Privacy Policy

Last Updated: 20th March 2025

AdviseWell (referred to as “we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to all personal information collected through our AdviseWell website and platform (the “Service”). By using our Service, you agree to the terms of this Privacy Policy.

What Personal Information We Collect

We only collect personal information that is necessary for us to provide and improve our services. The types of personal information we may collect include:

  • Your Business and Contact Details: Information about you as our client or prospective client, such as your name, business name, job title, email address, phone number, postal address, and other contact details. We may also collect login credentials and payment or billing information (e.g. credit card details) required to manage your account
  • Client Data You Provide: Information about your own clients that you upload or input into AdviseWell in the course of using our platform. This can include personal details of your end-clients (such as their name, date of birth, contact information), as well as sensitive financial information related to them – for example, their financial goals, assets, liabilities, income, expenses, investment details, and other data needed to generate financial advice documents. We understand this information is highly confidential and treat it with strict security and privacy safeguards.
  • Service Usage Data: Information generated through your use of our Service. This includes technical data such as your device type, IP address, browser type, access times, pages viewed, and other log information. We may use cookies or similar technologies to collect some of this usage data. (For more details, see “Cookies and Tracking” below.) This data generally does not identify you personally unless combined with other identifying information.
  • Communications: If you contact us with an inquiry, support request or feedback, we will collect any personal information you provide (like your name and email) along with the content of your communications. This includes correspondence via email, phone, or through our website.
  • Third-Party Integrations: If you choose to connect third-party systems to AdviseWell (for example, a CRM or financial product database), we may receive personal information from those systems as facilitated by you. We will handle any such integrated data in accordance with this Policy and any applicable agreement with you.

Please note: Under the Privacy Act, “personal information” basically means any information or opinion about an identified individual or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not. Some personal information is considered “sensitive information” for example, information about a person’s racial or ethnic origin, political opinions, religious beliefs, union membership, health, or sexual orientation. AdviseWell generally does not seek to collect these types of sensitive information. The financial and client data you provide, while highly confidential, may not fall under the legal definition of sensitive information, but we will nonetheless treat all client data with a high degree of security and care. If we do ever need to collect sensitive information (as defined by law), we will only do so with your consent and use it for the primary purpose for which it was provided or as otherwise required by law.

How We Collect Personal Information

We collect personal information in a few different ways:

  • Directly from You: In most cases, we collect information directly from you. You provide personal and business details when you create an account, fill out forms on our website, subscribe to our Service, enter information into the platform, or communicate with us. For instance, you will input your clients’ data into AdviseWell’s platform as part of using our AI paraplanning assistant, and we collect whatever information you choose to upload.
  • Automatically: When you use our website or Service, some data is collected automatically. As noted above, we use cookies and similar tracking technologies to gather technical information (like IP address, browser type, and usage patterns) whenever you interact with our site or app. This helps us understand how users navigate our Service and enables certain functionalities (e.g. keeping you logged in, analytics). You can adjust your browser settings to refuse cookies; however, some features of our Service may not function properly without cookies.
  • From Third Parties: We may receive personal information about you from third-party sources in some cases – for example, if your employer or colleague signs you up for our Service, or if you integrate another software with AdviseWell that shares data. In all such cases, we will handle that information per this Privacy Policy. If you provide us with personal information about another individual (such as one of your clients), you represent and warrant that you have that person’s permission or another lawful basis to disclose their information to us. It is your responsibility to ensure you have consent to upload your clients’ personal data into AdviseWell and to inform them that their information will be stored in our system. We will rely on you having obtained any necessary consent from the individuals whose data you provide to us.

