Privacy Policy

Version 1.0 15/01/2024

Truyu Privacy Policy

Version 1.0 15/01/2024

1. About us

Truyu means CBA New Digital Businesses Pty Ltd (NDB), a wholly owned subsidiary of the Commonwealth Bank of Australia (CBA). You can find information about Truyu on the Truyu website at www.truyu.com.au.

2. Your privacy is important to us

At Truyu, we understand how important it is to keep any personal information we have, including about visitors browsing the Truyu Website www.truyu.com.au (“Website”) or the Truyu app (“App”) and registered members of the Website or the App private, protected and safe. We are committed to protecting the personal information of individuals with whom we deal.

You can be confident that we comply with the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy outlines how we can collect, use, hold and disclose your personal information.

Please read through this Policy carefully prior to using the Truyu Website or the App. The personal information we seek to collect about you is necessary for the service we provide. If you do not provide us with all of the information we require, we may not be able to deliver our service to you.

We update this Policy when things change. You can always find the most up-to-date version through the Website or the App.

3. How do we collect your information?

We collect your personal information directly from you most of the time, however on occasion, we may also collect information about you from other people and organisations.

We collect personal information when you:

• enquire about or use our products or services

• contact us to make an enquiry or give us feedback

• visit our website or use our digital services

• participate in other activities we offer, such as feedback surveys or customer offers in relation to other CBA products and services

• talk to us or do business with us.

4. What information do we collect?

We usually collect the following types of personal information:

Identity Information When you register for a Truyu account, we may collect identification information such as:

• Your full name and date of birth;

• Your contact details, such as your email address and phone number; and

• Your identity documents, such as your driver’s licence or passport details

Sensitive information Our service provider, GBG, will collect an image of your face and images of your identification documents (such as driver’s licence or passport), for biometric identification purposes. This information will only be used to verify your identity when you register for identity usage monitoring so that we can make sure the ID your monitoring belongs to you. We do this to protect you against identity fraud. GBG will delete these images after 7 days. We'll always ask you for your permission to collect these images. For more information, view GBG’s Privacy Policy.


Monitored information Truyu provides a number of identity monitoring services, including Data Breach Alerts and ID Usage Alerts. In order to provide these services to you, we may collect information from third parties who help us deliver these services. This information includes whether your email address has appeared in a data breach, and whether your ID has been used at a merchant.

Interaction information We may collect details of your interactions with us, such as when you email us to make an enquiry, provide feedback, or make a complaint

Digital Information When you access the Website or the App, we collect your location information, IP address, mobile device and network information. The recording of such information enables us to optimise the App for our users, without identifying them.

If you access the Website or the App, we will only store your personal information if you input it into the Website or the App through an online form, e.g. when you sign up, or email us.

5. How do we use your information?

Here is a list of ways we may use your personal information:

Serving you as a customer We use your information to deliver our products and services, including to:

• Share your details with our service partners who assist us in providing our services to you (see Section 8 ‘Who do we share your information with’ below for further detail).

• Contact you, for example if we need to tell you something important, request customer feedback, or tell you about products or services we think may be of interest to you.

Managing our operations We use your information to manage our operations, including to:

• Service your account with us including using third party providers (see Section 8 ‘Who do we share your information with’ below for further detail).

• Handle your inquiries and communicate with you on your inquiries or complaints.

Improving our business We use your information to improve the products and services we provide through activities such as:

• Reviewing customer feedback and assessing how you use our products and services.

• Conducting research and analytical activities (like de-identifying data to form aggregated insights), that allow us to improve our Website and App.

• Sharing deidentified insights with our service partners to improve the delivery of our product and service.

• Conduct internal system development testing and analysis.

Managing security, risk, compliance and crime prevention We use your information to:

• Establish and verify your identity.

• Comply with our legal and regulatory obligations and assist government and law enforcement agencies or regulators.

• Support our administrative purposes and any other purposes permitted by law.

• Manage our risks and help identify and investigate any illegal activity, such as fraud.

If you do not provide us with the information in whole or in part, we may not be able to provide you with our products and services.

Using data

Improvements in technology enable organisations, like us, to collect and use information to get a more integrated view of users and provide better products and services. We may combine user information with information available from a wide variety of external sources to analyse the data in order to gain useful insights.

Do we use information for direct marketing?

We may use personal information we collect about you to provide direct marketing offers for Truyu products and services, which we think, may be of interest to you, unless you tell us not to by opting out at any time. Opt-out may be in the form of an email or other electronic means.  

6. Sending data overseas

We may send your information to recipients located overseas, including to service providers and other third parties who operate or hold data outside Australia.  The purposes for which we may send your data overseas include for identity verification purposes, managing customer service, reporting and analytical purposes, and system development testing purposes.

When we send your information overseas, it is likely to be the United States of America, these service providers include Twilio and SendGrid. If this happens, we require such organisations to have the appropriate data handling and security arrangements in place to ensure compliance with this Policy and the law.

7. Cookies and analytics

What are cookies?

Cookies are text files that are downloaded to your computer or mobile device when you access a website. As you browse, cookies gather and store some information about the way you use that website.

Cookies allow the website to recognise your device each time you visit, providing you with a better experience because the site learns your preferences as you browse. Some types of cookies also perform essential functions to enhance how the site works.

