Privacy Policy
Last Updated: March 15, 2025
At cyralithen, we take your privacy seriously. This isn't just a legal requirement for us—it's about building trust with every person who uses our digital banking security services. We've written this policy in plain language because you deserve to understand exactly what happens with your information.
Operating in Australia means we comply with the Privacy Act 1988 and Australian Privacy Principles. But honestly, our commitment goes beyond ticking compliance boxes. Your data is yours, and we believe you should have complete control over it.
What Information We Collect
We only collect what we actually need to provide you with secure digital banking services. Nothing more. Here's what that looks like in practice:
Identity Information
Your name, date of birth, contact details, and government-issued ID numbers. We need this to verify who you are and keep your accounts secure.
Financial Details
Bank account information, transaction history, and payment patterns. This helps us detect suspicious activity and protect your funds.
Device Data
IP addresses, browser type, operating system, and device identifiers. Essential for spotting unauthorized access attempts.
Security Logs
Login times, authentication methods, and security event records. These logs help us investigate any potential breaches quickly.
We collect this information when you create an account, use our services, or contact our support team. Some data comes directly from you, while other information gets recorded automatically as you interact with our platform.
How We Use Your Information
Every piece of data we collect has a specific purpose. We don't believe in gathering information "just in case" we might need it later. Here's exactly what we do with your data:
Service Delivery
We use your information to provide the digital banking security features you signed up for. This includes monitoring your accounts, processing transactions, and alerting you to potential security threats.
Fraud Prevention
Your transaction patterns and device data help us spot unusual activity. If something looks off, we can act quickly to protect your accounts before any damage occurs.
Legal Compliance
Australian law requires us to maintain certain records and report specific activities. We keep what's necessary to meet these obligations and nothing more.
Service Improvement
We analyze usage patterns to make our platform more secure and easier to use. This data gets aggregated and anonymized—we're looking at trends, not individual behavior.
We won't use your information for marketing purposes unless you explicitly opt in. And even then, you can change your mind anytime.
Sharing Your Information
We're protective of your data. Sharing it with third parties happens only when absolutely necessary, and we maintain strict controls over who can access what.
When We Share Data
- With service providers who help us operate the platform—like cloud hosting companies or security firms. They're bound by contracts that restrict how they can use your data.
- When required by Australian law or court orders. We'll notify you if legally permitted to do so.
- With your explicit consent for specific purposes you've approved.
- In the event of a business sale or merger, though your rights under this policy would continue.
Important: We will never sell your personal information to data brokers, advertisers, or marketing companies. Your financial data is not a commodity to us.
Third-Party Services
Some features connect to external services. For example, if you use our transaction categorization tool, we might work with financial data aggregators. You'll always know when this happens, and you can choose whether to use these features.
Your Privacy Rights Under Australian Law
The Australian Privacy Principles give you substantial control over your personal information. Here's what you can do:
| Your Right | What It Means |
|---|---|
| Access | Request a copy of all personal information we hold about you. We'll provide this within 30 days. |
| Correction | Ask us to fix any inaccurate or outdated information. We'll update our records promptly. |
| Deletion | Request deletion of your data, subject to legal record-keeping requirements. |
| Restriction | Limit how we process certain information while we investigate a concern you've raised. |
| Objection | Object to specific uses of your data, particularly for marketing or research purposes. |
| Portability | Receive your data in a structured format that you can transfer to another service provider. |
How to Exercise Your Rights
Send your request to contact@cyralithen.com with "Privacy Request" in the subject line. We'll need to verify your identity—usually by confirming details from your account—before we can proceed. Most requests get handled within two weeks, though complex ones might take up to 30 days.
If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.
How We Protect Your Information
Security isn't just about technology—it's about culture and processes too. Here's our approach:
- Encryption: All data gets encrypted in transit using TLS 1.3 and at rest using AES-256. Your information is scrambled into unreadable code unless someone has the proper decryption keys.
