Legal

Privacy Policy

How 708C Platform collects, uses, stores, and discloses your personal information in connection with the 708C Platform.

Last updated: July 2026. This policy applies to the 708C Platform operated by Debtequity Pty Ltd (ACN details on request). We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

1. What information we collect (APP 3)

We collect personal information only to the extent reasonably necessary to provide the 708C certification service. This includes:

  • Investors: Full name, email address, phone number (optional), residential or entity address, entity type, ABN, and financial supporting documentation (tax returns, balance sheets, bank statements, rates notices, or equivalent).
  • Accountants: Name, firm name, professional email address, phone number (optional), and professional designation.
  • Verifiers and issuers: Name, organisation name, email address, and AFSL number (where applicable).
  • All users: IP address at the time of submission, browser session information, and timestamped records of all platform actions.

We do not collect sensitive information (as defined in the Privacy Act) unless it is directly relevant to your certification application and you consent to its collection.

2. Why we collect it — our purpose (APP 3, APP 6)

Personal information collected through the 708C Platform is used exclusively for:

  • Processing and facilitating Section 708(8)(c) wholesale investor certification requests
  • Routing applications to qualified accountants for professional review and decision
  • Generating, storing, and issuing investor certificates under the Corporations Act 2001 (Cth)
  • Maintaining your certification history and secure vault
  • Sending renewal reminders and certificate status notifications
  • Enabling counterparty validation of certificate status
  • Maintaining an append-only audit trail for regulatory compliance purposes
  • Processing renewal payments through our payment provider (Stripe)

We will not use your personal information for any purpose other than those above without your consent, unless required or authorised by law.

3. How we collect it (APP 3)

We collect personal information directly from you when you submit a certification application, activate a professional workspace, or contact us. We do not collect personal information from third parties, except where an accountant nominates an investor's information on their behalf through the existing-client issuance pathway, in which case the accountant takes responsibility for having the investor's authority to provide that information to us.

4. How we store and secure it (APP 11)

All data is stored on Australian servers within our WordPress hosting environment. Specific security measures include:

  • Uploaded documents are stored in a private directory outside the public web root and are never accessible via a direct public URL. They are served only via expiring signed tokens with access logging.
  • Certificate PDFs are stored in the same private directory and served via expiring signed download links.
  • Audit records are append-only — no event can be edited or deleted after it is written.
  • Authentication uses WordPress session management with security nonces on all form submissions and token-gated access for all sensitive pages.
  • Passwords are hashed using WordPress's bcrypt-based password hashing — we do not store plaintext passwords.
  • Transmission is encrypted via TLS (HTTPS) on all pages.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. In the event of an eligible data breach (as defined in the Privacy Act), we will comply with the Notifiable Data Breaches scheme.

5. Who we disclose it to (APP 6)

We do not sell, trade, or rent your personal information. We disclose personal information only as follows:

  • Certifying accountant: The application details and supporting documents are disclosed to the qualified accountant nominated by the investor (or assigned by the platform) for the purpose of professional review and certification.
  • Payment processor: Renewal payment information is processed by Stripe (a third-party payment processor). We pass only the minimum information required to create a payment session. Stripe's privacy policy is available at stripe.com.
  • Platform administrators: Debtequity Pty Ltd staff who operate and maintain the 708C Platform have access to platform data for the purpose of platform operation, support, and compliance.
  • As required by law: We may disclose personal information if required to do so by a court order, regulatory authority, or other legal obligation.

Public certificate validation (name, entity, status, issued date, expiry date) is available to any person who enters the correct serial number. This limited disclosure is an inherent and disclosed function of the certification service — investors are informed of this at the time of application.

6. Cross-border disclosure (APP 8)

Our primary hosting, processing, and storage occurs in Australia. Our payment processor (Stripe) may process payment data in the United States and other jurisdictions where Stripe operates. Before any cross-border disclosure, we take reasonable steps to ensure the recipient handles personal information consistently with the Australian Privacy Principles. By using the platform's payment functions, you consent to this cross-border transfer.

We do not otherwise intentionally transfer personal information outside Australia.

7. Cookies and tracking (APP 3)

We use functional cookies only — strictly necessary for login session management and security nonces. We do not use advertising cookies, tracking pixels, or third-party analytics tools that collect personal information. We do not display advertising and do not participate in advertising networks.

8. Your rights — access and correction (APP 12, APP 13)

You have the right to:

  • Access the personal information we hold about you by submitting a request through our contact page. We will respond within 30 days.
  • Correct personal information that is inaccurate, out of date, incomplete, or misleading. Contact us with the correction required.
  • Request deletion of personal information that we are not required by law to retain. Note that issued certificates and the audit trail associated with them form part of a regulated record under the Corporations Act 2001 (Cth) and may be subject to retention obligations that prevent immediate deletion.

There is no charge for submitting an access or correction request. If we are unable to comply with your request, we will provide written reasons.

9. Complaints (APP 1)

If you believe we have breached your privacy or not complied with the Australian Privacy Principles, please contact us at the address below. We will acknowledge your complaint within 7 days and attempt to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

10. Contact

For all privacy enquiries, access requests, correction requests, and complaints:

Contact our support team

We aim to respond to all privacy enquiries within 5 business days.

This Privacy Policy is governed by the laws of Australia. Last updated: July 2026. This policy may be updated from time to time. The current version is always available at this URL.