Last updated: 12/11/2025
Welcome to PayGear Pty Ltd (ABN: 97 686 797 759) ("we", "our", "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what we collect, why we collect it, how we use and disclose it, and your choices. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
PayGear is an AUSTRAC‑registered remittance service and digital currency exchange (DCE) (AUSTRAC Registration No: IND100894832-001). Our services are subject to the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 (Cth), AML/CTF Rules, and other applicable laws including the Corporations Act 2001 (Cth) and Australian Securities and Investments Commission Act 2001 (Cth).
In this policy, "Personal Information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable. "Sensitive Information" is a subset of personal information that is given a higher level of protection, such as biometric information. "AML/CTF Act" refers to the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 (Cth).
We may collect and hold a range of personal information about you to provide our services, including:
We may also collect account credentials and configuration needed to connect third‑party services you authorise (e.g., exchange account identifiers and API keys you provide).
We generally collect information directly from you via our website, app, forms, identity checks, and support interactions. We may also collect information from third parties where lawful, including electronic verification services and fraud prevention partners.
At PayGear, we may use the Document Verification Service (DVS) to verify a customer’s identity by confirming that the details on their identity document match government records. The DVS can also confirm that the details are still valid and not expired or cancelled. We will only submit DVS checks via a government‑accredited gateway service provider. We do not receive government source records; we receive match/no‑match results and related metadata from the gateway.
We do not give you the option of dealing with us anonymously, or under a pseudonym. This is because it is impractical, and, in some circumstances, illegal for PayGear to deal with individuals who are not identified.
If you do not provide requested personal information (including identity information), we may be unable to provide some or all services to you.
We use cookies and analytics to operate and improve our website and app. You can control cookies in your browser; blocking some cookies may impact functionality.
We share personal information only as needed to provide services, comply with law, protect our rights, or with your consent. Typical recipients include identity verification providers (e.g., DVS via approved gateways), banks and payment partners you instruct us to use, cloud hosting and security vendors under contract, professional advisers, and government authorities when required by law.
As an AUSTRAC‑regulated entity, we may disclose information to AUSTRAC and law enforcement (for example, suspicious matter reports, threshold transaction reports, and international funds transfer instructions) as required by the AML/CTF Act. We may be legally prohibited from informing you about certain reports or actions ("tipping‑off" prohibitions).
Some service providers that assist us (for example, cloud hosting, security, analytics, or identity verification gateways) may be located outside Australia. Where practicable, we take reasonable steps to ensure such recipients protect your information in a way that is consistent with Australian privacy requirements.
Our service providers may be located in countries including (but not limited to) the United States, member states of the European Union, the United Kingdom, Singapore, and other Asia‑Pacific locations. When disclosing overseas, we use contractual and technical safeguards and take reasonable steps to ensure APP‑comparable protection.
We apply administrative, technical, and physical safeguards appropriate to the information we hold. Measures include access controls, encryption in transit, logging and monitoring, and least‑privilege access. No method is 100% secure; we continually improve our controls.
We keep personal information only as long as necessary for the purposes described or as required by law. Specific retention periods include:
After retention periods expire, we securely delete or de‑identify personal information unless ongoing retention is required by law.
If we receive personal information we did not request, we will assess whether we could have lawfully collected it. If not, we will destroy or de‑identify it where reasonable and lawful to do so.
We do not adopt government identifiers (such as driver’s licence numbers or passport numbers) as our own identifiers, except where permitted or required by law.
Our services are intended for individuals aged 18 years and over. We do not knowingly collect personal information from children.
You can request access to, or correction of, your personal information. We will respond to access requests within 30 days and may charge a reasonable fee for processing. For correction requests, we will take reasonable steps to correct information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Some information may be exempt from access (e.g., where disclosure would reveal investigative processes or impact law enforcement). We may need to verify your identity before processing requests. You can also opt out of direct marketing at any time.
We do not sell your personal information. We may send service and marketing communications as permitted by law. You can opt out of non‑essential marketing via in‑message links or by contacting us.
If a data breach is likely to result in serious harm, we will assess and, where required by law, notify affected individuals and the Office of the Australian Information Commissioner (OAIC).
If you have concerns about how we handle your personal information, please contact our Privacy Officer:
We will acknowledge complaints within 5 business days and investigate and respond within 30 days (or longer if the matter is complex, in which case we will keep you informed of progress).
You can also lodge a complaint with the OAIC. See oaic.gov.au for contact options and guidance.
We may update this policy from time to time. The “Last updated” date above reflects the most recent change. Material changes will be highlighted on this page.