Legal

Privacy Policy

Last updated: May 2026

1. Introduction

VCAP Connect Pty Ltd (ABN 88 674 243 362), trading as moneymood ("we", "us", "our"), is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and store your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the moneymood platform ("Platform"), you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you create a moneymood account or are onboarded through your employer, we may collect:

  • Name (first and last)
  • Email address
  • Password (stored as a secure hash, never in plain text)
  • Employer affiliation and Access Code
  • Phone number (optional)

2.2 Financial Data via CDR

If you choose to connect your financial accounts, we receive financial data through the Consumer Data Right (CDR) framework via our accredited data recipient partner, Basiq. This may include:

  • Bank account details (account name, type, balance)
  • Transaction history (amounts, dates, merchant names, categories)
  • Account holder information as provided by your financial institution

CDR data connections are established only with your explicit consent and are read-only. You can revoke consent at any time.

2.3 Usage Data

We automatically collect information about how you interact with the Platform, including pages visited, features used, session duration, device type, browser type, and general interaction patterns. This data is used to improve the Platform and is not linked to your financial data for marketing purposes.

3. How We Use Your Information

We use your personal and financial information to:

  • Provide, maintain, and improve the moneymood platform and its features
  • Generate personalised financial insights, analysis, and behavioural nudges
  • Categorise transactions and detect spending patterns
  • Provide aggregated, anonymous analytics to your employer (never individual-level data)
  • Send you account-related communications (verification, password reset, alerts)
  • Respond to your enquiries and provide support
  • Comply with legal obligations

4. CDR Data Handling

Our handling of Consumer Data Right (CDR) data complies with the Competition and Consumer (Consumer Data Right) Rules 2020. Key principles include:

  • CDR data is collected only with your explicit, informed consent
  • We use Basiq as our accredited data recipient to facilitate secure data connections
  • CDR data is used solely for the purposes you have consented to
  • You can withdraw your consent and request deletion of CDR data at any time
  • CDR data is never used for direct marketing or sold to third parties

5. Data Sharing

We are committed to safeguarding your information:

  • We never sell your personal data to any third party
  • Employer reporting: Your employer receives only aggregated, anonymous data about workforce financial wellness trends. Individual financial data is never shared with your employer
  • Connected services: If you choose to use connected services (such as Lendera, BeOpen, or PokitPal), data is shared only with your explicit consent and in accordance with each service's own privacy policy
  • Service providers: We share data with trusted service providers (listed in Section 9) only as necessary to operate the Platform
  • Legal requirements: We may disclose information where required by law, regulation, or legal process

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest using AES-256
  • Encryption in transit using TLS 1.2+
  • All data hosted on Australian infrastructure
  • Secure session management with token rotation
  • Rate limiting and brute force protection
  • Regular security audits and penetration testing
  • Role-based access controls and audit logging

7. Your Rights

Under Australian privacy law, you have the right to:

  • Access your personal information held by us
  • Correct any inaccurate or incomplete information
  • Delete your account and all associated data
  • Data portability: Request an export of your data in a machine-readable format
  • Withdraw consent for CDR data sharing at any time
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at hello@moneymood.com.au.

8. Cookies and Tracking

moneymood uses cookies and similar technologies for essential functionality including:

  • Maintaining your login session
  • Remembering your theme and display preferences
  • Analytics to understand aggregate usage patterns (via Google Analytics)

We do not use advertising cookies or third-party tracking cookies for behavioural advertising. You can control cookie preferences through your browser settings.

9. Third-Party Services

We use the following third-party services in the operation of moneymood:

  • Basiq: Accredited data recipient for CDR bank connections and financial data aggregation
  • OpenAI: AI services for insight generation, transaction categorisation, and financial coaching features. Financial data sent to AI services is used solely for generating your insights and is not retained by the AI provider for model training
  • Stripe: Secure payment processing for subscription billing. We do not store your full credit card details on our servers

10. Children's Privacy

moneymood is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a person under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a notice on the Platform. Your continued use of moneymood after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, please contact:

VCAP Connect Pty Ltd
ABN 88 674 243 362
Trading as moneymood
Email: hello@moneymood.com.au

You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.