How We Use Personal Information

We use the personal information collected to operate, maintain, and improve our Service, as well as to communicate with you. In particular, we may use your information for the following purposes:

  • Providing and Improving the Service: To deliver our AI-driven paraplanning platform’s features and services to you. For example, we use your input data (including your clients’ financial information) to generate advice documents and insights as per the functionality of AdviseWell. We also use personal information to maintain and improve our platform’s performance, algorithms, and user experience. This can include analysing usage patterns and feedback to refine our AI models and services. We use de-identified or aggregated data for service improvement by default, and we do not use identifiable client data for model training or improvement unless it is necessary to provide the Service to you.
  • Operating the Website and Account Management: To enable you to access and use our website and secure platform features (such as logging into your account, saving your data, etc.), and to administer your account. We use contact information to identify you as an authorised user, authenticate your access, and provide customer support.
  • Communications and Support: To communicate with you about your account and the Service. This includes sending service-related announcements (e.g. important updates, security alerts, changes to features), responding to your inquiries or support requests, and providing customer service. We may also send informational content about new features or improvements to the Service that may interest you as a user.
  • Legal and Compliance: To comply with any legal obligations that apply to us, such as financial reporting requirements or responding to lawful requests by government authorities. We may use and disclose personal information as necessary to enforce our terms and policies, to investigate or prevent unlawful activities (like fraud or misuse of our Service), or to handle legal claims.
  • Marketing (Opt-In): We will not use your personal information for unsolicited direct marketing to third parties, nor do we sell or rent your data to any third-party for their marketing purposes. We may, however, send you marketing or promotional communications about our own products or services if you have consented to receive such communications (for example, if you joined our waitlist or subscribed to a newsletter). If you opt-in to marketing emails, you can withdraw your consent at any time by using the “unsubscribe” link in those communications or contacting us to opt out. We will not spam you, and you have control over the marketing information you receive from us.

Importantly, we do not use or disclose the personal information you entrust to us (including your clients’ data) for any purpose other than to provide the Service to you and for the purposes outlined above. We do not use identifiable personal information, including identifiable client data, to train or develop AI or machine learning models except where required to deliver the Service. We may use de-identified or aggregated information to improve the Service, including improving our models. Our cloud infrastructure providers do not use your content for their own advertising or AI training purposes.

Disclosure of Personal Information

AdviseWell respects the confidentiality of your personal information. We do not sell, trade, or rent your personal data to third parties for marketing or any other independent use. There are only limited circumstances in which we may disclose personal information, as set out below:

  • Service Providers and Partners: We may share personal information with trusted third-party service providers who help us operate our business and deliver the Service. This includes, for example, our cloud hosting provider, Google Cloud Platform (GCP), which provides the data center and infrastructure where we securely store your information. It may also include IT support services, payment processors, email service platforms, analytics tools, or similar services that facilitate our operations. In all cases, we only share data that is necessary for the third party to perform their services on our behalf. These providers are bound by confidentiality and data security obligations and are not permitted to use your information for any purpose other than assisting us in running AdviseWell.
  • Within Our Corporate Group: If AdviseWell is a part of a corporate group (subsidiaries, affiliates, or parent company), we may share personal information within that group on a need-to-know basis. Any such related entities will also handle your information in accordance with this Policy.
  • Legal Requirements and Protection: We may disclose personal information when we believe in good faith that such disclosure is required to comply with applicable laws, regulations, legal processes or governmental requests (for example, responding to a court order or lawful subpoena). We may also disclose information to enforce our terms of service or other agreements, to detect or investigate fraud or security issues, or to protect the rights, property, or safety of AdviseWell, our customers, or others as required or permitted by law.
  • Business Transfers: In the event of a future business transaction such as a merger, acquisition, sale of company assets, or bankruptcy, personal information could be among the assets transferred to the buyer or surviving entity. If such a transfer occurs, we will ensure that the recipient of the data is bound to protect your personal information in a manner consistent with this Privacy Policy. We will notify you or post a notice on our website if your data becomes subject to a different privacy policy as a result of a business transaction.

Except for the situations described above, your data remains confidential and is not shared with third parties. In particular, we do not disclose your clients’ financial data to any third party except as necessary to provide the AdviseWell service to you (for example, transmitting data through secure cloud storage).

