Privacy Policy
This Privacy Policy explains how we collect, hold, use, and disclose your personal information when you use the Agent Finance platform at agentfinance.com.au and any associated services (the “Platform”).
The Platform is operated by Agent Finance AI Pty Ltd (ACN 673 873 204) (“we”, “us”, “our”), trading as Agent Finance. We are bound by the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”).
We are also a credit representative authorised to provide credit assistance under the Australian Credit Licence of Finsure Finance & Insurance Pty Ltd (ACL 384704). Our Credit Representative Number is 568962. When we collect or use credit information about you, Part IIIA of the Privacy Act and the Privacy (Credit Reporting) Code 2014 (the “CR Code”) apply in addition to this Policy.
1. What this Policy covers
1.1 This Policy covers personal information we collect, hold, use, and disclose when you:
(a) visit the Platform or any of our websites;
(b) create an account or use the Platform;
(c) communicate with us by email, SMS, chat, or any other means; or
(d) interact with any AI assistant on the Platform.
1.2 “Personal information” has the meaning given in the Privacy Act. It is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
1.3 “Sensitive information” is a sub-set of personal information that includes information about your health, racial or ethnic origin, religious beliefs, and certain other categories listed in the Privacy Act. The Platform does not ask for sensitive information. If you provide sensitive information voluntarily (for example, in a conversation with the AI assistant), we will handle it in accordance with this Policy and the Privacy Act.
1.4 “Credit information” has the meaning given in Part IIIA of the Privacy Act. It includes information about your identity, your credit history, the credit you have applied for or obtained, defaults you may have, court proceedings related to credit, and similar categories of information held about you by credit reporting bodies. When we collect or use credit information about you, additional protections under Part IIIA of the Privacy Act and the CR Code apply. Section 11 of this Policy sets out how we handle credit information.
2. The personal information we collect and hold
2.1 We collect and hold the following kinds of personal information:
(a) Contact and account details — your full name, email address, mobile number, residential address, and account credentials.
(b) Identity details — date of birth, residency status, driver licence number and other government-issued identifier numbers, and copies of identification documents (collected at a later stage of your application, as set out in clause 2.2).
(c) Financial and employment details — income, expenses, assets, liabilities, employment status, employer details, and similar information needed to scope a car loan application.
(d) Vehicle and loan details — the vehicle you want to finance, loan amount, loan term, deposit, and similar application information.
(e) Conversation and interaction data — transcripts of your conversations with the AI assistant, your responses to application questions, support messages, and similar records.
(f) Technical and device data — IP address, device type, browser type, operating system, time zone, and similar information automatically collected when you use the Platform.
(g) Usage data — pages you visit, actions you take on the Platform, time spent, referral source, and similar information.
(h) Credit information — information we collect from credit reporting bodies (such as a consumer credit report) and credit-related information we generate or hold about you in the course of providing credit assistance. We collect credit information only after you have reviewed and signed our Privacy Disclosure Statement and Consent at the credit assistance stage of your application.
2.2 We collect identity documents, identifier numbers (including driver licence number and copies of identification documents), and credit information only after you have reviewed and signed our Privacy Disclosure Statement and Consent. That document sets out the additional consents required for credit assistance and explains how we use credit information.
3. How we collect personal information
3.1 We collect most personal information directly from you when you:
(a) create an account;
(b) complete an application form;
(c) interact with the AI assistant;
(d) communicate with us by email, SMS, or chat; or
(e) respond to a chaser message.
3.2 We collect technical and usage data automatically when you use the Platform, through cookies and similar technologies. You can manage cookies through your browser settings.
3.3 We collect credit information from credit reporting bodies when you give us authority to do so at the credit assistance stage of your application. Section 11 of this Policy sets out how we collect, hold, and use credit information.
3.4 We may also collect information from other third parties where you have authorised us to do so, including from your employer (to verify employment details) and from banking data providers (where you have authorised us to retrieve transaction data to verify your financial situation).
