BPSI Pty Ltd
Privacy Policy

Your data, handled carefully.

Version 1.0 · Effective May 2026. Issued by BPSI Pty Ltd, ABN 74 166 963 800.

Download PDF Version 1.0 · Effective May 2026
Key commitments
Data minimisation

We collect only what is required to verify identity and meet our AML/CTF obligations — and we delete what is no longer needed.

Australia only

All personal data is processed and stored in australia-southeast1 (Sydney) on Google Cloud. Data does not leave Australian jurisdiction.

Biometric consent

Biometric verification, where used, is opt-in and only occurs after express consent from the verified individual.

AUSTRAC enrolled

BPSI is enrolled with AUSTRAC and operates an AML/CTF program proportionate to the risk profile of our clients.

AES-256 encryption

All personal and identity data is encrypted at rest using AES-256 and in transit using TLS 1.2 or above.

30-day response

Privacy enquiries and access requests are acknowledged within 5 business days and resolved within 30 days where practicable.

1. Who we are

BPSI Pty Ltd (ABN 74 166 963 800) is an Australian-owned company providing security consulting, KYC / KYB / AML identity verification, and IT services. This policy describes how we collect, use, store and disclose personal information.

2. What we collect

We collect personal information that is reasonably necessary for one or more of our functions or activities — including identity documents, biometric data (with consent), entity registration data, and beneficial-ownership information required to discharge our AML/CTF obligations.

3. How we use it

We use personal information to deliver our services, to meet our regulatory obligations, and to communicate with you about our engagement. We do not sell personal information, and we do not use it for marketing without consent.

4. Where we store it

All personal data is processed and stored in australia-southeast1 (Sydney) on Google Cloud. We do not transfer personal data offshore. Document verification routes via the Commonwealth Document Verification Service.

5. How we protect it

We apply AES-256 encryption at rest and TLS 1.2 or above in transit. Access is restricted on a least-privilege basis. We operate aligned to ISO 27001 and the Australian Government Information Security Manual.

6. Your rights

You may request access to, correction of, or deletion of the personal information we hold about you, subject to our regulatory record-keeping obligations. Email our Privacy Officer at anurag.aggarwal@bpsi.com.au.

7. Privacy officer

Privacy enquiries should be directed to Anurag Aggarwal, Privacy Officer, BPSI Pty Ltd — anurag.aggarwal@bpsi.com.au. We acknowledge enquiries within 5 business days and aim to resolve them within 30 days.

8. Updates

We will publish material updates to this policy on this page, with a revised effective date. The PDF linked above is the authoritative version.