Published by: Digital Animals Agency Pty Ltd (ACN: 668 300 758 / ABN: 71 668 300 758)
Platform: RealSync (a product of Digital Animals Agency Pty Ltd)
Effective date: 13 April 2026
Last updated: 13 April 2026
1. Introduction
Digital Animals Agency Pty Ltd (ACN: 668 300 758) (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal information in accordance with the *Privacy Act 1988* (Cth) and the Australian Privacy Principles (APPs) contained in that Act. RealSync is a platform and brand name operated by Digital Animals Agency Pty Ltd.
This Privacy Policy explains how we collect, use, hold, disclose, and protect personal information in connection with the RealSync platform and related services, including RealSync BankFlow, RealSync Lay-bys, RealSync Consignments, and RSCC Collective Commerce (collectively, the “Platform”).
Please read this policy carefully. By accessing or using the Platform, you agree to the collection and use of your information as described in this policy.
For information about how we handle data collected under the Consumer Data Right (CDR), please also refer to our separate CDR Policy at https://realsync.cloud/cdr-policy
2. Who We Are
| Legal entity | Digital Animals Agency Pty Ltd |
| ACN | 668 300 758 |
| ABN | 71 668 300 758 |
| Platform / Brand | RealSync |
| Website | https://realsync.cloud |
| Registered address | 409 Waverley Road, Malvern East VIC 3145 |
| Privacy enquiries | privacy@realsync.com.au |
3. What Personal Information We Collect
The types of personal information we collect depend on how you use the Platform. We collect only the information that is reasonably necessary for our functions and activities.
3.1 Business Customers and Platform Users
When you or your business registers for and uses the Platform, we may collect:
- Name, business name, and contact details (email address, phone number, business address)
- Login credentials (username; passwords are stored in hashed form and never in plain text)
- Billing and subscription information (processed via third-party payment providers — we do not store full payment card details)
- Business operational data including ecommerce order details, transaction records, and reconciliation history processed through the Platform
- Platform usage data (log files, session data, feature usage patterns)
- Communications you send to us (support requests, feedback)
3.2 Bank Transaction Data (RealSync BankFlow)
When you use RealSync BankFlow and connect your bank account via the Consumer Data Right (CDR) framework — facilitated through our CDR provider, Fiskil Pty Ltd — we access:
- Bank account details (account name, BSB, account number)
- Bank transaction data (transaction dates, amounts, descriptions, status)
- Account balance information
3.3 Automatically Collected Information
When you use the Platform, we may automatically collect:
- IP address and device information
- Browser type and version
- Pages visited, time spent, and navigation paths within the Platform
- Error logs and diagnostic information
This information is used for platform security, performance monitoring, and service improvement. It is not used to personally identify you without your consent.
4. How We Collect Personal Information
We collect personal information:
- Directly from you when you register, complete forms, or contact us
- From your use of the Platform (automatically collected usage data)
- From third-party services you connect to the Platform (such as bank data via the CDR framework with your consent, or ecommerce platform data via API integrations you authorise)
- From publicly available sources where relevant to the services we provide
We will not collect personal information by unlawful or unfair means.
5. Why We Collect and Use Personal Information
We collect and use personal information for the following purposes:
- Providing the Platform — operating, maintaining, and delivering the features and functions of RealSync and its component products
- Account management — creating and managing your user account, processing subscriptions, and handling billing
- Bank reconciliation and matching — where you have authorised connection of your bank account via CDR, using transaction data to match bank deposits to ecommerce orders within RealSync BankFlow
- Customer support — responding to enquiries, troubleshooting issues, and improving our service based on your feedback
- Security — detecting and preventing fraud, unauthorised access, and other security incidents
- Legal compliance — meeting our obligations under applicable laws including the Privacy Act 1988, the CDR regime, and taxation law
- Platform improvement — analysing aggregated, de-identified usage data to understand how the Platform is used and to improve its features
We will not use your personal information for purposes incompatible with these primary purposes without your consent.
6. Direct Marketing
We do not use your personal information — including any bank or transaction data accessed via the CDR framework — for direct marketing purposes without your explicit, separate consent.
If you have consented to receive marketing communications from us, you may withdraw that consent at any time by contacting us at privacy@realsync.com.au or by using the unsubscribe mechanism in any marketing communication we send.
7. Disclosure of Personal Information
We do not sell your personal information to third parties.
