HomeHow It WorksFeaturesWhy ARMFBlogFAQLoginRegister

Privacy Policy

Last updated: April 2026 · Applies to armf.com and the ARM Financial platform.

1. About this Policy

Arm Financial Services Pty Ltd (ABN 21 643 318 012), trading as ARM Financial ("ARMF", "we", "us"), respects your privacy. This Policy explains how we collect, use, share, and protect personal information when you visit armf.com, register for an ARMF account, or use our financial services.

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where you are in the EEA, the UK, or another jurisdiction with its own privacy law, we also comply with that law and you may have additional rights (see Section 8).

2. Who We Are

  • Legal entity: Arm Financial Services Pty Ltd (ABN 21 643 318 012)
  • Registered office: Melbourne, Victoria, Australia
  • Industry: Financial services
  • Founded: 2020

3. Information We Collect

We collect personal information in three ways:

  • On the marketing website: your email if you subscribe to the newsletter, and your name, email, and message if you use the contact form (we also record IP address and browser User-Agent to prevent spam and abuse).
  • When you register for an account: full name, date of birth, address, contact details, government ID, and a selfie or document images for identity verification (KYC), as required by the AML/CTF Act 2006 (Cth).
  • When you use the Services: transaction details, account activity, device and login data, communications with our support team, and cookies (see Section 7).

We may also receive information from identity-verification providers, sanctions and PEP screening providers, banking partners, and government agencies where required by law.

4. How We Use Your Information

  • To provide, operate, and improve the Services.
  • To verify your identity and meet our AML/CTF, sanctions, and tax obligations.
  • To process payments, FX conversions, and reconcile transactions with our banking partners.
  • To detect and prevent fraud, scams, and abuse of our platform.
  • To send transactional alerts, security notices, and (where you have opted in) marketing.
  • To comply with legal obligations and respond to lawful requests from authorities.

We do not sell your personal information and we do not disclose it to third parties for their own marketing.

5. Sharing with Service Providers and Authorities

We share limited information with parties who help us deliver the Services:

  • Cloud hosting and database providers.
  • Identity verification, sanctions and PEP screening, and fraud-prevention vendors.
  • Banking partners, card networks, and payment processors needed to settle your transactions.
  • Email, SMS, and customer-support tooling.
  • Analytics (Google Analytics 4 with IP anonymisation, only when you opt in).
  • Regulators and law-enforcement agencies (such as AUSTRAC, the ATO, ASIC, and the OAIC) where required by law.

All service providers are bound by confidentiality and data-protection obligations.

6. International Transfers

ARMF operates a cross-border payments platform. To deliver the Services we transfer personal information to, and process it in, countries including the United States, the United Kingdom, the European Union, Singapore, and the destination country of any payment you instruct. Where we send personal information overseas we use standard contractual clauses or equivalent safeguards required by applicable law.

7. Data Retention

  • KYC records, transaction records, and AML/CTF reports: at least 7 years, as required by the AML/CTF Act.
  • Account profile and communications: for the life of the account and 7 years after closure.
  • Newsletter subscriptions: until you unsubscribe.
  • Marketing-website contact form (including IP and User-Agent): up to 24 months.
  • Server logs and analytics: typically up to 14 months.

When we no longer need personal information and are not legally required to keep it, we securely delete or de-identify it.

8. Your Rights

You can request access to the personal information we hold about you, and ask us to correct it if it is inaccurate. If you are in the EEA, the UK, or another jurisdiction with its own privacy law, you may also have rights to delete, restrict, or object to processing, and to data portability. Some rights are limited where we are required by law (for example AML/CTF) to keep records.

To exercise a right, email privacy@armf.com. We will respond within 30 days.

9. Cookies

We use a small number of cookies and similar technologies. Strictly necessary storage (such as your theme preference and cookie choices) is always set. Analytics and marketing cookies are only set when you opt in. You can change your choices at any time on the Cookie Preferences page.

10. Security and Data Breach Notification

We use industry-standard measures to protect personal information, including TLS encryption in transit, encryption at rest, multi-factor authentication, role-based access controls, and regular security reviews. No system is ever 100% secure. If you suspect your account has been compromised, please email security@armf.com immediately.

In the event of an eligible data breach we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

11. Children

Our Services are not directed at, and we do not knowingly accept customers under, the age of 18. If you believe a minor has provided us with personal information, please email privacy@armf.com.

12. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top will reflect any changes, and where the change is significant we will give you additional notice (for example by email or in-app banner).

13. Contact, Privacy Officer & Complaints

We have a Privacy Officer responsible for this Policy. To contact them or lodge a complaint:

We will acknowledge complaints within 7 days and aim to resolve them within 30 days. If you are not satisfied with our response on a privacy matter, you may escalate to the Office of the Australian Information Commissioner (OAIC).