4. Why we collect, hold, and use personal information
4.1 We collect, hold, and use personal information to:
(a) verify your identity and provide you with an account;
(b) operate the Platform and the AI assistant;
(c) gather information about your circumstances so we can assess whether to provide credit assistance to you;
(d) provide credit assistance to you, including conducting a preliminary assessment of suitability under the National Consumer Credit Protection Act 2009 (Cth) (“NCCP”) and submitting your application to a suitable lender;
(e) communicate with you about your application, including by SMS and email;
(f) respond to your questions and support requests;
(g) detect, investigate, and prevent fraud, misuse, and security incidents;
(h) improve the Platform, including by training and tuning the AI assistant on conversation data. We do not use credit information or credit eligibility information for training or tuning the AI assistant;
(i) produce aggregated and de-identified statistics about how the Platform is used;
(j) comply with our legal and regulatory obligations; and
(k) establish, exercise, or defend legal claims.
4.2 We will not use your personal information for any other purpose unless:
(a) you would reasonably expect us to use it for that purpose and it is related (or, for sensitive information, directly related) to a purpose set out in clause 4.1;
(b) you consent to the use; or
(c) the use is otherwise permitted or required under the Privacy Act or any other Australian law.
5. Disclosure of your personal information
5.1 We disclose your personal information to the parties set out in this clause 5 for the purposes set out in clause 4.
Lenders
5.2 We disclose your personal information to lenders on our panel so they can assess your application for finance. Our current panel includes major Australian car finance lenders such as Pepper Finance, Finance One, AFS, WISR, Latitude Finance, and Money Place. The complete current panel is set out in our Credit Guide. Each lender is a separate entity with its own privacy obligations and will handle your information under its own privacy policy from the point it is disclosed to them.
Our licensee
5.3 We disclose your personal information, including credit information where relevant, to our licensee, Finsure Finance & Insurance Pty Ltd (Australian Credit Licence 384704), to the extent necessary for Finsure to supervise our credit assistance activities, meet its regulatory obligations, and conduct audits of our compliance.
Credit reporting bodies
5.4 When you authorise us to do so at the credit assistance stage of your application, we disclose identification information about you to credit reporting bodies so they can provide us with a consumer credit report. We do not currently disclose default information, payment information, or court proceedings information to credit reporting bodies. The credit reporting bodies we deal with are set out in section 11 of this Policy.
Our service providers
5.5 We disclose personal information to service providers that help us operate the Platform, including:
(a) cloud hosting and infrastructure providers;
(b) database and storage providers;
(c) SMS and email providers;
(d) error monitoring, analytics, and security providers;
(e) AI service providers that power the AI assistant;
(f) address verification providers; and
(g) banking data and verification providers (where you are asked to connect a banking data source for your application).
5.6 We require our service providers to handle personal information only for the purposes for which we disclose it to them, and to protect it in accordance with applicable laws.
Other disclosures
5.7 We may disclose personal information:
(a) to our professional advisers, including lawyers, accountants, and auditors;
(b) to a buyer or potential buyer of our business or assets, on confidential terms;
(c) where we are required or authorised by law, or by a regulator, court, or law enforcement body, to disclose it;
(d) where you have consented to the disclosure; or
(e) where the disclosure is otherwise permitted under the Privacy Act.
5.8 We do not sell your personal information.
6. Overseas disclosure of personal information
6.1 Some of our service providers are located outside Australia, or are Australian entities that store or process personal information outside Australia. We disclose personal information to recipients in the following countries:
(a) the United States — where some of our service providers (including providers of SMS, email, AI infrastructure, error monitoring, and address verification services) store or process personal information on our behalf; and
(b) the Philippines — where some members of our development team have read access to systems holding personal information.
6.2 Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to the information, as required by APP 8.
6.3 Under section 16C of the Privacy Act, an act or practice of an overseas recipient that would breach the APPs is taken to have been done by us. This means we are accountable to you for the handling of your personal information by overseas recipients to whom we disclose it.
6.4 We do not rely on the consent exception in APP 8.2 to bypass the accountability mechanism in section 16C.
7. How we store and protect your personal information
7.1 We store your personal information primarily in Australia, in cloud infrastructure located in the Australian region. Some categories of information are processed by overseas service providers, as set out in clause 6.
7.2 We take reasonable steps to protect personal information from misuse, interference, loss, and from unauthorised access, modification, or disclosure. These steps include:
(a) access controls, authentication, and audit logging;
(b) encryption of personal information in transit and at rest;
(c) restricting access to personal information to personnel who need it to perform their role;
(d) staff training on privacy and security;
(e) due diligence on service providers; and
(f) incident response and breach notification procedures.