Data Storage and Security

We understand that the personal and financial data you entrust to AdviseWell is extremely sensitive. We take industry-standard security measures to safeguard your information against loss, misuse, unauthorised access, or disclosure. Some of the key steps we take include:

  • Your data is hosted and stored in Australia, using Google Cloud Platform’s Sydney data centre. In limited cases, data may be processed outside Australia on a transient basis as part of how our cloud providers operate global networks (for example, for routing, performance, security monitoring, or support). We do not permit offshore storage of your data, and any such processing is subject to appropriate confidentiality and security safeguards.
  • We protect your data using encryption in transit and at rest. Data is encrypted when sent between your device and our servers using HTTPS/TLS, and encrypted while stored using strong industry standards (for example, AES-256).
  • Access Controls: Access to personal information within our organisation is restricted on a need-to-know basis. Our employees and contractors who may need to handle data (for example, for support or technical maintenance) are subject to strict confidentiality obligations. We have a dedicated security team overseeing the protection of your data. Administrative access to systems is protected with multi-factor authentication and is regularly reviewed.
  • Monitoring and Testing: We regularly monitor our systems for possible vulnerabilities and attacks, and we use up-to-date security tools and practices to protect the platform. Periodic security assessments (including vulnerability scans or penetration testing) are conducted to test the strength of our safeguards.
  • Cloud Security Standards: Our cloud infrastructure provider (Google Cloud) maintains high security standards and holds internationally recognised certifications such as ISO/IEC 27001 and SOC 2 for information security management. This compliance demonstrates that the underlying infrastructure meets rigorous security and data protection benchmarks. We leverage these enterprise-grade protections to ensure your information remains safe.

While we strive to protect your personal information with these measures, please note that no method of electronic transmission or storage is 100% secure. However, we continuously update and refine our security practices to align with best practices and reduce risks to your data In the unlikely event of a data breach involving your personal information, we will promptly act to mitigate the impact and will notify you and appropriate authorities as required by Australia’s Notifiable Data Breaches scheme.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The length of time we keep information depends on the type of data and the context in which it was collected:

  • Account Information: If you have an AdviseWell account, we will retain your personal information for as long as your account is active. If you cancel your account or it otherwise becomes inactive, we may retain your information for a reasonable period in case you decide to reactivate, and to meet any legal or contractual obligations regarding data retention.
  • Client Financial Data: Records and documents generated through our platform (which may contain your clients’ personal and financial data) are typically retained while you continue to use the Service. Given the nature of financial advice, there may be regulatory requirements for advisers to retain records of advice for a certain period. For instance, under some regulations in Australia, financial advice documents and related client records must be kept for up to 7 years. You control how long client data remains in your AdviseWell account, subject to your own legal and regulatory obligations. Financial advisers in Australia may need to retain advice records for up to 7 years. AdviseWell provides storage and export tools to help you meet those obligations, and you may delete client data at any time, noting that residual copies may remain in backups for a limited period as described above.
  • Legal and Backup Retention: In certain cases, we may retain information for longer if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements. We also maintain secure backups of data for disaster recovery purposes, which are kept for limited timeframes under strict security.

When personal information is no longer required for the purposes for which it was collected (and we are not legally required to keep it), we will take reasonable steps to destroy or permanently de-identify the information. This may include secure deletion of electronic records and shredding of any physical documents. Please note that if you request deletion of specific data, residual copies might persist in our backup systems for a short period until those backups are cycled out, but they will no longer be accessible in the active systems.

Access and Correction of Personal Information

We respect your rights to access and correct your personal information. Under Australian privacy law, you have the right to request access to the personal information we hold about you, and to request correction if you believe it is inaccurate, out-of-date, or incomplete.

  • Access Requests: You may contact us (using the contact details at the end of this Policy) to request a copy of the personal information we hold about you. We will need to verify your identity before granting access, to ensure we do not inadvertently disclose personal data to the wrong person. We will respond to access requests within a reasonable time and provide the information in a suitable format. In some cases, we may lawfully refuse an access request or part of it – for example, if providing the information would unreasonably impact someone else’s privacy or if it relates to legal proceedings. If we refuse access, we will inform you of the reasons, except where it’s not permitted by law to do so.
  • Correction Requests: If you believe any personal information we hold about you is incorrect, incomplete, or not up to date, please let us know. You can also update certain information by logging into your AdviseWell account settings. We will take reasonable steps to correct the information. If we cannot fulfill your correction request (for instance, if we disagree that the information is incorrect), we will notify you of the outcome and you may request us to note on our records that you sought a correction.