- Access Controls: Only authorized team members can access personal data, and only when there's a legitimate business need. Every access gets logged and monitored.
- Regular Audits: Independent security firms review our systems quarterly. We also conduct internal audits monthly to catch potential vulnerabilities.
- Staff Training: Every team member completes privacy and security training annually. They understand their responsibility to protect your information.
- Incident Response: We maintain detailed plans for responding to data breaches. If your information is compromised, we'll notify you within 72 hours.
- Physical Security: Our servers are housed in certified data centers with 24/7 monitoring, biometric access controls, and redundant power systems.
No system is completely invulnerable, but we invest heavily in maintaining security standards that exceed industry requirements.
Data Retention and Deletion
We don't keep your information forever. Here's our retention schedule:
Active Accounts
While your account is active, we maintain all necessary information to provide services and comply with financial regulations. Transaction records typically need to be kept for seven years under Australian law.
Closed Accounts
When you close your account, we'll delete or anonymize your personal information within 90 days, except for data we're legally required to retain. Financial transaction records stay for the legally mandated period, then get permanently deleted.
Marketing Data
If you've opted into marketing communications, we'll keep that preference data until you unsubscribe. Once you opt out, we remove your details from marketing lists within 48 hours.
Want us to delete your information sooner? Contact us at contact@cyralithen.com. We'll accommodate your request to the extent permitted by law.
Cookies and Tracking Technologies
Like most websites, we use cookies and similar technologies. But we keep it minimal and purposeful.
Essential Cookies
These keep you logged in and remember your security preferences. They're necessary for the platform to function, so they're not optional.
Analytics Cookies
We use these to understand how people use our platform—which features are popular, where users get stuck, that sort of thing. The data gets anonymized before we analyze it.
Your Cookie Choices
You can manage cookie preferences through your browser settings. Blocking all cookies might affect how well the platform works, but you're in control of that trade-off.
International Data Transfers
Our primary servers are located in Australia, but some of our service providers operate internationally. When we transfer data overseas, we ensure it receives equivalent protection through:
- Standard contractual clauses approved by the Australian Information Commissioner
- Verification that the receiving country has adequate privacy protections
- Additional security measures like encryption during transfer
- Regular audits of international partners' security practices
Countries we currently work with include the United States and Singapore, both recognized for their data protection frameworks. If this changes, we'll update this policy and notify affected users.
Children's Privacy
Our services aren't designed for anyone under 18. We don't knowingly collect information from children. If we discover that a minor has provided personal information, we'll delete it immediately.
Parents or guardians who believe their child has shared information with us should contact us right away at contact@cyralithen.com so we can remove it from our systems.
Changes to This Policy
Privacy regulations and our practices evolve. When we update this policy, we'll post the new version here with an updated date at the top. Significant changes—like expanding how we use data or who we share it with—will trigger email notifications to all active users.
We recommend reviewing this policy periodically, especially if you're concerned about recent changes in data protection laws or industry practices.
Australian Privacy Principles Compliance
We've structured our practices around the 13 Australian Privacy Principles. Here's how we address each:
APP 1-2: We manage personal information openly and transparently, as detailed in this policy.
APP 3-4: We collect only necessary information through lawful means and with your knowledge.
APP 5: We've implemented robust systems to ensure accuracy and completeness of data.
APP 6-9: We use and disclose information only for stated purposes, with appropriate safeguards.
APP 10: We maintain data quality through regular verification processes.
APP 11-12: Our security measures protect against misuse, interference, and unauthorized access.
APP 13: We provide mechanisms for you to access and correct your information.
Questions or Concerns?
If something in this policy is unclear, or if you have questions about how we handle your information, we want to hear from you.
Email: contact@cyralithen.com
Phone: +61 407 242 324
Mail: Community Hall, Scotland Island NSW 2105, Australia
We typically respond to privacy inquiries within 48 hours on business days.