We may disclose personal information to the following categories of recipients, where necessary to provide the Platform:
- Our CDR provider, Fiskil Pty Ltd — to facilitate bank data access under the CDR framework where you have given consent. Fiskil is an Accredited Data Recipient under the CDR regime and operates under its own CDR Policy and privacy obligations.
- Cloud infrastructure and hosting providers — for the storage and operation of the Platform. Data is hosted in Australia.
- Payment processors — for processing subscription billing. We do not share transaction-level banking data with payment processors.
- Professional advisers — including legal, accounting, or security consultants, under confidentiality obligations, where required.
- Regulators and law enforcement — where required or authorised by Australian law, court order, or regulatory requirement.
We require all third parties to whom we disclose personal information to handle it in accordance with applicable privacy laws.
We will not disclose your personal information to parties outside Australia without your consent or unless required by law, except where our cloud service providers use internationally distributed infrastructure — in which case, such providers are contractually required to maintain equivalent privacy protections.
8. Storage and Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure.
Our security measures include:
- Encrypted data transmission (TLS/HTTPS)
- Password hashing using industry-standard algorithms
- Role-based access controls limiting staff access to personal information
- Regular security monitoring and logging
- Data stored in Australian-based cloud infrastructure
Despite these measures, no internet-based service can guarantee absolute security. If you become aware of any security concern relating to your account or data, please contact us immediately at privacy@realsync.com.au.
Data breach notification: In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme in the Privacy Act 1988.
9. Retention and Deletion of Personal Information
We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law.
- Account data is retained for the duration of your account and for a reasonable period after account closure to meet legal and compliance obligations (typically up to 7 years for financial records in accordance with Australian taxation law).
- Bank transaction data accessed via CDR is deleted in accordance with our CDR Policy. Refer to https://realsync.cloud/cdr-policy.
- Usage and log data is retained for up to 12 months for security and diagnostic purposes, then deleted or de-identified.
When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.
10. Accessing and Correcting Your Personal Information
You have the right to request access to the personal information we hold about you, and to request corrections if the information is inaccurate, incomplete, or out of date.
To make an access or correction request, please contact us at:
Email: privacy@realsync.com.au
Subject line: Privacy Access Request or Privacy Correction Request
We will respond within 30 days. In some circumstances we may be unable to provide access (for example, where doing so would unreasonably impact the privacy of another person, or where the information relates to an ongoing legal matter). Where we decline access, we will explain the reason in writing.
We do not charge a fee for making an access or correction request, though we may charge a reasonable fee for the cost of providing access where a request is particularly complex.
11. Complaints
If you believe we have not handled your personal information in accordance with the Privacy Act 1988 or the Australian Privacy Principles, you have the right to make a complaint.
Step 1 — Contact us directly:
Email: privacy@realsync.com.au
Subject line: Privacy Complaint
Please include your name, contact details, and a clear description of your complaint. We will acknowledge receipt within 5 business days and aim to resolve the complaint within 30 days. If your complaint is complex and requires more time, we will notify you of the expected timeframe.
Step 2 — Contact the OAIC:
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
- Mail: GPO Box 5218, Sydney NSW 2001
Note: The OAIC generally requires that you first give the relevant organisation the opportunity to handle your complaint before lodging with them.
12. Cookies and Tracking Technologies
The Platform may use cookies and similar technologies to maintain session state, improve performance, and understand how the Platform is used.
You may configure your browser to refuse cookies; however, some features of the Platform may not function correctly if you do so.
We do not use cookies or tracking technologies to serve third-party advertising.
13. Links to Third-Party Services
The Platform integrates with third-party services (such as Shopify, WooCommerce, Xero, and banking institutions). This Privacy Policy applies to information we hold and process — it does not govern how those third parties handle your data. We encourage you to review the privacy policies of any third-party services you connect to the Platform.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. When we make material changes, we will notify you via email or a notice within the Platform and update the “Last updated” date at the top of this policy.
Your continued use of the Platform after changes take effect constitutes your acceptance of the updated policy.
15. Contact Us
For any privacy-related enquiries, requests, or concerns, please contact us at:
Digital Animals Agency Pty Ltd
Email: privacy@realsync.com.au
Website: https://realsync.cloud
This policy is published by Digital Animals Agency Pty Ltd (ACN: 668 300 758 / ABN: 71 668 300 758). RealSync is a platform and brand name operated by Digital Animals Agency Pty Ltd.