7.3 No information security measure is perfect. While we take the steps set out in this clause 7, we cannot guarantee that personal information will never be accessed, used, or disclosed without authorisation.
7.4 If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (“OAIC”) in accordance with Part IIIC of the Privacy Act.
8. How long we keep your personal information
8.1 We keep your personal information for as long as we need it for the purposes set out in clause 4, and then for any longer period we are required or permitted to keep it under Australian law.
8.2 In particular:
(a) records relating to credit assistance we have provided to you are subject to record-keeping obligations under the NCCP and the National Consumer Credit Protection Regulations 2010, and are retained for at least 7 years from the date of the credit assistance;
(b) records required to be kept under tax, anti-money laundering, or other laws are kept for the period required by those laws; and
(c) other records are kept for as long as we have a legitimate business need.
8.3 When we no longer need personal information, we take reasonable steps to destroy it or de-identify it.
9. AI assistant and automated processing
9.1 The Platform uses artificial intelligence to provide most of your experience, including an AI assistant that guides you through your application. The AI assistant processes your personal information to:
(a) ask you questions about your circumstances;
(b) record your responses;
(c) summarise your application for our credit assistance review; and
(d) provide chat support during your application.
9.2 The AI assistant does not decide whether you will be approved for finance. Credit decisions are made by lenders, after we have reviewed and submitted your application.
9.3 A credit representative reviews your application and conducts a preliminary assessment of suitability under the NCCP before your application is submitted to a lender.
9.4 From 10 December 2026, additional requirements apply under the Privacy Act in relation to certain automated decisions that significantly affect the rights or interests of an individual. We will update this Policy before that date to reflect those requirements as they apply to the Platform.
10. Direct marketing
10.1 We may from time to time use your personal information to send you direct marketing communications about the Platform or related products and services, but only where:
(a) you have consented to receive those communications; or
(b) we are otherwise permitted to send them under the Privacy Act and the Spam Act 2003 (Cth).
10.2 The following messages are not direct marketing:
(a) verification messages, including one-time password codes;
(b) progress updates and reminders relating to your application;
(c) messages required to process your application; and
(d) service messages about the Platform.
10.3 You can opt out of direct marketing communications at any time by:
(a) using the unsubscribe link in any marketing message; or
(b) visiting agentfinance.com.au/optout.
We will action your opt-out within the period required by the Spam Act 2003 (Cth).
10.4 Opting out of direct marketing does not opt you out of the messages in clause 10.2, which are necessary for your application.
11. Credit information
11.1 This section sets out how we handle credit information about you. It applies in addition to the rest of this Policy.
11.2 We are a credit representative authorised under Finsure’s Australian Credit Licence (ACL 384704) to provide credit assistance. When you reach the credit assistance stage of your application and authorise us to do so, we may:
(a) obtain a consumer credit report about you from a credit reporting body;
(b) hold and use the credit information we receive to assess your application and provide credit assistance; and
(c) disclose credit information to lenders so they can assess your application for finance.
11.3 Once we receive credit information about you from a credit reporting body, we hold it as “credit eligibility information” under Part IIIA of the Privacy Act. We handle credit eligibility information under the same protections as credit information, and under the additional rules in Part IIIA that govern its use and disclosure.
11.4 The credit reporting bodies we deal with are:
(a) Equifax — www.equifax.com.au — 13 8332
(b) Experian — www.experian.com.au — 1800 083 777 (Experian also holds credit information previously held by illion, following the integration of those two bodies in April 2026.)
11.5 Credit reporting bodies use your credit information for the purposes permitted under the Privacy Act, including providing credit reporting services to credit providers, verifying identity, and helping detect and prevent fraud. Each credit reporting body has its own credit reporting policy, which you can obtain from its website.
Notifiable matters under the CR Code
11.6 The following information is provided to you under paragraph 4.1 of the Privacy (Credit Reporting) Code 2014 (the “CR Code”). It will also be provided to you again at the credit assistance stage of your application, before we collect any credit information about you, in our Privacy Disclosure Statement and Consent.