There is no charge for requesting access or corrections, though in rare cases we might charge a reasonable administrative fee if a request is unusually resource-intensive. We will advise you of any potential fee before proceeding.

Complaints and Dispute Resolution

If you have any concerns or complaints regarding how we have collected or handled your personal information, please let us know – we take privacy complaints very seriously. You can contact us using the details in the Contact Us section below. Please provide as much detail as possible about your issue. We will promptly investigate your complaint, and may reach out to you if we need more information to resolve the matter.

Our team will do its best to address your concerns and correct any privacy issues in line with applicable laws. If you are not satisfied with our response or the outcome, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC is the independent regulator for privacy in Australia. They can be contacted through their website or by phone; more information is available at the OAIC website. We sincerely hope to resolve any privacy issues directly with you, but you may seek assistance from the OAIC if needed.

Overseas Data Transfers

AdviseWell is an Australian-based service. Our primary hosting and storage is in Australia (Sydney). In some cases, limited information may be processed by trusted service providers located outside Australia, for example where we use overseas support, analytics, communications, or payment providers, or where our cloud providers route or handle data through global networks for performance, resilience, or security purposes. We do not intentionally store your personal information outside Australia. Where any overseas processing occurs, we take reasonable steps to ensure those providers handle personal information in a way that is consistent with this Policy and Australian privacy requirements.

In the unlikely event that you explicitly request or consent to an overseas transfer of certain data (for example, if you integrate a non-Australian third-party service or ask us to send information to an overseas recipient), we will comply with your request. We will also inform you of any relevant implications. In particular, if personal information is sent to a foreign entity, that entity may not be bound by the Australian Privacy Principles, and we may not be accountable under the Privacy Act for how that overseas recipient handles your information.

If in the future we need to use cloud services or processors that store personal information outside Australia, we will update this Privacy Policy and ensure any cross-border transfers are handled in accordance with Australian privacy requirements, including by applying appropriate safeguards and obtaining consent where required. You can request a current list of our key service providers and their locations by contacting us.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, technology, or legal obligations. When we make changes, we will post the updated Privacy Policy on our website and update the “Last updated” date at the top of this Policy. We encourage you to review the Privacy Policy periodically to stay informed about how we protect your information.

If we make significant changes to the way we handle personal information, we will take additional steps to notify you: for example, we might send a notice to the email address associated with your account or provide an in-app notification. If required by law, we will also obtain your consent for any material changes that affect your rights. Your continued use of the Service after any update constitutes acceptance of the revised Privacy Policy, subject to any rights you may have under applicable law.

Contact Us

If you have any questions about this Privacy Policy, or if you wish to access, update, or correct your personal information, please contact us as follows:

Email: admin@advisewell.co (Attn: AdviseWell Privacy Officer)
Mail: Level 2/88 Jolimont St, East Melbourne VIC 3002  (Attn: AdviseWell Privacy Officer)

We are here to help and will respond to your inquiries as promptly as possible. By contacting us, you can also request further information about our privacy practices or provide any feedback. Your trust is important to us, and we welcome any questions or concerns you may have about how we handle your privacy.

Join forward-thinking firms scaling advice with AI

See how advice firms are boosting capacity without compromising compliance or trust. Book a demo to see AdviseWell in action.

Book Free Demo
Contact Us
Smiling man with neatly combed hair and a light beard wearing a light blue button-up shirt against a gray paneled wall.
Clinton Cunningham - Founder

Join Our Early Access Program

Company
Latest Articles
Sovereign AI for Australian Advice Firms: More Than Data Residency
Shadow AI in Advice: Why Sovereign Platforms Beat Unofficial Tools
From Transcript to Trusted Record: How to Standardise AI File Notes in Your Advice Practice
© Copyright 2025 AdviseWell
Privacy Policy
Terms & Services