refuse to provide you with access to your personal information if, for instance, granting you such access would have a negative impact on the privacy of another person.

9.2 Correction of Inaccurate Data
We take reasonable steps to ensure that the personal information we collect, use, store and disclose is accurate, complete, relevant and up-to-date, but the accuracy of your information depends to a large extent on the information you provide. If you spot errors or your details change, let us know. We’ll do our best to update our records promptly. We may request documentation or proof to ensure accuracy.

10. Cookies and Website Usage

10.1 Cookies and Other Technologies
We may use cookies, web beacons and local storage, and similar tools on our Platform to collect and store personal and non-personal information and improve your browsing experience, tailor our services and recommendations from our agents, and gather anonymous usage statistics.

A “cookie” is a small text file that is downloaded to your device (computer, tablet, smartphone) when you visit certain websites. Cookies help website operators recognise your device, store user preferences, and gather data to make site functionality more efficient and personalised. In addition to traditional cookies, the term “cookies” can include:

Pixel tags (web beacons): Small snippets of code placed on webpages or emails that track your interactions, such as clicks.
Mobile device identifiers: Unique device IDs that perform similar functions to cookies on mobile devices.
Local storage and session storage: Data stored directly in your browser to support essential site functions.

Cookies and similar technologies are harmless to your device. They help us personalise your experience on our Site, track web traffic patterns, and enhance security.

10.2 Your Choices
You can adjust your browser settings to block cookies, but this may affect the functionality of some features on our site. By using our Platform, you agree to the use of these tracking technologies.

10.3 Log data
When you use our Platform, our servers record information including information that your browser automatically sends whenever you visit a website, or that your mobile app automatically sends when you’re using it (“Log Data”). This Log Data includes device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from our platform, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address, server address, date and time of your visit to AEAS, information of documents you download, pages visited, search terms, cookie information, and standard web log data.

The Log Data may be processed for the purposes of operating our platform, providing our services, ensuring our security, maintaining back-ups of our databases and communicating with you.

10.4 Third party analytics
Third-party analytics tools collect non-personal information such as how often you visit our platform, the web pages you visit, add-ons, and other analytics data that assists us in improving our services. These tools might include Google Analytics, Google AdWords conversion tracking, Google Tag Manager, or Facebook Ads conversion tracking. Third-party cookies may be placed on your computer by a service provider to us, for example, to help us understand how our platform is being used. Third-party cookies may also be placed on your device by our business partners to advertise the service to you elsewhere on the Internet. We reserve our rights to modify, add or remove any third-party analytics tools. By using our Platform, you consent to the processing of any non-personal data these tools will collect in the way and for the purposes described above.

11. Assignment, Change of Control and Transfer

All of our rights and obligations under our Privacy Policy are freely assignable by us to any of our affiliates, in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your information to any of our affiliates, successor entities, or new owner.

12. Complaints and Contact

If You Have Concerns
If you believe there’s been a breach of your privacy or you have any concerns about how we handle your information, please contact our Privacy Officer (details below).
Resolution Timeframe
We aim to investigate and provide a written response within 30 days, and where relevant in accordance with PHIIA standards. If we need more information, we’ll let you know promptly.
External Options
If you’re unhappy with our response, you can escalate your complaint to the Office of the Australian Information Commissioner by calling 1300 363 992 or visiting www.oaic.gov.au.

13. How to Contact Us

If you have questions or complaints about this Privacy Policy, want to request a copy of it, need to update or access your personal information, or notify us of possible breaches of your privacy, you can reach our Privacy Officer at:

Privacy Officer

Konkrd Pty Ltd
7/14 Concord Crescent
Carrum Downs/VIC/3201

Phone: 1800 566 573

14. Updates to This Policy

We may update this Privacy Policy from time to time. The current version will be posted on our website. It is your responsibility to review our Privacy Policy regularly and make sure you are up to date with any changes. If you continue to use our Platform after the changes are in effect, you agree to the new Privacy Policy. For any significant changes, we aim to ensure these are clearly communicated, or get your prior consent, as required by law.
Effective Date: August, 2025

Thank you for trusting Konkrd with your personal information.
We are committed to safeguarding your privacy and continually improving our processes to ensure your data is secure and handled responsibly at all times. If you have any questions, please don’t hesitate to get in touch.