Your data, handled carefully.
Version 1.0 · Effective May 2026. Issued by BPSI Pty Ltd, ABN 74 166 963 800.
We collect only what is required to verify identity and meet our AML/CTF obligations — and we delete what is no longer needed.
All personal data is processed and stored in australia-southeast1 (Sydney) on Google Cloud. Data does not leave Australian jurisdiction.
Biometric verification, where used, is opt-in and only occurs after express consent from the verified individual.
BPSI is enrolled with AUSTRAC and operates an AML/CTF program proportionate to the risk profile of our clients.
All personal and identity data is encrypted at rest using AES-256 and in transit using TLS 1.2 or above.
Privacy enquiries and access requests are acknowledged within 5 business days and resolved within 30 days where practicable.
1. Who we are
BPSI Pty Ltd (ABN 74 166 963 800) is an Australian-owned company providing security consulting, KYC / KYB / AML identity verification, and IT services. This policy describes how we collect, use, store and disclose personal information.
2. What we collect
We collect personal information that is reasonably necessary for one or more of our functions or activities — including identity documents, biometric data (with consent), entity registration data, and beneficial-ownership information required to discharge our AML/CTF obligations.
3. How we use it
We use personal information to deliver our services, to meet our regulatory obligations, and to communicate with you about our engagement. We do not sell personal information, and we do not use it for marketing without consent.
4. Where we store it
All personal data is processed and stored in australia-southeast1 (Sydney) on Google Cloud. We do not transfer personal data offshore. Document verification routes via the Commonwealth Document Verification Service.
5. How we protect it
We apply AES-256 encryption at rest and TLS 1.2 or above in transit. Access is restricted on a least-privilege basis. We operate aligned to ISO 27001 and the Australian Government Information Security Manual.
6. Your rights
You may request access to, correction of, or deletion of the personal information we hold about you, subject to our regulatory record-keeping obligations. Email our Privacy Officer at anurag.aggarwal@bpsi.com.au.
7. Privacy officer
Privacy enquiries should be directed to Anurag Aggarwal, Privacy Officer, BPSI Pty Ltd — anurag.aggarwal@bpsi.com.au. We acknowledge enquiries within 5 business days and aim to resolve them within 30 days.
8. Updates
We will publish material updates to this policy on this page, with a revised effective date. The PDF linked above is the authoritative version.
