Privacy Policy
In this Privacy Policy, “us”, “we” or “our” means Client Core Pty Ltd (ABN 97 684 911 108) trading as Nagaris. We are committed to respecting your privacy.
This Privacy Policy sets out our commitment to protecting the privacy of your personal information provided to us, or otherwise collected, used, stored, handled or disclosed by us when providing our platform, software, integrations, and all related services (together, the Services) to you or when otherwise interacting with you in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
By using our website and Services, or in providing any personal information to us, you consent to our collection, use, storage, handling and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
“Personal information” includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.
What personal information do we collect?
Nagaris only collects personal information reasonably necessary to provide you with our Services, or for its functions or activities. We may collect the following types of personal information:
- name;
- mailing or street address;
- email address;
- telephone number and other contact details;
- age or date of birth;
- photos of you and any other content you upload when using our Services;
- government identifiers where required or authorised by law, or where reasonably necessary for identity verification, fraud prevention, risk management or compliance purposes;
- identity verification information, including identity document details, identity verification results, match outcomes or identity opinions, facial images, liveness check information, biometric information where required for verification, and information collected from identity verification providers such as ConnectID, Didit, Stripe Identity, approved gateway providers, document issuers or official record holders;
- payment and transaction data including details about payments from you and other details of the Services you have purchased from us or that you have enquired about (however, we do not directly collect and hold credit card and bank details, but these may be collected on our behalf via our third-party payment service providers);
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
- any additional information relating to you that you provide to us directly through our website, app or an enquiry, or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; or
any other personal information that may be required in order to facilitate your dealings with us.
We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:
- register on our website or app;
- communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
- interact with our sites, services, content and advertising; or
invest in our business or enquire as to a potential purchase in our business.
In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.
Personal Information and consent of third parties
From time to time, you may provide us, and we may collect from you, personal information of a third party. Where you provide the personal information of a third party, it is your responsibility to ensure that you have obtained their consent to provide their personal information to us (where required under applicable law) and inform them that their details will be collected, stored, used and disclosed in accordance with our Privacy Policy. This includes informing them of the purpose of collection, how their information will be used, and their rights regarding access and correction of their information as set out in this Privacy Policy.
Sensitive Information
Under the Privacy Act and other applicable law, “sensitive information” includes but is not limited to information or an opinion about an individual’s race or ethnic origin, religious belief, or criminal record and also includes health, genetic or biometric information about an individual.
In certain circumstances, when you use our Services, we may collect sensitive information. We will only use sensitive information for the primary purpose it was collected, with your consent or where required or authorised by law.
Identity verification
We may use third-party identity verification services, including ConnectID, Didit, Stripe Identity, approved gateway providers, document issuers, official record holders and other identity verification providers, to verify your identity where this is reasonably necessary to provide our Services, meet legal or compliance obligations, prevent fraud, manage risk or protect the security of our platform.
Where ConnectID is available, we may collect identity-related personal information about you from participating data providers through the ConnectID digital identity network. This will only occur with your express consent.
If you do not provide consent to use ConnectID, or if ConnectID is unavailable or does not support your verification, we will not collect your personal information through ConnectID. We will make an alternative identity verification option available, including verification through Didit or another verification provider.
Where you use Didit, you may be asked to provide identity verification information such as identity document details, images of identity documents, facial images or liveness checks, contact details, device or IP information, and verification results. Some of this information may be sensitive information under the Privacy Act, including biometric information. We will only collect and use this information with your consent, where required or authorised by law, or where otherwise permitted under this Privacy Policy.
Where an identity verification check involves identity document information, your information may be checked with the relevant document issuer or official record holder via third-party systems for the purpose of confirming your identity. Before we initiate that type of check, we will ask for your express consent and provide information about the purpose of the check, the kinds of information involved, the categories of third parties that may receive the information, your rights, the consequences of declining consent, and how to make a complaint.
We do not infer consent for identity verification checks and we do not use opt-out consent. If you decline to consent, the relevant identity verification check will not be performed. Where reasonably practicable, we will make an alternative identity verification option available; however, in some cases we may be unable to provide the relevant Service, feature or transaction without verifying your identity.
Where you provide consent, we may use and disclose identity verification information for the purpose for which it was collected, including verifying your identity, preventing fraud, managing risk, complying with legal or regulatory obligations, and protecting the security of our Services. We will not use identity verification information collected for an identity verification check to create a data profile about you, track your behaviour, advertise or promote goods or services, enable another person to advertise or promote goods or services, conduct market research, or for unrelated customer analytics or consumer insights.
Where we provide an identity verification outcome to a business customer, we will provide only the outcome or identity opinion that is permitted for the relevant workflow. We will not disclose raw official match results unless required or permitted by law or the rules that apply to the relevant identity verification service.
You can find general information about the operation and management of Australian Government identity verification services on the IDMatch website and in the Identity Verification Services Privacy Statement.
We may disclose personal information to relevant data providers participating in the ConnectID digital identity network, Didit, or other identity verification providers in connection with a security incident, but only for the purpose of preventing or responding to cyber security incidents, fraud, scam activity or identity theft.