11.7 Pre-screening direct marketing. Credit reporting bodies may use your credit information for the purpose of “pre-screening” direct marketing assessments by credit providers. You have the right to ask any credit reporting body not to use your credit information for pre-screening purposes. You can make this request to the credit reporting body in writing or by telephone, free of charge, using the contact details in clause 11.4.
11.8 Suspected fraud — ban period. If you believe that you have been, or are likely to be, the victim of fraud (including identity fraud), you can ask any credit reporting body not to use or disclose your credit information for a ban period. The default ban period is 21 days, which can be extended in certain circumstances. The credit reporting body must comply with your request. Contact the relevant credit reporting body using the details in clause 11.4.
11.9 Access to your credit information. You have the right to ask us, or any credit reporting body, for access to credit information held about you. To make a request to us, contact fin@agentfinance.com.au. We will respond to your request within 30 days for straightforward requests; more complex requests may take longer, and we will tell you in advance if so.
11.10 Correction of your credit information. You have the right to ask us, or any credit reporting body, to correct credit information that you believe is inaccurate, out of date, incomplete, irrelevant, or misleading. To make a request to us, contact fin@agentfinance.com.au.
11.11 Complaints about credit reporting. If you have a complaint about how we have handled your credit information, please contact us first at fin@agentfinance.com.au. We will acknowledge your complaint within 7 days and aim to respond substantively within 30 days, as required by the CR Code.
11.12 If you are not satisfied with our response to a credit information complaint, you can complain to the Australian Financial Complaints Authority (AFCA), which is the external dispute resolution scheme that covers our credit assistance services through our licensee Finsure. AFCA contact details are in our Credit Guide. You can also complain to the Office of the Australian Information Commissioner (OAIC) — see clause 14 for contact details.
Retention of credit information
11.13 Credit information and credit eligibility information are subject to specific retention periods under the Privacy Act and the CR Code, which differ from our general retention rules in clause 8. In particular:
(a) repayment history information is generally retained for 24 months;
(b) default information and serious credit infringements are generally retained for 5 years;
(c) court proceedings information and personal insolvency information are generally retained for 5 years;
(d) consumer credit liability information is retained for the period the account is active and for a further period after closure as specified in the Privacy Act; and
(e) credit enquiry information is generally retained for 5 years.
These retention periods are set out in the Privacy Act and apply to credit reporting bodies. We retain credit information and credit eligibility information for as long as we need it for credit assistance purposes and as required under the NCCP and the National Consumer Credit Protection Regulations 2010.
12. Cookies and similar technologies
12.1 The Platform uses cookies and similar technologies to:
(a) keep you signed in;
(b) remember your preferences;
(c) measure how the Platform is used; and
(d) detect and prevent fraud and misuse.
12.2 You can manage cookies through your browser settings. If you block cookies, some parts of the Platform may not work as intended.
13. Access to and correction of your personal information
13.1 You can ask us at any time to:
(a) tell you what personal information we hold about you;
(b) give you a copy of that personal information; or
(c) correct personal information you believe is inaccurate, out of date, incomplete, irrelevant, or misleading.
13.2 To make a request, contact us at fin@agentfinance.com.au. We may ask you to verify your identity before we action your request.
13.3 We will respond to your request within a reasonable period and, in any event, within 30 days. If we refuse to give you access to, or correct, your personal information, we will tell you why in writing.
13.4 We do not usually charge for access or correction requests. If a charge is necessary, we will tell you in advance and the charge will not be excessive.
14. Complaints
14.1 If you think we have breached the APPs or this Policy, please contact us first at fin@agentfinance.com.au. We will acknowledge your complaint within 5 business days and aim to respond substantively within 30 days.
14.2 If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
14.3 Complaints about credit assistance, your loan, or our services as a credit representative may also be referred to the Australian Financial Complaints Authority (“AFCA”). AFCA contact details are set out in our Credit Guide. Complaints about credit information specifically are addressed in clause 11.
15. Changes to this Policy
15.1 We may update this Policy from time to time. The current version is always available at agentfinance.com.au/privacy.
15.2 If we make a material change, we will notify you by email or through the Platform before the change takes effect.
15.3 Changes apply from the date this Policy is updated.
16. Contact us
16.1 For any privacy question or request, contact: fin@agentfinance.com.au
This Privacy Policy was last updated on 1 June 2026.