Privacy Policy

Last updated: February 2026

1. Overview

Redbark Sync (“we”, “our”, “the Service”) is committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Consumer Data Right (CDR) rules.

This policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

Account Information

When you create an account, we collect your name and email address via our authentication provider (Clerk). This information is used to identify you and manage your account.

Banking Data (via CDR)

When you connect a bank account, we access the following data categories under your explicit CDR consent:

  • Account details (account name, type, masked account number)
  • Account balances
  • Transaction history (dates, amounts, descriptions, categories)

Banking data is accessed through Fiskil, an accredited CDR intermediary. We only access the data categories you have consented to, and only for the duration of your consent (maximum 12 months).

Google Account Data

When you connect Google Sheets, we access your Google Drive (read-only, to list spreadsheets) and Google Sheets (read/write, to sync transaction data). We only access the specific spreadsheets you select.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. Stripe may collect billing information in accordance with their privacy policy.

3. How We Use Your Information

  • To provide the transaction synchronisation service you have requested
  • To maintain and improve the Service
  • To communicate with you about your account and the Service
  • To comply with legal obligations, including CDR requirements

We do not use your banking data for any purpose other than providing the synchronisation service. We do not sell or share your personal information with third parties for marketing purposes.

4. Data Storage and Security

  • Authentication tokens (banking and Google) are encrypted at rest using AES-256-GCM encryption.
  • All data is transmitted over HTTPS/TLS.
  • Transaction data is transmitted directly to your destination and is not permanently stored on our servers.
  • Our database is hosted on secure, SOC 2-compliant infrastructure.
  • Access to production systems is restricted and audited.

5. Data Retention

  • Account information is retained for the duration of your account.
  • Banking data access is limited to the duration of your CDR consent (maximum 12 months).
  • Sync run history (metadata only, not transaction data) is retained for the duration of your account.
  • When you delete your account, all data is permanently removed from our systems.

6. Your Rights

Under Australian privacy law and CDR rules, you have the right to:

  • Withdraw consent — Revoke CDR consent at any time via the Consents page. This immediately stops data access.
  • Delete your account — Request complete deletion of your account and all associated data via Settings.
  • Access your data — Request a copy of the personal information we hold about you.
  • Correct your data — Request correction of any inaccurate personal information.
  • Complain — Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

7. Third-Party Services

The Service integrates with the following third-party providers:

  • Clerk — Authentication and account management
  • Fiskil — CDR-accredited banking data intermediary
  • Google — Sheets and Drive API for data synchronisation
  • Stripe — Payment processing

Each provider operates under their own privacy policies. We encourage you to review them.

8. Cookies

The Service uses essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

9. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice. The “Last updated” date at the top of this page indicates when the policy was last revised.

11. Contact

For privacy-related enquiries or to exercise your rights, contact us at privacy@redbark.com.au.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au.