How do we collect, hold, use and disclose personal information?
We may collect, hold, use and disclose your personal information for the following purposes:
- to enable you to access and use our website and Services;
- to operate, protect, improve and optimise our website and Services, business and our users’ experience, such as to perform analytics, conduct research, develop new features and for advertising and marketing, except that identity verification information collected for an identity verification check will not be used for advertising, marketing, profiling, tracking, market research or unrelated customer analytics;
- to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
- to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
- to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
to consider your employment application.
We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive. This does not apply to identity verification information collected for an identity verification check.
Do we use your personal information for direct marketing?
We and/or our carefully selected business partners may send you direct marketing communications and information about our Services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link). For the avoidance of doubt, we will only send direct marketing communications to you where we have the required consent, we will never send marketing communications to your end users, and we will not use identity verification information collected for an identity verification check for direct marketing.
To whom do we disclose your personal information?
We may disclose personal information for the purposes described in this privacy policy to:
- our employees, contractors and related entities;
- third party suppliers and service providers (including providers for the operation of our websites and/or our business) or in connection with providing our Services to you;
- marketing or advertising providers;
- IT service providers, data storage, web-hosting and server providers;
- professional advisors, dealers, agents, auditors, business partners, sponsors, business brokers, our insurers and insurance brokers;
- credit reporting bodies and agencies;
- payment systems operators (eg merchants receiving card payments);
- identity verification providers, including ConnectID participating data providers, Didit, Stripe Identity, approved gateway providers, document issuers, official record holders and other providers we use to verify identity, prevent fraud, manage risk or comply with legal obligations;
- your emergency contacts or approved contacts;
- courts, tribunals, governmental agencies, regulatory authorities and law enforcement agencies, or as required, authorised or permitted by law; and
AI sub-processors such as OpenAI, Anthropic, Google Gemini and other similar LLM providers. We do not sell personal information and we do not use your prompts, files or outputs to train foundation or product models, whether ours or third parties’.
Disclosure of personal information outside Australia
We may disclose personal information outside of Australia to cloud providers, AI sub-processors, identity verification providers, or other service providers located in the United States, the European Union, or in any country where we or our service providers operate.
Where identity verification information is checked with Australian document issuers or official record holders via approved identity verification systems, we will only disclose that information overseas where permitted by applicable law and the rules that apply to the relevant identity verification service.
When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with Australian Privacy Law. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.
Subprocessors
We use the following subprocessors to provide our Services. We may update this list from time to time. Material changes to subprocessors will be communicated via email or through the platform.
| Subprocessor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Infrastructure hosting | Australia |
| Approved identity verification gateway provider(s) | Identity verification request routing and result processing where enabled | Australia |
| ConnectID | Digital identity verification network and consented identity data sharing | Australia |
| Didit | Identity verification, liveness checks and fraud prevention | European Union |
| Stripe | Identity verification | United States |
| Nylas | Email connectivity | United States |
| Monoova | Payment processing | Australia |
| SendGrid (Twilio) | Transactional email delivery | United States |
| Vercel | Frontend web application hosting | United States |
| DataDog | Application performance monitoring | Australia |
| Drata | Compliance management | United States |
Connected email account data
When you connect your email account (including Gmail, Microsoft Outlook, or other supported providers) to our Services, we access and process certain data from your email account to provide our Services. This section describes how we handle connected email account data.
What email data do we access
When you authorise Nagaris to connect to your email account, we may access:
Email messages you send and receive related to your clients
Email metadata (sender, recipient, subject, date, thread information)
Email addresses and contact information
How we use your email data
We use your connected email data solely to:
Send emails on your behalf to your clients
Synchronise client communications across your organisation
Display communication history with clients to authorised team members
Enable continuity of client relationships when staff are unavailable or change roles
We do not use your email data for advertising purposes or share it with third parties for their marketing purposes.
Retention of email data
We retain connected email account data (including email content and metadata) for as long as:
- Your account remains active with us; and
- Your email account remains connected to our Services
Email communications relevant to client records are retained as part of your client relationship history for the duration of your subscription.
Deletion of email data
You may request deletion of your connected email data at any time by:
Disconnecting your email account from Nagaris through the account settings
Contacting us at privacy@nagaris.com
Upon disconnection or deletion request, we will delete your connected email data within 30 days, except where retention is required for legal or compliance purposes. Deletion of individual client communication records can be requested separately.
You can also revoke Nagaris's access to your email account at any time through your provider's account settings:
Google: https://myaccount.google.com/permissions
Microsoft: https://account.live.com/consent/manage
Using our website and cookies
We may collect personal information about you when you use and access our website.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use “cookies” or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.
Security
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. For example, all components of our infrastructure are monitored via CloudWatch with comprehensive logging and alerting. However, we cannot guarantee the security of your personal information.
Links
Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.
Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the information below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
Making a complaint
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Contact Us
For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:
Privacy Officer, Client Core Pty Ltd
Level 1, 131 Clarence St, Sydney 2000
privacy@nagaris.com