How we use cookies on the Website and the App

Cookies are used on the Website to track your journey through the Website. The type of cookie we use collects no personal information at all. This simply allows us to see at a glance which pages and information are of most interest to visitors and members. Most browsers can be configured to refuse to accept cookies. You can also delete cookies, however, doing so may hinder your access to valuable areas of information within the Website.

The App uses your device’s information, such as your device ID, and uses local secure storage to remember your login details. To delete your device information, you will need to delete or uninstall the App from your device or clear your local storage.

Google Analytics Advertising Features and the cookies it uses

We use Google Analytics features based on Display Advertising. You can opt-out of Google Analytics Advertising Feature by using the Google Ad Settings within the web-browser (https://adssettings.google.com/). In addition, you can use the Google Analytics Opt-Out Browser Add-on (https://tools.google.com/dlpage/gaoptout/) to disable tracking by Google Analytics.

We use Google Analytics Demographics and Interest-Reporting to understand the spread of age ranges, gender, and geographic locations of Our users. This enables Us to tailor the Website, content and Our marketing around Our users’ interests.

We may use “Remarketing” with Google Analytics and other platforms such as Facebook Retargeting to advertise online. This will utilise different cookies. Third-party vendors, including Google, Facebook and media agencies, show Our ads on websites across the internet. These third-party vendors use the cookies on Our Website to inform, optimise and serve ads based on Your past visits to Our Website.

For further information about how Google Analytics collects and processes information, please refer to "How Google uses information from sites or apps that use our services", (located at https://policies.google.com/technologies/partner-sites).

8. Who do we share your information with?

We disclose personal information to organisations that help us provide our services to you. These may include:

• Our service partners including GBG and HaveIBeenPwned;

• Our suppliers, agents, associates, contractors and external service providers including SendGrid and Twilio;

• Our financial advisers, legal advisers or auditors;

• Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction; and

• External dispute resolution schemes.

We may also provide personal information about you to external organisations in circumstances where we are required or authorised by law, or with your express consent.

We will share aggregate data on the performance of the Website and the App with our parent company, the Commonwealth Bank of Australia Group, this may include subsidiaries located outside Australia.

9. Keeping your information safe

We take great care with the information we hold about you. Our aim is to ensure that details are securely protected from misuse, interference, and unauthorised access, modification or disclosure service. We take great care to make sure that we keep your information in an accurate, complete and up-to-date manner.

The Website and the App are professionally hosted and operate in a secure environment. The Website and the App use encryption techniques to enhance your privacy and security when using the Website and the App. You should however be aware that there is always an inherent risk in transmitting your personal information via the internet, including by email.

The period of time we keep your information will depend on the type of information we hold about you. Generally, your information will be retained while we have an ongoing relationship and for a period of time as required under specific legislation relating to the type of information held.

10. Accessing, updating and correcting your information

You can access the personal information we hold about you within the App.  If you are having trouble accessing the information you can also contact us and ask to access, update and correct your information. You can find information on how to contact us under the Contact Us section of this Privacy Policy.

We try to make your personal information available within 30 days after you ask us for it, but we will let you know if we need more time. Before we give you the information, we will need to confirm your identity. In some cases, we may refuse access or only give you access to certain information. If we do this, we’ll write to you explaining our decision.

It is important for us, and for you, that the information we hold is accurate and up to date. We allow you to edit your monitored emails in the App. If your information isn’t correct or needs updating, let us know straight away so we can assist you in updating your information.

11. Other important information

Changes to the privacy policy

Sometimes we update our Privacy Policy. Any modifications will be effective immediately upon posting the amended Privacy Policy on the Website or the App. We may contact you or notify you when you log into the Website or the App that there have been changes to our Privacy Policy. You can always find the most up-to-date version on the Website www.truyu.com.au

12. Making a privacy complaint

We try to get things right the first time – but if we don’t, we’ll do what we can to fix it.  If you are concerned about your privacy, you can make a complaint by emailing us at [email protected] and we’ll do our best to sort it out.

Once the complaint has been received, we’ll look into the issue and try to resolve it as soon as possible.  If we can’t we’ll write to you to let you know how we’ll manage the complaint.

If you’re not satisfied with how we manage your complaint or our decision after you have been through our internal complaints process, the Australian Financial Complaints Authority (AFCA) offers a free independent dispute resolution service for consumer and small business customers of financial service providers.

Australian Financial Complaints Authority (AFCA)

Website: www.afca.org.au

Email: [email protected]

Phone: 1800 931 678 (free call)

Postal Address: Australian Financial Complaints Authority, GPO Box 3, Melbourne, VIC, 3001

If your complaint is about how we handle your personal information, you can also contact the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au

Ph: 1300 363 992

Postal address: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW, 2001

13. Contact Us

Please contact us if you:

• Have a concern about the handling, use or disclosure of your personal information;

• Would like further information about the way we manage the personal information that we hold;

• Wish to access or update your personal information; or

• Have any other query or concern

You can contact us via email at [email protected]

Our registered business address is:

CBA New Digital Businesses Pty Ltd

Commonwealth Bank Place South

Level 1

11 Harbour Street

Sydney NSW 2000